Principal / Lead Software Engineer (Cybersecurity Specialist) - TradeNet CII

About the role

About GovTech The Government Technology Agency (GovTech) transforms the delivery of Government digital services by taking an "outside-in" view, putting citizens and businesses at the heart of everything we do. We build the Smart Nation infrastructure and the platforms the public sector runs on, and we partner agencies to engineer trustworthy, resilient digital services at national scale. What is this role? TradeNet is Singapore's national single-window trade platform and a legislated Critical Information Infrastructure (CII). Its availability and integrity underpin national trade continuity; disruption is an economic event, not a system outage. We are seeking a Principal / Lead level Software Engineer (Cybersecurity Specialist) to be the technical design authority for the modernised TradeNet CII rebuild, focusing on architecture security and resilience . This is an architect-and-build mandate, not an assurance or operations role. As a first-line engineering role, you will Design and embed security and resilience controls into the platform starting from the architecture and down to the implementation details. Decide what is inherited from the GovTech security tech stack versus built and owned by the product team. Design the defensive terrain jointly with the Singapore Customs Agency CISO (ACISO) so that the agency can defensibly discharge its CII regulatory accountability to Cyber Security Agency (CSA). You will be measured on the delivery of TradeNet CII that is secure and resilient by design and construction - not on the volume of findings triaged or evidence produced after the fact. Impact and outcomes You will be successful when: TradeNet's security architecture is conformant with CSA CCoP v2 and WOG IM8 by design , not by downstream remediation, and the conformance basis is clearly documented and defensible to CSA. The Customs ACISO can stand behind a coherent, evidenced security and resilience architecture for the CII without reconstructing it from operational artefacts. The platform has an engineered national trade-continuity posture - recoverability, degraded-mode operation, and containment of blast radius are designed properties, not aspirations. The boundary between controls inherited from the GovTech security tech stack and controls owned by the TradeNet product is explicit, maintained, and used to scope CII audit and attestation. Security control intent is expressed as code and continuously monitored, reducing reliance on point-in-time attestation. There is a strong culture of security in the organization through your leadership, mentorship and coaching. What you will be working on Secure and resilient architecture (core mandate) Own the reference security architecture for the TradeNet CII: trust boundaries, identity architecture, segmentation and trust-zone strategy, east-west controls, encryption and key management, and blast-radius containment for the CII boundary. Embed secure-by-design controls by working inside product and engineering teams through the delivery lifecycle - at design, solutioning and implementation time, not as post-build validation. Maintain a living threat model per system and trust boundary, referenced to MITRE ATT&CK and to relevant adversary classes (including supply-chain and nation-state), and use it to drive architecture and segmentation decisions - not merely to prioritise remediation. Resilience and national trade continuity Engineer the platform's recoverability and graceful degradation : degraded-mode operation, recovery objectives appropriate to a national single-window, and containment design that preserves trade continuity under attack. Map and treat dependency and concentration risk across the TradeNet ecosystem (traders, brokers, ports, and partner agencies), including third-party and supply-chain integration risk. Design for, and participate in, CSA-mandated cyber resilience exercising for the CII, feeding findings back into the architecture. Defensive terrain (with the Customs ACISO) Partner the Customs ACISO as the technical design authority enabling the agency to discharge CII accountability to CSA: design the Customs digital terrain and CII boundary with multi-layered defence , and translate regulatory obligation into architecture rather than into compliance tasks. Co-develop the defensible architecture and resilience narrative the ACISO relies on for CSA engagement, audits, and CII regulatory submissions. Platform leverage and control inheritance Determine and document what the CII inherits from the GovTech security tech stack (e.g. GCC, central SOC/monitoring, ShipHats pipeline guardrails, IM8 baseline controls) versus what the TradeNet product team must build and own. Maintain the shared-responsibility delineation as an architectural artefact that also scopes CII audit boundaries, so inherited controls are not re-attested. Continuous assurance and secure delivery Express security control intent as code : pipeline gua

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at GovTech? Share your experience