Assistant Lead Engineer - Red Team (Risk & Control Assurance)

Company description:

Synapxe is the national HealthTech agency inspiring tomorrow's health. The nexus of HealthTech, we connect people and systems to power a healthier Singapore.

Together with partners, we create intelligent technological solutions to improve the health of millions of people every day, everywhere. Reimagine the future of health together with us at www.synapxe.sg

Job description:

• Plan and conduct adversarial attack simulation exercises and other security testing to test and validate the effectiveness of public healthcare's cyber defence and response plan against prevalent cyber threats.
• Lead security testing engagements and assist other team members in carrying out adversarial attack simulation exercises and security testing engagements.
• Conduct purple teaming exercises in collaboration with blue teams such as SOC, IR, infra, and other security teams.
• Conduct security testing on new products that could be used in public healthcare.
• Keep up-to-date with the latest TTPs used by APT actors.
• Research, modify, and test exploits for preparation of adversarial attack simulation exercises and other security testing.
• Review the risk of technical reports conducted by the team or third parties to determine severity of findings and recommend mitigating controls.
• Document all research and testing results and conduct regular knowledge sharing sessions with the team.
• Manage and expand the attack infrastructure and testing environment.

• At least a Bachelor's degree in cybersecurity, IT, computer science, engineering, or equivalent.
• 5 or more years of cybersecurity experience, including at least 4 years in penetration testing and/or adversarial attack simulation exercises.
• Experience in setting and managing attack and testing infrastructure in both cloud and on-premises environments.
• Experience in developing and modifying exploit codes or testing tools, with good knowledge of programming and scripting languages such as C/C++, C#, Java, Python. Reverse engineering experience is advantageous.
• Experience in security solution architecting and implementing AI in adversarial attack simulation exercises or security testing is advantageous.
• Strong interpersonal skills with the ability to communicate with internal and external stakeholders, including explaining technical concepts to non-technical audiences.
• Ability to work independently with minimal supervision and as a good team player.
• Possess a 'can-do' attitude and 'think out of the box' mindset.
• Familiarity with the cyber kill chain methodology, MITRE ATT&CK Framework, NIST Cybersecurity Framework (CSF), etc.
• Relevant professional cybersecurity certifications such as OSCP, SANS GIAC, CISSP, etc., are advantageous.

Apply now. Note: It only takes a few minutes to apply for a meaningful career in HealthTech - GO FOR IT!

#LI-SYNX13

The Synapxe Red Teaming simulates real-world cyber attacks and conducts advanced security testing to strengthen our public healthcare cybersecurity posture.

As a member of Synapxe Red Teaming, you will carry out adversarial attack simulation exercises (red and purple teaming) and proactive offensive security testing on IT assets in public healthcare, simulating TTPs used by real-world APT actors.

You will research new TTPs of APT actors and develop new attack methods, including developing and modifying exploits for red and purple teaming exercises and other security testing engagements.