Lead Cybersecurity Consultant (Cybersecurity Certification Centre)

To provide technical leadership and capability development across national cybersecurity certification and labelling schemes (NITES, Common Criteria, Cybersecurity Labelling Scheme), while mentoring the team in advanced penetration testing methodologies, conducting critical technical assessments on emerging technologies, and serving as the Lead Technical Assessor for Enterprise Singapore's ISO/IEC 17025 Accreditation Programme to strengthen Singapore's Testing Inspection and Certification (TIC) Cyber ecosystem and maintain international standards of technical competency across approved testing laboratories.

• Technical Capability Development - Develop and implement technical competency frameworks defining security evaluation standards across diverse product categories including enterprise systems, consumer IoT devices, and medical equipment - Provide technical mentorship and build team’s expertise in advanced testing methodologies and security assessment approaches for specialised domains including cryptographic implementations, network security solutions, IoT ecosystems, and medical device cybersecurity - Drive research and development initiatives to identify real-world technical gaps, create innovative attack techniques and methodologies, set research directions, and collaborate with academia to ensure research outcomes are translatable into practical applications - Build solutions for in-house use including tools for processing applications, AI-enabled testing tools, and automation systems to enhance evaluation efficiency and capabilities - Conduct cutting-edge research into advanced attack vectors and techniques suitable for high-assurance security evaluations
• Advanced Security Testing and Evaluation - Provide technical leadership for complex evaluation projects across schemes - Conduct advanced penetration testing and vulnerability assessments - Apply newly developed attack techniques to complex evaluation projects - Provide Approved Testing Laboratories with technical guidance on complex evaluations - Validate the effectiveness of security controls against state-of-the-art attacks - Develop custom testing approaches for novel product categories and emerging technologies, including conducting rapid technical assessments for emerging payment systems, fintech solutions, and digital services (such as Palm Pay and similar technologies)
• Emerging Technology Assessment and Scheme Development - Conduct technical assessments of emerging technologies for cybersecurity implications - Research and analyse security requirements for new product categories/emerging technologies (such as AI/ML, quantum computing, 5G/6G, autonomous systems) - Translate technical findings into practical scheme requirements - Provide technical input for international standards development and mutual recognition arrangements - Lead Singapore's initiative to harmonise cybersecurity requirements for Common Criteria evaluators and certifiers internationally - Develop partnerships with academic institutions and industry for cybersecurity research - Survey technological landscape and provide recommendations on key opportunities for new schemes

• Minium 10 – 15 years in the field of cybersecurity with at least 10 years in security evaluation, penetration testing, or product security assessment
• Bachelor’s degree in Engineering, Computer Science, Information Systems, Mathematics, or relevant technical discipline
• Strong background in offensive security research, advanced penetration testing techniques, and security assessments of emerging technologies and novel systems
• Experience in conducting security assessments based on state-of-the-art security attack techniques
• Deep technical expertise in vulnerability analysis and penetration testing with proven ability to develop custom attack techniques, improvise published attacks, and conduct security assessments based on state-of-the-art security attack techniques
• Experience in developing custom tools, automation frameworks, or technical solutions for operational use
• Product security assessment or security evaluation experience (Common Criteria, or similar certification schemes preferred but not required)
• Good mentoring and knowledge transfer abilities
• Strong communication skills for technical and non-technical audiences
• Ability to work under pressure
• Creative problem-solving and ability to think outside conventional approaches
• Team player with strong collaborative skills who is also able to work independently and take initiative on complex technical projects
• Applicant with Certified Ethical Hacker (CEH), Licensed Penetration Tester Master (LPT) Certification, Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN) Certification, GIAC Exploit Researcher and Advanced Penetration Tester (GXPN) Certification, CompTIA PenTest+ etc would be a plus
• If you share our passion to make a difference in the cybersecurity ecosystem, take up the challenge and apply now. All applicants will be notified on whether they are shortlisted or not within 4 weeks of the closing date of this job posting. For any issues with the application, you may drop your resume with us at csa_recruit@csa.gov.sg.

About the Cyber Security Agency of Singapore Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cyber security awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg