IT Security Officer (ITSO) - Application Security - A26190

Activate Interactive Pte Ltd (“Activate”) is a leading technology consultancy headquartered in Singapore with a presence in Malaysia and Indonesia. Our clients are empowered with quality, cost-effective, and impactful end-to-end application development, like mobile and web applications, and cloud technology that remove technology roadblocks and increase their business efficiency.

We believe in positively impacting the lives of people around us and the environment we live in through the use of technology. Hence, we are committed to providing a conducive environment for all employees to realize their full potential, who in turn have the opportunity to continuously drive innovation.

We are searching for our next team members to join our growing team.

If you love the idea of being part of a growing company with exciting prospects in mobile and web technologies that create positive impact on people’s lives, then we would love to hear from you.

This is a 12 months fixed term contract role.

What will you do?

• Develop and maintain IT security policies and action plans, reviewing them at least annually or as required by the Customer.
• Evaluate and recommend IT security products and solutions for implementation within the Customer's IT infrastructure.
• Implement and manage risk assessment methodologies, ensuring compliance with relevant service management requirements and industry standards.
• Develop and implement security management frameworks and governance structures as specified by the Customer.
• Establish and manage IT Security Incident Management processes, including detection, response, and handling of security incidents according to Customer guidelines.
• Collaborate with external partners and suppliers to resolve IT security incidents effectively.
• Participate in and contribute to industry-wide IT security incident response simulations and technical assessment exercises.
• Conduct forensic investigations when required, including secure disk image acquisition and analysis within specified timeframes.
• Monitor, analyze, and report on emerging security threats, vulnerabilities, and solutions relevant to the Customer's IT infrastructure.
• Conduct regular meetings with key stakeholders to highlight security issues and propose improvements to the Customer's IT infrastructure.
• Liaise and coordinate with external suppliers, security organizations, and the Government on IT security matters related to the Customer's infrastructure.
• Perform additional activities as necessary to secure the Customer's IT infrastructure.
• Review and follow up on security reports generated from central security tools, providing timely updates to the Customer.
• Manage the inventory of IT assets to be monitored by central security tools, ensuring compliance and proper onboarding of servers, networks, and databases.

• At least 4 years combined work experience in software development, application security and cloud computing (e.g. AWS)
• Familiar with mobile and web application programming interfaces (API) architecture (e.g. REST, SOAP, SSL/TLS)
• Experience in threat modelling and able to establish threat profiles for application projects to identify, quantify and remediate application security risks
• Strong knowledge of security best practices such as OWASP Top 10, OWASP application security verification standard
• Familiar with Agile Development process, CI/CD, DevOps concepts, tools (Gitlab, Github, Ansible etc) and how automated security testing can be incorporated into CI/CI pipelines
• Experience on using SAST code scanning tools such as Fortify-on-Demand, Sonarqube, etc
• Track and address security vulnerabilities with timely remediation and patching processes.
• Conduct security awareness training sessions
• Good verbal/written communications, collaboration skills and experience interacting with various stakeholders
• Strong analytical, problem-solving and troubleshooting skills, ability to work independently
• Relevant certifications preferred (e.g. CISSP, OSCP, AWS security, AWS DevOps Engineer or equivalent etc.)
• Experience in working with Government Commercial Cloud (GCC) preferred

What do we offer in return?

• Fun working environment
• Employee Wellness Program
• To work in Singapore Government Agencies projects
• We provide structured development framework and growth opportunities. (We are a “SHRI 2025 Gold winner” in “Learning & Development; Coaching & Mentoring”)

Why you'll love working with us?

If you are looking for opportunities to collaborate with leading industry experts and be surrounded by highly motivated and talented peers, we welcome you to join us. We provide all employees with equal opportunities to grow and develop with us. We believe your success is our success.

Does it sound like something you are interested in exploring further? Please be in touch with our team for an initial chat at careers@activate.sg

Activate Interactive Singapore is an equal opportunity employer. Employment decisions will be based on merit, qualifications and abilities. Activate Interactive Pte Ltd does not discriminate in employment opportunities or practices on the basis of race, color, religion, gender, sexuality, national origin, age, disability, marital status or any other characteristics protected by law.

Protecting your privacy and the security of your data are longstanding top priorities for Activate Interactive Pte Ltd.

Your personal data will be processed for the purposes of managing Activate Interactive Pte Ltd’s recruitment related activities, which include setting up and conducting interviews and tests for applicants, evaluating and assessing the results, and as is otherwise needed in the recruitment and hiring processes.

Please consult our Privacy Notice (https://www.activate.sg/privacy-policy) to know more about how we collect, use, and transfer the personal data of our candidates. Here you can find how you can request for access, correction and/or withdrawal of your Personal Data.