Itso

Responsibilities

• Application Security
• You will review and support the preparation of System Security Plans (SSPs) for applications, working with project managers to address deviations and ensure compliance.
• You will manage and track application vulnerability findings from tools such as the GovTech Vulnerability Management System (VMS) and Cloudscape, following up with application teams to ensure timely remediation within IM8 deadlines.
• You will coordinate and review results from Vulnerability Assessments (VA), Penetration Tests (PT), and Source Code Reviews, maintaining an up-to-date picture of outstanding issues across the application portfolio.
• You will advise on the configuration needed for the security quality gates in SHIP/HATS such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and third-party dependency checks. You will review results from these tests and do the necessary follow-up.
• You will support the management of third-party library and tool inventories, working with project managers to address obsolescence and vulnerability risks.
• Infrastructure Security
• You will work with the Infra team to configure security alerts for Defender in Azure Cloud and Trendmicro Vision One.
• You will review the implementation of Just-In-Time and Least Privileged Access controls for infrastructure administrator accounts, including work with CyberArk.
• You will assist in configuring and testing Web Application Firewall (WAF) rules and rate limiting controls, and coordinate with the CDN vendor to document and test DDoS management procedures.
• You will support subdomain housekeeping efforts and asset identification exercises to ensure full visibility of the agency's attack surface.
• You will assist in preparing for and responding to central IM8 audits, including readiness reviews across areas such as vulnerability management, incident response, and infrastructure hardening.
• Operational Technology (OT)Security

Requirements

• Experience in application security,infrastructure or cloud security, secure software development, or a relatedfield.
• Familiarity with common vulnerability classes(e.g. OWASP Top 10), penetration testing concepts, and secure SDLC practices isexpected. Hands-on knowledge of vulnerability management, system hardening, andsecurity monitoring is required.
• Familiarity with Azure cloud environments,Trend Micro Vision O

Additional Information

InfosecOfficer (Applications & Infrastructure) You will be part of theInfosecurity team, supporting the agency's efforts to strengthen the securityposture of its application portfolio, enterprise IT infrastructure, andOperational Technology (OT) systems. Working closely with application projectmanagers, development teams, infrastructure teams, and OT system owners, youwill help identify, track, and remediate security vulnerabilities across theagency's systems in both on-premises and cloud environments.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at SEDHA CONSULTING PTE. LTD.? Share your experience