Cybersecurity Specialist

Company description:

Changi Airport Group (CAG) is the manager of Singapore Changi Airport, a leading air hub in Asia and one of the world's most awarded airports. As airport manager, CAG performs the key functions of airport operations, air hub development, retail and commercial activities, infrastructure development and airport emergency services. CAG also manages Seletar Airport, and through its subsidiary, Changi Airports International, it takes Changi's presence beyond Singapore's shores through consultancy projects and investments in foreign airports. Come join us today

Job description:

Do you want to help secure the airport systems, applications and infrastructure? Are you keen on cybersecurity technology and learning about new cyber threats? If yes, then you may be a good fit for a job as a Cybersecurity Specialist

About the Role:

Your role is essential for defending Changi's airport systems, infrastructure and digital assets from cyberattacks and data breaches. You will have various responsibilities, such as:

1. Finding and reducing vulnerabilities: To assess the cybersecurity aspects of the design proposals for different systems, applications and infrastructure. You will also source, manage and oversee the external service providers who will conduct annual vulnerability assessment and penetration testing to find and report any possible weaknesses that could be attacked by hackers and suggest potential remediation actions.
2. Applying security controls: Based on industrial best practices, security standards and guidelines (e.g. OWASP Top 10, NIST, CIS), recommend and apply suitable security measures for compliance and to address vulnerabilities shared by security threat intel, etc. Contribute to the development and maintenance of security policies, procedures, configurations and standards aligned with ISO 27001, suitable for implementation by project teams and contractors. Join in internal audits and reviews to ensure the efficiency of the ISMS or security controls.
3. Secure Development Practices: Integrate OWASP Top 10 recommendations throughout the software development lifecycle (SDLC), focusing on secure coding practices and secure design principles. Work with developers to identify and fix security vulnerabilities in applications.
4. Incident response and recovery: Help to review logs to detect malicious activity and data breach. You will be in charge of coordinating with contractors, security vendors and internal CAG teams to devise the strategy to isolate an incident, threat, identify the root cause, and implement mitigation or recovery procedures.
5. Keeping up with changing threats: The cybersecurity landscape is always evolving, so you will need to keep abreast of the latest threats, vulnerabilities, mitigation techniques, and new technologies. This may involve attending training courses, reading industry publications, and participating in conferences.
6. Working with others: You will work closely with security professionals, and governance team to educate colleagues on security best practices and raising awareness of potential threats.

Qualifications:

• Good degree in Information Systems/Technology, Computer Engineering, Computer Science, Information and Communications Technology (ICT) or related field.
• Preferably candidates with CISSP, CISA, CISM, CompTIA Security+ or equivalent professional certifications.
• Preferably candidates with a solid knowledge of cybersecurity principles and best practices, and ideally have at least 5 years of relevant work experience managing contractors and designing cybersecurity solutions to meet guidelines and standards.
• Experience in preparing tender specifications for vulnerability assessment, penetration testing, and creating SOPs for security incident response.
• Proficiency in security tools, logs extraction methods and technologies.
• Has a curious mind to proactively detect potential cyber threats and develop measures to address them.
• Excellent analytical and problem-solving skills.
• Strong communication and collaboration skills.
• Ability to work independently and as part of a team.

We invite you to apply if you are an enthusiastic and security-aware individual with a passion for cybersecurity