Lead Cybersecurity Specialist (Offensive Security)

Responsibilities

• Security Testing
• Governance & Standardisation
• Establish Standards: Define and maintain the -wide framework
• for security testing (Vulnerability Assessment and Penetration Testing - VAPT).
• SOP Development: Create and roll out Standard Operating
• Procedures (SOPs) to guide project teams on engaging external security vendors
• and managing internal testing cycles.
• Quality Assurance: Develop "Quality Rubrics" to
• help agencies evaluate the performance of pen-testers. You will conduct
• periodic sampling of testing reports and project involvements to ensure quality
• and rigour across the Company.
• Advanced Technical Operations
• Red Teaming & Critical Testing: Lead and execute complex
• Red Teaming exercises and deep-dive penetration tests on the 's high-impact
• systems.
• Adversary Simulation: Utilise knowledge of the latest
• Adversary Tactics, Techniques, and Procedures (TTPs) to simulate real-world
• attacks, helping agencies identify blind spots in their prevention, detection
• and response capabilities.
• Environmental Scanning: Proactively monitor the global threat
• landscape to identify emerging threats and evolving actor TTPs. Assess how
• these changes impact the 's current security posture and update testing
• standards accordingly.
• Secure-by-Design & Source Code Excellence
• Secure Coding Standards: Establish -wide secure coding
• guidelines (e.g., based on OWASP, SANS) to ensure developers build security
• into the application layer from day one.
• Source Code Analysis: Lead the strategy for Static
• Application Security Testing (SAST) and Software Composition Analysis (SCA).
• You will evaluate tools that automate the detection of vulnerabilities in
• source code and third-party libraries.
• CI/CD Integration: Evaluate, recommend, and provide guidance
• on integrating security tools into the agencies' DevOps pipelines (DevSecOps).
• Code Quality Oversight: Review and recommend systems that
• help to boost code quality, ensuring that security is treated as a core
• component of "clean code."
• Technology Foresight: Stay abreast of technology changes
• (e.g., Cloud-native security, AI-driven development) and recommend
• systems/technologies that enhance code quality and resilience.
• Stakeholder Engagement & Advocacy
• Consultative Leadership: Act as a trusted advisor to CIOs,
• ACISOs, and Project Owners to educate them and inculcate a culture of
• secure-by-design.
• Community of Practice: Establish a platform for knowledge
• sharing among security practitioners within the Family to harmonise security
• testing efforts.

Requirements

• Years of Experience: 8 to 10 years of deep technical
• experience in Cybersecurity, with a strong focus on offensive security and
• application security.
• Domain Expertise: Proven track record in conducting
• penetration tests for Web Applications, IT Systems (on-premises and cloud
• environments), and complex Network architectures.
• Code Review Mastery: Experience in performing manual and
• automated source code reviews to identify logic flaws, injection
• vulnerabilities, and cryptographic weaknesses.
• Technical Skills
• Secure Development: Deep understanding of secure software
• development lifecycles (SSDLC) and the ability to read/analyze common
• programming languages (e.g., Java, Python, .NET, JavaScript).
• Source Code Analysis Tools: Proficiency with enterprise-grade
• SAST, DAST, SCA and VAPT tools (e.g., Checkmarx, Fortify, SonarQube, Snyk, Burp
• Suite).
• Offensive Security: Proficiency in manual and automated
• testing tools; deep understanding of the MITRE ATT&CK framework and common
• TTPs.
• Cloud & DevOps: Experience with Government Commercial
• Cloud (GCC) environments and practical knowledge of Jenkins, GitLab CI, or
• GitHub Actions.
• Certifications: Professional certifications such as OSCP,
• OSWE (Offensive Security Web Expert), CASE (Certified Application Security
• Engineer), or GWEB are highly desirable.
• Soft Skills
• Influence & Diplomacy: Ability to communicate complex
• technical risks to non-technical stakeholders (CIOs/Project Owners) and
• influence change without direct reporting lines.
• Analytical Mindset: Ability to spot patterns in
• "bad" testing jobs or recurring code vulnerabilities and provide
• constructive feedback to improve Company-level performanc

Additional Information

Our Client is an established company in Singapore, who is seeking to recruit a Lead Cybersecurity Specialist (Offensive Security). Lead Cybersecurity Specialist (Offensive Security) As the Cybersecurity Specialist (Offensive Security) within the CISO Office, you will be the domain expert responsible for elevating the security testing and "Secure-by-Design" capabilities across the entire Family. You will bridge the gap between high-level governance and technical implementation, ensuring that all agencies under the 's purview adopt consistent, high-quality security practices. Your role is pivotal in shifting from a reactive security posture to a proactive, resilient one. Key

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at JJ CONSULTING SERVICES? Share your experience