Information Technology - Cyber Security Analyst

Job Description

You will be a member of the Group Information Security Team responsible for ensuring that IT solutions are developed and designed with security inbuilt.

Key Responsibilities

1. Provide security consultancy, technical guidance, expertise, solutions, and education for the enterprise.
2. Advise IT application and infrastructure teams on application and infrastructure security design that is relevant and fit for purpose.
3. Align security architecture frameworks and standards with business strategies and functions. Maintain Cyber risk management framework and perform assessment of applications for emerging areas like cloud security, machine learning etc.
4. Advise and review application security design to detect potential security issues and for each issue, propose and drive remediation tasks. Develop application security blueprints. Propose and/or develop training courses to advance developers’ security knowledge.
5. Advise and review security by design concepts in Cloud platforms such as GCP, AWS or Azure Cloud.
6. Advise and review the compliance of integrating security tools and processes into the DevOps pipelines.
7. Advise and review the adherence to security requirements for low code platforms.
8. Perform threat modeling on security-critical applications. Keep up to date on emerging security threats and vulnerabilities on new platforms adopted by the SIA Group. Define scope and review the results of security tests, reviews, and audits to ensure security assurance is achieved.
9. Manage individual project priorities, deadlines, and deliverables. Any relevant ad-hoc duties.
10. Review RFP proposal compliance with security requirements.
11. This is an individual contributor role. Strong communication skills are required.

Requirements

1. Degree in IT or related fields, with at least 7 years in information security, especially in the application security space.
2. Professional security certifications (CISSP, CSSLP, CEH, CCSP, etc.) preferred.
3. Technical proficiency in one or more of the following security areas: network design, zero trust, Internet of Things, cryptography, etc.
4. Strong in-depth working knowledge of secure application development techniques. Secure by Design. Secure source code review. Prior experience with any of the following tools: Static Application Security Testing (SAST), Dynamic Application Security (DAST), and Software Composition Analysis (SCA).
5. Strong understanding of Agile, DevSecOps, OWASP Top 10, and securing cloud platforms, such as AWS and GCP. Familiar with common web/mobile application vulnerabilities and technical knowledge to address and mitigate vulnerabilities.
6. Knowledge of cyber security threats, vulnerabilities, hacking, and exploit methods, etc. Any prior vulnerability management experience is preferred.
7. Strong understanding of technologies such as WAF, Anti Bot Protection.
8. Prior experience in application development and knowledge of the DevOps platform is desired.
9. Strong oral, written, presentation and interpersonal skills.
10. Possess a positive attitude with drive, initiative, enthusiasm, and a keen sense of urgency in resolving high-priority issues.
11. Able to work independently and in a team-oriented, collaborative environment.

We thank all candidates for your interest in Singapore Airlines, and regret that only shortlisted candidates will be notified.