Infosec Officer Applications & Infrastructure

  • Full-Time
  • On-Site

Job Description:

About the Role

You will be part of the Infosecurity team, supporting the agency's efforts to strengthen the security posture of its application portfolio, enterprise IT infrastructure, and Operational Technology (OT)systems.
Working closely with application project managers, development teams, infrastructure teams, 
and OT system owners, you will help identify, track, and remediate security vulnerabilities across the agency's systems in both on-premises and cloud environments.

Key Responsibilities

Application Security- Review and support preparation of System Security Plans (SSPs) and ensure compliance.- Manage and track application vulnerabilities from tools such as GovTech VMS and Cloudscape.- Coordinate Vulnerability Assessments (VA), Penetration Tests (PT), and Source Code Reviews.- Advise and review security quality gates (SAST, DAST, third-party checks).- Facilitate Threat Modelling exercises and support Bug Bounty onboarding.- Manage third-party library and tool inventories.

Infrastructure Security- Configure and monitor security alerts for Azure Defender and Trend Micro Vision One.- Track infrastructure vulnerabilities and ensure patching within IM8 timelines.- Support hardening of GCC 2.0 cloud environment and remediate security gaps.- Configure EDR solutions and support log forwarding to GCSOC.- Implement Just-In-Time and Least Privilege access controls.- Assist with WAF rules, DDoS management, and subdomain/asset inventory.- Support IM8 audit readiness across infrastructure domains.

Operational Technology (OT) Security- Assess OT systems against IM8 and GovTech OT Security Playbook.- Identify gaps and develop remediation plans.- Track progress and escalate risks for unresolved gaps.

Requirements

Experience in application, infrastructure, or cloud security.- Knowledge of OWASP Top 10, penetration testing, and secure SDLC.- Hands-on experience with vulnerability management and system hardening.

- Familiarity with Azure, Trend Micro, endpoint security, and networking.- Experience with CI/CD security tools is advantageous.- Exposure to OT security is beneficial.- Strong stakeholder management skills.- Knowledge of IM8 policies and GCC 2.0 required.

What We Offer

- Work on impactful government digital platforms.- Continuous learning and professional development opportunities.- Collaborative, mission-driven environment.- Flexible work arrangements where applicable