437 Security Analysts jobs in Singapore

MINDEF

Permanent

Closing on 21 Sep 2025

What the role is

You will play a pivotal role in safeguarding Singapore's defence and security interests by conducting comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications.

What you will be working on

• Conduct comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications
• Develop tailored security assessment tools and scripts to enhance testing capabilities and address evolving threat vectors
• Document findings, conduct analysis, and prepare detailed technical reports, including executive summaries for various stakeholders
• Collaborate with security engineers, developers, and other stakeholders to provide actionable guidance on remediating identified security risks and vulnerabilities
• Provide expertise in the design and implementation of security controls across applications, infrastructure, and network systems
• Develop and deliver specialised training and awareness programs to elevate the cybersecurity capabilities of the SAF personnel, with opportunities for growth in leadership and knowledge-sharing in the military cybersecurity context
• Maintain up-to-date knowledge of emerging threats, security best practices, and industry-standard frameworks
  Challenge(s)
• Maintaining consistent quality under time pressure
• Quickly learning and troubleshooting various tools and platforms

What we are looking for

• Education in Information Security, Computer Science, IT or a related field
• Industry-recognised certifications such as CREST CRT, GPEN, or OSCP
• At least 1 year of hands-on experience in conducting PT and VA, with a strong preference for experience in military or government-focused penetration testing
• Experience conducting security assessments on application infrastructure, networks, and cloud-based systems
• Strong understanding of web application, infrastructure, and network security architecture
• Excellent communication and presentation skills, with a focus on conveying complex security findings to both technical and non-technical stakeholders
• Ability to work independently and collaboratively within cross-functional teams
• Highly analytical, self-driven, and committed to continuous learning and skill enhancement
• Proficiency in scripting languages, such as Python, PowerShell, JavaScript, VBScript, Ruby, or Perl
• Track record of identifying and disclosing vulnerabilities or recognition in Capture-The-Flag (CTF) competitions
• Proficiency with tools such as BurpSuite, Metasploit, Nexpose, Nessus, and other industry-standard penetration testing and vulnerability assessment tools
  Appointment will be commensurate with your experience.
  Only shortlisted candidates will be notified.

About MINDEF

The mission of MINDEF and the Singapore Armed Forces is to enhance Singapore's peace and security through deterrence and diplomacy, and should these fail, to secure a swift and decisive victory over the aggressor.
The Defence Executive Officer (DXO) scheme is the non-uniformed career scheme of MINDEF that offers myriad opportunities in various job functions, such as corporate communications, cyber security, data analytics and visualisation, defence policy, finance, HR, psychology, and more. Embodying the same level of commitment towards defence, DXOs work together with their military counterparts to contribute to MINDEF/SAF's mission and ensure Singapore's security and stability. United by this common cause, our lines of defence complement each other to secure the prosperity and progress of our nation.

About your application process

This job is closing on 21 Sep 2025.

If you do not hear from us within 4 weeks of the job ad closing date, we seek your understanding that it is likely that we are not moving forward with your application for this role. We thank you for your interest and would like to assure you that this does not affect your other job applications with the Public Service. We encourage you to explore and for other roles within MINDEF or the wider Public Service.

MINDEF

Permanent

Closing on 21 Sep 2025

What the role is

You will play a pivotal role in safeguarding Singapore's defence and security interests by conducting comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications.

What you will be working on

• Conduct comprehensive Penetration Testing (PT), Vulnerability Assessments (VA), and Source Code Security Reviews on IT assets, including infrastructure, web applications, and military applications
• Develop tailored security assessment tools and scripts to enhance testing capabilities and address evolving threat vectors
• Document findings, conduct analysis, and prepare detailed technical reports, including executive summaries for various stakeholders
• Collaborate with security engineers, developers, and other stakeholders to provide actionable guidance on remediating identified security risks and vulnerabilities
• Provide expertise in the design and implementation of security controls across applications, infrastructure, and network systems
• Develop and deliver specialised training and awareness programs to elevate the cybersecurity capabilities of the SAF personnel, with opportunities for growth in leadership and knowledge-sharing in the military cybersecurity context
• Maintain up-to-date knowledge of emerging threats, security best practices, and industry-standard frameworks
  Challenge(s)
• Maintaining consistent quality under time pressure
• Quickly learning and troubleshooting various tools and platforms

What we are looking for

• Education in Information Security, Computer Science, IT or a related field
• Industry-recognised certifications such as CREST CRT, GPEN, or OSCP
• At least 1 year of hands-on experience in conducting PT and VA, with a strong preference for experience in military or government-focused penetration testing
• Experience conducting security assessments on application infrastructure, networks, and cloud-based systems
• Strong understanding of web application, infrastructure, and network security architecture
• Excellent communication and presentation skills, with a focus on conveying complex security findings to both technical and non-technical stakeholders
• Ability to work independently and collaboratively within cross-functional teams
• Highly analytical, self-driven, and committed to continuous learning and skill enhancement
• Proficiency in scripting languages, such as Python, PowerShell, JavaScript, VBScript, Ruby, or Perl
• Track record of identifying and disclosing vulnerabilities or recognition in Capture-The-Flag (CTF) competitions
• Proficiency with tools such as BurpSuite, Metasploit, Nexpose, Nessus, and other industry-standard penetration testing and vulnerability assessment tools
  Appointment will be commensurate with your experience.
  Only shortlisted candidates will be notified.

About MINDEF

The mission of MINDEF and the Singapore Armed Forces is to enhance Singapore's peace and security through deterrence and diplomacy, and should these fail, to secure a swift and decisive victory over the aggressor.
The Defence Executive Officer (DXO) scheme is the non-uniformed career scheme of MINDEF that offers myriad opportunities in various job functions, such as corporate communications, cyber security, data analytics and visualisation, defence policy, finance, HR, psychology, and more. Embodying the same level of commitment towards defence, DXOs work together with their military counterparts to contribute to MINDEF/SAF's mission and ensure Singapore's security and stability. United by this common cause, our lines of defence complement each other to secure the prosperity and progress of our nation.

About your application process

This job is closing on 21 Sep 2025.

If you do not hear from us within 4 weeks of the job ad closing date, we seek your understanding that it is likely that we are not moving forward with your application for this role. We thank you for your interest and would like to assure you that this does not affect your other job applications with the Public Service. We encourage you to explore and for other roles within MINDEF or the wider Public Service.

Deliver top-notch analysis with speed and precision to unearth the intricacies of Android applications.

• Conduct in-depth analysis of Android apps to grasp their codebase, architecture, and functionality.
• Apply reverse engineering techniques to extract valuable information from Android apps.
• Identify potential threats and risks associated with user and device security, data leakage, and malicious code execution within Android apps.
• Conduct thorough security assessments of Android applications to pinpoint vulnerabilities.
• Stay abreast of the latest malware trends and provide actionable insights on threat intelligence.
• Collaborate with security researchers, developers, and stakeholders to share findings, offer recommendations, and contribute to the development of secure software.

Essential:

• Hands-on experience with analyzing or reverse engineering code, preferably for malicious applications.
• Ability to read, comprehend, and analyze source code.
• Experience with Java or Kotlin programming languages.
• Exposure to JavaScript, Flutter, and/or other mobile software languages.
• Proficiency in query languages such as SQL.
• Preferred:
• Reverse engineering tools like Jadx, Ghidra, Frida, IDA Pro, Burp for binary and APK analysis.
• ELF (Native Binaries) reverse engineering expertise.

• Android software development experience or reverse engineering background.
• Familiarity with Google Ads or content moderation.
• Participation in a Capture the Flag (CTF) for Mobile software.
• Pentesting, Blue Team, and/or Red Team experience.

• 1-3 years of experience in one or more of the following: Android Development, Reverse Engineering, Pentesting, Application Security Assessments.
• Preferably 1-3 years of hands-on Android App Development/Reverse Engineering experience.

Key Responsibilities

Develop, implement, and manage the organization's information security strategy, policies, and procedures.

Lead the design and enforcement of security controls to protect systems, networks, and data from cyber threats.

Manage a team of security professionals, providing technical guidance, mentoring, and performance management.

Oversee risk assessments, vulnerability management, penetration testing, and incident response.

Ensure compliance with regulatory requirements, industry standards, and frameworks (e.g., ISO 27001, NIST, GDPR, PCI-DSS, HIPAA).

Collaborate with IT, DevOps, and business teams to embed security into application development and infrastructure design.

Manage security operations center (SOC) activities, including monitoring, threat detection, and escalation.

Define, track, and report security KPIs and risk metrics to senior leadership.

Evaluate, select, and implement security tools and technologies to strengthen organizational defenses.

Lead security awareness and training programs to promote a strong security culture.

Required Technical Skills (Tough Skills)

Cybersecurity & Risk Management: Strong knowledge of threat modeling, risk assessment methodologies, incident response frameworks, and business continuity planning.

Security Technologies: Hands-on expertise with firewalls, IDS/IPS, SIEM (Splunk, QRadar, ELK), EDR/XDR, DLP, IAM, PAM solutions, WAF, and CASB.

Cloud Security: Proficiency in securing workloads on AWS, Azure, and GCP, including IAM, KMS, Cloud Security Posture Management (CSPM).

Application & Network Security: Experience in secure SDLC, DevSecOps practices, vulnerability management, penetration testing tools (Burp Suite, Metasploit, Nessus, Qualys).

Cryptography & Data Protection: Understanding of PKI, SSL/TLS, encryption protocols, key management, tokenization, and data masking.

Governance, Risk & Compliance (GRC): Familiarity with ISO 27001, SOC 2, NIST CSF, COBIT, GDPR, HIPAA, PCI-DSS frameworks.

Incident Response & Forensics: Ability to manage SIEM alerts, digital forensics, malware analysis, and lead response teams during breaches.

Scripting & Automation: Knowledge of Python, PowerShell, or Bash for automating security operations and log analysis.

Good to Have

Security certifications such as CISSP, CISM, CISA, CEH, OSCP, CCSP, ISO 27001 Lead Implementer/Auditor.

Experience in Zero Trust Architecture and container security (Docker, Kubernetes).

Knowledge of threat intelligence platforms and SOC automation (SOAR)

Key Responsibilities
Develop, implement, and manage the organization's information security strategy, policies, and procedures.
Lead the design and enforcement of security controls to protect systems, networks, and data from cyber threats.
Manage a team of security professionals, providing technical guidance, mentoring, and performance management.
Oversee risk assessments, vulnerability management, penetration testing, and incident response.
Ensure compliance with regulatory requirements, industry standards, and frameworks (e.g., ISO 27001, NIST, GDPR, PCI-DSS, HIPAA).
Collaborate with IT, DevOps, and business teams to embed security into application development and infrastructure design.
Manage security operations center (SOC) activities, including monitoring, threat detection, and escalation.
Define, track, and report security KPIs and risk metrics to senior leadership.
Evaluate, select, and implement security tools and technologies to strengthen organizational defenses.
Lead security awareness and training programs to promote a strong security culture.
Required Technical Skills (Tough Skills)
Cybersecurity & Risk Management: Strong knowledge of threat modeling, risk assessment methodologies, incident response frameworks, and business continuity planning.
Security Technologies: Hands-on expertise with firewalls, IDS/IPS, SIEM (Splunk, QRadar, ELK), EDR/XDR, DLP, IAM, PAM solutions, WAF, and CASB.
Cloud Security: Proficiency in securing workloads on AWS, Azure, and GCP, including IAM, KMS, Cloud Security Posture Management (CSPM).
Application & Network Security: Experience in secure SDLC, DevSecOps practices, vulnerability management, penetration testing tools (Burp Suite, Metasploit, Nessus, Qualys).
Cryptography & Data Protection: Understanding of PKI, SSL/TLS, encryption protocols, key management, tokenization, and data masking.
Governance, Risk & Compliance (GRC): Familiarity with ISO 27001, SOC 2, NIST CSF, COBIT, GDPR, HIPAA, PCI-DSS frameworks.
Incident Response & Forensics: Ability to manage SIEM alerts, digital forensics, malware analysis, and lead response teams during breaches.
Scripting & Automation: Knowledge of Python, PowerShell, or Bash for automating security operations and log analysis.
Good to Have
Security certifications such as CISSP, CISM, CISA, CEH, OSCP, CCSP, ISO 27001 Lead Implementer/Auditor.
Experience in Zero Trust Architecture and container security (Docker, Kubernetes).
Knowledge of threat intelligence platforms and SOC automation (SOAR)

Key Responsibilities

Develop, implement, and manage the organization’s information security strategy, policies, and procedures.

Lead the design and enforcement of security controls to protect systems, networks, and data from cyber threats.

Manage a team of security professionals, providing technical guidance, mentoring, and performance management.

Oversee risk assessments, vulnerability management, penetration testing, and incident response.

Ensure compliance with regulatory requirements, industry standards, and frameworks (e.g., ISO 27001, NIST, GDPR, PCI-DSS, HIPAA).

Collaborate with IT, DevOps, and business teams to embed security into application development and infrastructure design.

Manage security operations center (SOC) activities, including monitoring, threat detection, and escalation.

Define, track, and report security KPIs and risk metrics to senior leadership.

Evaluate, select, and implement security tools and technologies to strengthen organizational defenses.

Lead security awareness and training programs to promote a strong security culture.

Required Technical Skills (Tough Skills)

Cybersecurity & Risk Management: Strong knowledge of threat modeling, risk assessment methodologies, incident response frameworks, and business continuity planning.

Security Technologies: Hands-on expertise with firewalls, IDS/IPS, SIEM (Splunk, QRadar, ELK), EDR/XDR, DLP, IAM, PAM solutions, WAF, and CASB.

Cloud Security: Proficiency in securing workloads on AWS, Azure, and GCP, including IAM, KMS, Cloud Security Posture Management (CSPM).

Application & Network Security: Experience in secure SDLC, DevSecOps practices, vulnerability management, penetration testing tools (Burp Suite, Metasploit, Nessus, Qualys).

Cryptography & Data Protection: Understanding of PKI, SSL/TLS, encryption protocols, key management, tokenization, and data masking.

Governance, Risk & Compliance (GRC): Familiarity with ISO 27001, SOC 2, NIST CSF, COBIT, GDPR, HIPAA, PCI-DSS frameworks.

Incident Response & Forensics: Ability to manage SIEM alerts, digital forensics, malware analysis, and lead response teams during breaches.

Scripting & Automation: Knowledge of Python, PowerShell, or Bash for automating security operations and log analysis.

Good to Have

Security certifications such as CISSP, CISM, CISA, CEH, OSCP, CCSP, ISO 27001 Lead Implementer/Auditor.

Experience in Zero Trust Architecture and container security (Docker, Kubernetes).

Knowledge of threat intelligence platforms and SOC automation (SOAR)

Key Responsibilities

Develop, implement, and manage the organization’s information security strategy, policies, and procedures.

Lead the design and enforcement of security controls to protect systems, networks, and data from cyber threats.

Manage a team of security professionals, providing technical guidance, mentoring, and performance management.

Oversee risk assessments, vulnerability management, penetration testing, and incident response.

Ensure compliance with regulatory requirements, industry standards, and frameworks (e.g., ISO 27001, NIST, GDPR, PCI-DSS, HIPAA).

Collaborate with IT, DevOps, and business teams to embed security into application development and infrastructure design.

Manage security operations center (SOC) activities, including monitoring, threat detection, and escalation.

Define, track, and report security KPIs and risk metrics to senior leadership.

Evaluate, select, and implement security tools and technologies to strengthen organizational defenses.

Lead security awareness and training programs to promote a strong security culture.

Required Technical Skills (Tough Skills)

Cybersecurity & Risk Management: Strong knowledge of threat modeling, risk assessment methodologies, incident response frameworks, and business continuity planning.

Security Technologies: Hands-on expertise with firewalls, IDS/IPS, SIEM (Splunk, QRadar, ELK), EDR/XDR, DLP, IAM, PAM solutions, WAF, and CASB.

Cloud Security: Proficiency in securing workloads on AWS, Azure, and GCP, including IAM, KMS, Cloud Security Posture Management (CSPM).

Application & Network Security: Experience in secure SDLC, DevSecOps practices, vulnerability management, penetration testing tools (Burp Suite, Metasploit, Nessus, Qualys).

Cryptography & Data Protection: Understanding of PKI, SSL/TLS, encryption protocols, key management, tokenization, and data masking.

Governance, Risk & Compliance (GRC): Familiarity with ISO 27001, SOC 2, NIST CSF, COBIT, GDPR, HIPAA, PCI-DSS frameworks.

Incident Response & Forensics: Ability to manage SIEM alerts, digital forensics, malware analysis, and lead response teams during breaches.

Scripting & Automation: Knowledge of Python, PowerShell, or Bash for automating security operations and log analysis.

Good to Have

Security certifications such as CISSP, CISM, CISA, CEH, OSCP, CCSP, ISO 27001 Lead Implementer/Auditor.

Experience in Zero Trust Architecture and container security (Docker, Kubernetes).

Knowledge of threat intelligence platforms and SOC automation (SOAR)

Job Objectives

The Security Governance Specialist role will support the Head of Security Governance in enhancing and maintaining the Security Governance within the Group Information Security(GIS) function in the Bank.

Key Responsibilities

This position will support senior Security Governance team members and work closely with various business, risk and technology stakeholders to:

• Proactively assess the compliance exposure to current and emerging security-related regulatory requirements and plan & track remediation efforts.

• Manage reverse third-party due diligence engagements related to GIS.

• Manage audit, assurance and regulatory engagements related to GIS including ongoing knowledge management on queries and request for information.

• Track and report against the technology KORI(Key Operational Risk Indicators)/KRIs and required security metrics.

• Execution of the GIS KRCSA (Key Risk and Control Self Assessments).

• Management policy, procedures and standards updates and control.

• Manage various GIS initiatives and duties as assigned.

Key Requirements

• Communicate effectively with a variety of internal and external teams and stakeholders.

• Capable of managing a variety of priorities and deliverables with minimal guidance or supervision.

• Ability to respond to any requests and issues on a timely basis.

Education

• Diploma/Degree in engineering/Computer Science / IT/Cyber Security from a recognized education institution.

• Professional Technology Risk Management/Cybersecurity related qualification will be favorable although not mandatory.

• Knowledge of industry best practices.

Technical Skills

• Overall experience 5+ years of experience.

• 2+ years of relevant experience in Security/IT governance disciplines.

• Have a strong security risk and analytical mindset in approaching situations and interactions with stakeholders.

• Effective negotiating skills and demonstrated sensitivity to working and interacting with stakeholders.

• Good knowledge of Security concepts and practices.

• Good knowledge of Security related guidelines and advisories from regulators.

• Good with numbers for use in metrics.

Soft Skills

• Good written and verbal communication skills and expertise in setting and managing stakeholder expectations.

• Process aware mindset.

• Strong analytical and problem-solving skills.

• Effective time management and organizational skills.

• Strong team player.

• Able to work independently with minimal supervision.

• High degree of attention to detail and discipline on tracking and managing the closure of identified gaps and issues.

• Willing to learn quickly.