186 Security Analysis jobs in Singapore

**Job Summary**

We are seeking a highly skilled and experienced Penetration Tester to join our team. The successful candidate will play a critical role in evaluating our organization's cybersecurity posture by simulating real-world attacks and identifying vulnerabilities across systems, applications, and networks.

**Key Responsibilities:**

• Conduct comprehensive penetration tests on applications, databases, systems, and networks to identify security vulnerabilities and prepare detailed reports.
• Propose measures to ensure identified vulnerabilities are addressed.
• Work closely with IT, risk, and compliance teams to track remediation efforts and verify closure.
• SIMulate cyber attacks to evaluate defensive measures and improve security posture.

**Requirements:**

• Minimum 5 years of hands-on penetration testing experience for web applications, mobile applications, APIs, network, databases, and load testing.
• Experience conducting secure code reviews.
• Degree in Computer Science, Computer Engineering, or Information Security, or equivalent.
• Working knowledge of all aspects of information security is essential.
• Familiarity with systems and operational architecture of large internet companies or online business models.
• Good communication (spoken and written) skills, able to work independently and as a team.
• Certifications from GIAC/Offensive Security/CREST required.
• Hands-on experience in Kali Linux, Burp, and other advanced penetration testing and secure code review tools.

**Preferred Qualifications:**

• Basic Mandarin skills for simple verbal and written communication with Chinese partners.

**Job Summary**

We are seeking a highly skilled and experienced Penetration Tester to join our team. The successful candidate will play a critical role in evaluating our organization's cybersecurity posture by simulating real-world attacks and identifying vulnerabilities across systems, applications, and networks.

**Key Responsibilities:**

• Conduct comprehensive penetration tests on applications, databases, systems, and networks to identify security vulnerabilities and prepare detailed reports.
• Propose measures to ensure identified vulnerabilities are addressed.
• Work closely with IT, risk, and compliance teams to track remediation efforts and verify closure.
• SIMulate cyber attacks to evaluate defensive measures and improve security posture.

**Requirements:**

• Minimum 5 years of hands-on penetration testing experience for web applications, mobile applications, APIs, network, databases, and load testing.
• Experience conducting secure code reviews.
• Degree in Computer Science, Computer Engineering, or Information Security, or equivalent.
• Working knowledge of all aspects of information security is essential.
• Familiarity with systems and operational architecture of large internet companies or online business models.
• Good communication (spoken and written) skills, able to work independently and as a team.
• Certifications from GIAC/Offensive Security/CREST required.
• Hands-on experience in Kali Linux, Burp, and other advanced penetration testing and secure code review tools.

**Preferred Qualifications:**

• Basic Mandarin skills for simple verbal and written communication with Chinese partners.

MINDEF

Permanent

Closing on 21 Sep 2025

What the role is

You will play a pivotal role in safeguarding Singapore's defence and security interests by conducting comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications.

What you will be working on

• Conduct comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications
• Develop tailored security assessment tools and scripts to enhance testing capabilities and address evolving threat vectors
• Document findings, conduct analysis, and prepare detailed technical reports, including executive summaries for various stakeholders
• Collaborate with security engineers, developers, and other stakeholders to provide actionable guidance on remediating identified security risks and vulnerabilities
• Provide expertise in the design and implementation of security controls across applications, infrastructure, and network systems
• Develop and deliver specialised training and awareness programs to elevate the cybersecurity capabilities of the SAF personnel, with opportunities for growth in leadership and knowledge-sharing in the military cybersecurity context
• Maintain up-to-date knowledge of emerging threats, security best practices, and industry-standard frameworks
  Challenge(s)
• Maintaining consistent quality under time pressure
• Quickly learning and troubleshooting various tools and platforms

What we are looking for

• Education in Information Security, Computer Science, IT or a related field
• Industry-recognised certifications such as CREST CRT, GPEN, or OSCP
• At least 1 year of hands-on experience in conducting PT and VA, with a strong preference for experience in military or government-focused penetration testing
• Experience conducting security assessments on application infrastructure, networks, and cloud-based systems
• Strong understanding of web application, infrastructure, and network security architecture
• Excellent communication and presentation skills, with a focus on conveying complex security findings to both technical and non-technical stakeholders
• Ability to work independently and collaboratively within cross-functional teams
• Highly analytical, self-driven, and committed to continuous learning and skill enhancement
• Proficiency in scripting languages, such as Python, PowerShell, JavaScript, VBScript, Ruby, or Perl
• Track record of identifying and disclosing vulnerabilities or recognition in Capture-The-Flag (CTF) competitions
• Proficiency with tools such as BurpSuite, Metasploit, Nexpose, Nessus, and other industry-standard penetration testing and vulnerability assessment tools
  Appointment will be commensurate with your experience.
  Only shortlisted candidates will be notified.

About MINDEF

The mission of MINDEF and the Singapore Armed Forces is to enhance Singapore's peace and security through deterrence and diplomacy, and should these fail, to secure a swift and decisive victory over the aggressor.
The Defence Executive Officer (DXO) scheme is the non-uniformed career scheme of MINDEF that offers myriad opportunities in various job functions, such as corporate communications, cyber security, data analytics and visualisation, defence policy, finance, HR, psychology, and more. Embodying the same level of commitment towards defence, DXOs work together with their military counterparts to contribute to MINDEF/SAF's mission and ensure Singapore's security and stability. United by this common cause, our lines of defence complement each other to secure the prosperity and progress of our nation.

About your application process

This job is closing on 21 Sep 2025.

If you do not hear from us within 4 weeks of the job ad closing date, we seek your understanding that it is likely that we are not moving forward with your application for this role. We thank you for your interest and would like to assure you that this does not affect your other job applications with the Public Service. We encourage you to explore and for other roles within MINDEF or the wider Public Service.

Deliver top-notch analysis with speed and precision to unearth the intricacies of Android applications.

• Conduct in-depth analysis of Android apps to grasp their codebase, architecture, and functionality.
• Apply reverse engineering techniques to extract valuable information from Android apps.
• Identify potential threats and risks associated with user and device security, data leakage, and malicious code execution within Android apps.
• Conduct thorough security assessments of Android applications to pinpoint vulnerabilities.
• Stay abreast of the latest malware trends and provide actionable insights on threat intelligence.
• Collaborate with security researchers, developers, and stakeholders to share findings, offer recommendations, and contribute to the development of secure software.

Essential:

• Hands-on experience with analyzing or reverse engineering code, preferably for malicious applications.
• Ability to read, comprehend, and analyze source code.
• Experience with Java or Kotlin programming languages.
• Exposure to JavaScript, Flutter, and/or other mobile software languages.
• Proficiency in query languages such as SQL.
• Preferred:
• Reverse engineering tools like Jadx, Ghidra, Frida, IDA Pro, Burp for binary and APK analysis.
• ELF (Native Binaries) reverse engineering expertise.

• Android software development experience or reverse engineering background.
• Familiarity with Google Ads or content moderation.
• Participation in a Capture the Flag (CTF) for Mobile software.
• Pentesting, Blue Team, and/or Red Team experience.

• 1-3 years of experience in one or more of the following: Android Development, Reverse Engineering, Pentesting, Application Security Assessments.
• Preferably 1-3 years of hands-on Android App Development/Reverse Engineering experience.

As a Cyber Threat (SOC) Analyst, you are required to use data collected from a variety of cyber defense tools such as intrusion detection system alerts, firewall and network traffic logs, and host system logs to analyse events that occur within the Company's environment.  You are also required to perform 24x7 monitoring on both internal and external sources to maintain current threat condition and determine which security issues may have an impact on the Company and provide accurate evaluation of the incident for escalation.

Responsibilities:

• Responsible for round-the-clock surveillance of the Company's information assets using various cyber defense tools to monitor internal and external sources.
• Provide timely detection, identification and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities.
• Use cyber defense tools for continuous monitoring and analysis of system activities to identify malicious activity.
• Analyze and respond to threats, software, and hardware vulnerabilities.
• Develop scripts, fine-tuning SIEM rules and solutions to automate the triage and analysis process.
• Provide incident response (IR) support when required.
• Produce actionable cyber threat intel from various threat intelligence sources, both open and commercial sources.
• Actively hunt for indicators of compromise (IOCs) and threat actor groups and tactics, techniques, and procedures (TTPs) in the environment.

Requirements:

• Degree or Diploma in Computer Science, Computer Engineering, or Information Security related fields.
• At least 2 years of experience working in a Security Operation Centre (SOC) or Computer Emergency Response Team (CERT/CIRT).
• Strong ability to interpret the information collected by network tools (e.g., ping, traceroute, nslookup).
• Security certifications (e.g. GSEC, GCIH, GCIA, GCTI, GCFA, GCFE, GNFA) and scripting capabilities (i.e. Python, Bash or PowerShell) are a plus.
• Working experience with OWASP Top 10, CVSS, MITRE ATT&CK framework, Cyber Kill Chain and DevSecOps strongly preferred.
• Good knowledge of different types of network communication (e.g., Local Area Network, Wide Area Network, Metropolitan Area Network, Wireless Wide Area Network, Wireless local Area Network).
• Good knowledge of incident response and handling methodologies.
• Able to work 12-hours shift but shift patterns may change according to business needs.

• Maintain and administer security toolsets (such as IAM, DAM, and Key Management), ensuring the tools are functioning according to the security management plan.
• Respond and perform triaging of security alerts generated from the security toolsets in a timely manner according to SLA.
• Perform security scanning and testing by using the Vulnerability Assessment tools.
• Reporting and tracking vulnerabilities and risks, and ensuring timely patching is completed to comply with the stipulated resolution time.
• Assess the applicability of newly published security vulnerabilities to components used within the environment, track and report the status until they are closed.
• Co-develop process documents and participate in initiatives to fine-tune and streamline security operations.
• Skills:
• 1-3 years hands-on experience of using common security tools like IAM (eg.IBM ISAM), DAM (eg. IBM Guardium) and Vulnerability Assessment tool (eg. Tenable Nessus)
• Security certifications and AWS Cloud certified is preferable but not a must.
• Proficient in security control principles including SOD.
• Good attitude and passionate with discovery of security gaps and actively participate in problem-solving process.

A Cybersecurity Analyst works in a team to monitor and protect an organisation from security breaches and vulnerabilities.

The scope includes the following:

• Maintain and administer security toolsets (such as IAM, DAM, and Key Management), ensuring the tools are functioning according to the security management plan.
• Respond and perform triaging of security alerts generated from the security toolsets in a timely manner according to SLA.
• Perform security scanning and testing by using the Vulnerability Assessment tools.
• Reporting and tracking vulnerabilities and risks, and ensuring timely patching is completed to comply with the stipulated resolution time.
• Assess the applicability of newly published security vulnerabilities to components used within the environment, track and report the status until they are closed.
• Co-develop process documents and participate in initiatives to fine-tune and streamline security operations.
• Skills:
• 1-3 years hands-on experience of using common security tools like IAM (eg.IBM ISAM), DAM (eg. IBM Guardium) and Vulnerability Assessment tool (eg. Tenable Nessus)
• Security certifications and AWS Cloud certified is preferable but not a must.
• Proficient in security control principles including SOD.
• Good attitude and passionate with discovery of security gaps and actively participate in problem-solving process.

A Cybersecurity Analyst works in a team to monitor and protect an organisation from security breaches and vulnerabilities.

The scope includes the following:

• Maintain and administer security toolsets (such as IAM, DAM, and Key Management), ensuring the tools are functioning according to the security management plan.
• Respond and perform triaging of security alerts generated from the security toolsets in a timely manner according to SLA.
• Perform security scanning and testing by using the Vulnerability Assessment tools.
• Reporting and tracking vulnerabilities and risks, and ensuring timely patching is completed to comply with the stipulated resolution time.
• Assess the applicability of newly published security vulnerabilities to components used within the environment, track and report the status until they are closed.
• Co-develop process documents and participate in initiatives to fine-tune and streamline security operations.
• Skills:
• 1-3 years hands-on experience of using common security tools like IAM (eg.IBM ISAM), DAM (eg. IBM Guardium) and Vulnerability Assessment tool (eg. Tenable Nessus)
• Security certifications and AWS Cloud certified is preferable but not a must.
• Proficient in security control principles including SOD.
• Good attitude and passionate with discovery of security gaps and actively participate in problem-solving process.

Responsibilities:

Cyber Incident and Forensic Investigation

• Lead and conduct thorough cyber incident investigations, ensuring proper analysis of threats and breaches.
• Perform forensic analysis to understand the scope of security incidents and assist in data recovery, evidence preservation, and reporting

SOC Incident Monitoring and Investigation

• Oversee Level 2/3 SOC operations to ensure the timely identification and resolution of security threats.
• Coordinate and lead incident response efforts across various security systems, managing escalations effectively.

Vulnerability Assessment and Penetration Testing (VA/PT)

• Conduct vulnerability assessments and penetration testing on networks, systems, and applications.
• Provide actionable recommendations for remediation of identified vulnerabilities and ensure security measures are implemented.

Endpoint Security Management

• Implement and manage endpoint security solutions including anti-malware, encryption, and troubleshooting of endpoint devices.
• Ensure that all endpoints are secured in compliance with company security policies.

Ethical Hacking and Security Testing

• Perform hands-on ethical hacking, including penetration testing and vulnerability assessments, to assess and enhance organizational security posture.

Qualifications:

• Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), or equivalent certifications.
• CISSP (Certified Information Systems Security Professional) or equivalent certification is highly preferred.
• 5+ years of experience in cybersecurity, with hands-on experience in incident response, digital forensics, and security engineering.
• Demonstrated experience in managing security operations within a Level 2/3 SOC environment.
• Proven experience in vulnerability assessments, penetration testing, and remediation strategies.
• Expertise in endpoint security tools and anti-malware solutions.
• Strong experience in ethical hacking and penetration testing practices.
• Deep understanding of common attack vectors and security tools (e.g., SIEM, IDS/IPS, endpoint protection).
• Strong knowledge of encryption protocols and endpoint protection strategies.
• Familiarity with network security principles, firewalls, VPNs, and intrusion detection systems.
• Ability to clearly explain complex security issues and incident findings to non-technical stakeholders.