202 Security Best Practices jobs in Singapore

Internship

Summary

Provide better appreciation and experiential learning in Cybersecurity defence in terms of concepts, architecture, technologies, tools, and operations.

Job Description

Responsibilities:

Application Security

• Research web and mobile application security best practices

• Research into the latest IAM technologies and propose enhancements to existing SIA infrastructure

• Assist in tracking and resolving penetration test and threat modelling findings

• Perform internal security testing using Burp Suite and Kali Linux, etc.

Security Compliance

• Work closely with various IT teams to identify, assess and manage information security risks

• Assist to coordinate with application and various IT teams on various compliance controls.

• Perform proactive threat analysis from network traffic, user and security logs, and other relevant security data to hunt for potential adversary activity.

MAS Technology Risk Management Guidelines

-Assist to collect and compile security related statistics, assess the information and prepare management reports.

• Assist in conducting regular phishing campaigns and compile the results for analysis.

Risk Management

• Assess and enforce the security controls of IT projects

Projects

• Assist in the Cyber and Information Security project requirement gathering, procurement and implementations.

• Assist the project manager and liaise with vendor

• Provide internal support during the implementation

Requirements:

• Pursuing a degree with specialization in Information Security

• Interest in cyber security

• Good trouble-shooting and analytical skills

• Independent and resourceful

• Good interpersonal skills

Summary
Provide better appreciation and experiential learning in Cybersecurity defence in terms of concepts, architecture, technologies, tools, and operations.

Job Description
Responsibilities:
Application Security

• Research web and mobile application security best practices
• Research into the latest IAM technologies and propose enhancements to existing SIA infrastructure
• Assist in tracking and resolving penetration test and threat modelling findings
• Perform internal security testing using Burp Suite and Kali Linux, etc.

Security Compliance

• Work closely with various IT teams to identify, assess and manage information security risks
• Assist to coordinate with application and various IT teams on various compliance controls.
• Perform proactive threat analysis from network traffic, user and security logs, and other relevant security data to hunt for potential adversary activity.

MAS Technology Risk Management Guidelines

• Assist to collect and compile security related statistics, assess the information and prepare management reports.
• Assist in conducting regular phishing campaigns and compile the results for analysis.

Risk Management

• Assess and enforce the security controls of IT projects

Projects

• Assist in the Cyber and Information Security project requirement gathering, procurement and implementations.
• Assist the project manager and liaise with vendor
• Provide internal support during the implementation

Requirements

• Pursuing a degree with specialization in Information Security
• Interest in cyber security
• Good trouble-shooting and analytical skills
• Independent and resourceful
• Good interpersonal skills

Overview

Primary Objectives of Position

Manage security operation to ensure the safe use of IT systems and assets as well as protect against cybersecurity threats.

Manage various stages of projects in conception and initiation, planning, execution, performance/ monitoring, and project closure.

• Establish, implement and maintain a sustainable information security framework that effectively addresses evolving and diverse cybersecurity threats.
• Perform risk assessments on Information, Operational and Assistive Technologies for vulnerabilities and implement security controls to reduce identified risks to an acceptable level.
• Monitor security alerts/ logs from IT systems, network and applications against baselines and gather publicly available information to identify precursors or indicators of cybersecurity attacks.
• Contain and eradicate cybersecurity incident effectively to prevent recurrence and restore systems and recover normal operations as quickly as possible.
• Hold lessons learned meetings to help improve security measures and incident handling process.
• Publish security advisories, conduct security workshops and share lessons learned to improve users’ awareness regarding cybersecurity matters.
• Perform information security audits to determine security violations and inefficiencies and recommend effective security controls.
• Oversee information security investigations with internal team, funders and local authorities and/ or 3rd party providers.
• Participate in various meetings and share compliance/ performance reports and audit findings to Management teams.
• Undertake information security related projects.

The above activities are no means exhaustive and are subjected to amendment whenever is needed

• Degree in Information systems or equivalent

• 2 or more years’ experiences in setting up and managing information security operations.

• Familiar with ISO27001 ISMS, NIST and/ or CIS frameworks.
• Experiences in incident handling and understanding in digital forensic investigation, tools and processes.
• Experiences in security protections, practices or solutions like Firewall, IDS/ IPS, DLP, WAF, NAC, WiFi security, encryption, patch management, etc.
• CISA, CISM, CISSP and/ or PMP certifications will be an advantage.
• Knowledgeable in Microsoft Office and other Windows and web applications.

• Meticulous and hands on.
• Excellent communication and written skills.
• Strong analytical and problem-solving skills.
• Team player with excellent interpersonal skills and multi-tasker.
• Customer-centric and proactive

Overview

Primary Objectives of Position

Manage security operation to ensure the safe use of IT systems and assets as well as protect against cybersecurity threats.

Manage various stages of projects in conception and initiation, planning, execution, performance/ monitoring, and project closure.

• Establish, implement and maintain a sustainable information security framework that effectively addresses evolving and diverse cybersecurity threats.
• Perform risk assessments on Information, Operational and Assistive Technologies for vulnerabilities and implement security controls to reduce identified risks to an acceptable level.
• Monitor security alerts/ logs from IT systems, network and applications against baselines and gather publicly available information to identify precursors or indicators of cybersecurity attacks.
• Contain and eradicate cybersecurity incident effectively to prevent recurrence and restore systems and recover normal operations as quickly as possible.
• Hold lessons learned meetings to help improve security measures and incident handling process.
• Publish security advisories, conduct security workshops and share lessons learned to improve users’ awareness regarding cybersecurity matters.
• Perform information security audits to determine security violations and inefficiencies and recommend effective security controls.
• Oversee information security investigations with internal team, funders and local authorities and/ or 3rd party providers.
• Participate in various meetings and share compliance/ performance reports and audit findings to Management teams.
• Undertake information security related projects.

The above activities are no means exhaustive and are subjected to amendment whenever is needed

• Degree in Information systems or equivalent

• 2 or more years’ experiences in setting up and managing information security operations.

• Familiar with ISO27001 ISMS, NIST and/ or CIS frameworks.
• Experiences in incident handling and understanding in digital forensic investigation, tools and processes.
• Experiences in security protections, practices or solutions like Firewall, IDS/ IPS, DLP, WAF, NAC, WiFi security, encryption, patch management, etc.
• CISA, CISM, CISSP and/ or PMP certifications will be an advantage.
• Knowledgeable in Microsoft Office and other Windows and web applications.

• Meticulous and hands on.
• Excellent communication and written skills.
• Strong analytical and problem-solving skills.
• Team player with excellent interpersonal skills and multi-tasker.
• Customer-centric and proactive

Job Nature

The Information Security Auditor will be responsible for assessing, monitoring, and ensuring the organization’s compliance with international security standards (ISO 27001), cybersecurity frameworks, and data protection regulations. The role involves planning and conducting internal/external audits, identifying risks and vulnerabilities, and recommending corrective actions. The auditor will work closely with IT, compliance, and business teams to strengthen the organization’s security posture and support certification/recertification processes.

• Audit & Compliance - Plan, conduct, and report on internal information security audits aligned with ISO 27001 and other frameworks. Support external audits and certification processes by liaising with auditors and regulatory bodies. Ensure compliance with data protection laws (e.g., GDPR, PDPA where applicable).
• Risk & Controls Assessment - Evaluate existing security controls, policies, and procedures for effectiveness. Identify risks, vulnerabilities, and gaps in cybersecurity and data protection practices. Recommend improvements and track corrective/preventive actions (CAPA).
• Documentation & Reporting - Develop and maintain audit checklists, reports, and compliance documentation. Provide management with clear audit findings and risk assessments. Maintain evidence logs for ISO 27001 controls and compliance purposes.
• Stakeholder Engagement - Collaborate with IT, HR, Legal, and Business units to ensure alignment with security policies. Conduct awareness sessions to promote compliance culture. Advise leadership on security risks, trends, and mitigation strategies.
• Continuous Improvement - Monitor changes in international standards and regulatory requirements. Drive continuous improvement of Information Security Management Systems (ISMS). Benchmark practices against industry best standards (e.g., NIST, CIS Controls).

Education & Certifications

• Diploma or Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related field.
• ISO/IEC 27001 Lead Auditor / Lead Implementer certification (preferred).
• Additional certifications are an advantage: CISA, CISM, CISSP, GDPR Practitioner, CEH.

Experience

• 3–7 years of experience in information security, IT audit, or compliance. Personnel with no expereince are welcome to apply.
• Proven track record in conducting ISO 27001 audits (internal or external will be an advantage).
• Experience with data protection regulations (PDPA, GDPR etc.)
• Hands-on knowledge of cybersecurity practices, risk assessment, and incident response.

Skills

• Strong understanding of ISMS principles, risk management, and compliance frameworks.
• Ability to analyze technical controls (network, cloud, applications) from a compliance perspective.
• Excellent report writing and presentation skills.
• Strong communication, stakeholder management, and problem-solving skills.
• Ability to work independently and manage multiple audits/projects simultaneously.

KEY RESPONSIBILITIES

• Carry out the end-to-end security management for enterprise of application security, host security, data security, network security, including but not limited to security policy management and system maintenance.

• Responsible for the Governance, Risk and Compliance technical implementation of personal information protection requirements.

• Project management, plan and coordinate security tools implementation throughout the overseas region. Providing periodic reporting of progress and issues.

• Conduct and perform periodic security awareness training and phishing campaigns.

• Responsible for the break-down and implementation of the development work in the baseline specification and technical architecture.

• Provide day-to-day IT support to all employees, including troubleshooting hardware, software, network, and system issues.

• Manage and maintain IT infrastructure, including servers, network devices, computers, printers, and security systems.

KEY REQUIREMENTS

The ideal candidates we are looking for should be seasoned Information Security Professionals with:

• Bachelor’s degree or above in Computer Science.

• At least 3 years working experience in network or information security related fields.

• Familiar with ISO27001, ITIL related technical standards and control measures.

• Familiar with common information security products and technical principles, e.g. system and network security, DLP, antivirus, encryption, SIEM, Zero Trust etc.

• Security certification such as CISSP, CISA, CCNP, CCIE is preferred.

Join to apply for the Information Security Engineer role at Manpower Singapore

2 days ago Be among the first 25 applicants

Join to apply for the Information Security Engineer role at Manpower Singapore

Information Security Engineer, Vulnerability Management and Operation

We are seeking an exceptional Security Engineer to support our vulnerability management program. This is a technical, operation-oriented, and hands-on role in a dynamic and fast-paced environment.

You'll work with various applications and systems to manage vulnerabilities, follow up with different teams, drive remediation, and improve current processes.

• You will join a team that stays up to date on emerging security vulnerabilities and threats, maintains composure in crises, and advocates for improving product and service security.
• You need a good technical background and a strong interest in network, system, and web security.
• The role requires excellent communication skills to collaborate effectively with diverse teams. Responsibilities include:
• Working cross-functionally to identify and assess vulnerabilities, guiding teams through the remediation lifecycle with a focus on timely resolution and outcome-driven communication.
• Using programming to analyze large data dumps related to systems and applications to extract key information for vulnerability impact analysis.

• BSc in Computer Science, Information Technology, Information Security, or related field
• At least 3 years of experience in information security or related field
• Self-starter with flexibility to work remotely and support a global team
• Ability to manage multiple activities concurrently
• Passionate about data security
• Experience with vulnerability scanning tools like Tenable, Qualys, etc.
• Familiarity with common security vulnerabilities and their severity assessment
• Ability to analyze vulnerabilities and provide remediation guidance
• Independent in supporting and driving vulnerability remediation
• Continuous improvement mindset and automation skills
• Ability to run proof of concept for known vulnerabilities
• Understanding of IPv4 and IPv6 networks
• Proficiency in programming languages such as Python, Go, Rust, or Bash scripting
• Excellent critical thinking skills
• Problem-solving skills related to logic and algorithms
• Experience with SQL and Linux
• Experience with penetration testing
• Knowledge of the security research community

Note: Your response to this advertisement and communications will constitute informed consent for the collection, use, and disclosure of personal data by ManpowerGroup Singapore, in accordance with the Personal Data Protection Act 2012. For more information, visit ManpowerGroup's Privacy Policy .

• Develop, implement, and manage the organization's information security strategy, policies, and procedures .
• Lead the design and enforcement of security controls to protect systems, networks, and data from cyber threats.
• Manage a team of security professionals, providing technical guidance, mentoring, and performance management .
• Oversee risk assessments, vulnerability management, penetration testing, and incident response .
• Ensure compliance with regulatory requirements, industry standards, and frameworks (e.g., ISO 27001, NIST, GDPR, PCI-DSS, HIPAA).
• Collaborate with IT, DevOps, and business teams to embed security into application development and infrastructure design .
• Manage security operations center (SOC) activities , including monitoring, threat detection, and escalation.
• Define, track, and report security KPIs and risk metrics to senior leadership.
• Evaluate, select, and implement security tools and technologies to strengthen organizational defenses.
• Lead security awareness and training programs to promote a strong security culture .

• Cybersecurity & Risk Management : Strong knowledge of threat modeling, risk assessment methodologies, incident response frameworks , and business continuity planning .
• Security Technologies : Hands-on expertise with firewalls, IDS/IPS, SIEM (Splunk, QRadar, ELK), EDR/XDR, DLP, IAM, PAM solutions, WAF, and CASB .
• Cloud Security : Proficiency in securing workloads on AWS, Azure, and GCP , including IAM, KMS, Cloud Security Posture Management (CSPM) .
• Application & Network Security : Experience in secure SDLC, DevSecOps practices, vulnerability management, penetration testing tools (Burp Suite, Metasploit, Nessus, Qualys) .
• Cryptography & Data Protection : Understanding of PKI, SSL/TLS, encryption protocols, key management, tokenization, and data masking .
• Governance, Risk & Compliance (GRC) : Familiarity with ISO 27001, SOC 2, NIST CSF, COBIT, GDPR, HIPAA, PCI-DSS frameworks.
• Incident Response & Forensics : Ability to manage SIEM alerts, digital forensics, malware analysis , and lead response teams during breaches.
• Scripting & Automation : Knowledge of Python, PowerShell, or Bash for automating security operations and log analysis.

• Security certifications such as CISSP, CISM, CISA, CEH, OSCP, CCSP, ISO 27001 Lead Implementer/Auditor .
• Experience in Zero Trust Architecture and container security (Docker, Kubernetes) .
• Knowledge of threat intelligence platforms and SOC automation (SOAR) .