Security Engineer / Senior Security Engineer

Who we are

Open Government Products is an in-house team of engineers, designers, and product managers who build technology for the public good. We proactively identify areas where technology can help, test our prototypes with actual users, and bring our best ones to launch. This includes everything from building better frontend applications for citizens, to automating the internal operations of public agencies. We use and release open source software, keep a flat hierarchy, and bypass bureaucracy to focus on delivery. We work on real problems, build for the user, and push for change.

Projects we have worked on include:
Covid-19 Vaccination National Appointment System - A suite of systems built to enable Singapore's national vaccination campaign for Covid-19. This includes informational sites, appointment booking systems, and records management systems.

Data.gov.sg - An open repository of all the Singapore Government's public data. It helps people understand the data using visualizations and articles, and provides real-time APIs for developers to use.

Parking.sg - A mobile app alternative to parking coupons. It lets users pay, extend, and refund their parking sessions just using their phones.

FormSG - A form builder tool for agencies to self-service and create online forms that capture classified data, with the goal of replacing paper forms.

Isomer - Isomer provides government agencies with an easy-to-deploy static website building and hosting service to create usable, secure and faster informational websites quickly.

RedeemSG - RedeemSG helps the Singapore Government to create, send and track redemptions of digital vouchers easily.

PaySG - PaySG was developed to enable digital payments for government services, and was initially used for payments for COVID-19 swab tests and Stay-Home Notices for incoming travellers to Singapore.

An overview of other OGP products can be found on our website https://open.gov.sg

What does a Security Engineer do?

As a security engineer, you will:

• Build tools to improve organisation and application security

• Design secure-by-default application components

• Perform security reviews of application code and architecture

• Deploy breach detection and incident response frameworks

Because our team focuses on pushing new initiatives, you will also have to:

• Identify security gaps and potential solutions

• Design novel systems that work around bureaucratic constraints

• Advocate and explain these technical ideas to the rest of the organisation

Strong software engineering skills preferred! You're not just here to find security issues, but also to figure out how we can solve them at scale.

Your job will be to bring security expertise and capability to the public sector. Sometimes this means building new systems from scratch. Other times this means using the best solutions the security community has to offer. We use cloud services, open source software, and commodity hardware as far as possible. These often include, but are not limited to: GitHub, AWS, Pulumi, DataDog, Okta, and Semgrep amongst others. Knowing what to build and what to reuse lets us avoid wasting time on solved problems and focus on delivering actual value.

You will work on meaningful projects that solve security problems that protect citizen data and enable secure delivery of digital services. You will have direct ownership of your work with over 70% of our projects starting as ground up initiatives. Rather than work on commercial ventures commonly found in the startup scene, we're here to improve how we live as a society through what we can offer as a government.

What it is like working here

Rapid Prototyping - Instead of spending too much time debating ideas we prefer testing them. This identifies potential problems quickly, and more importantly, conveys what is possible to others easily.

Ownership - In addition to technical responsibilities, this means having opinions on what is being done and having ideas on what should be done next. Building something that you believe in is the best way to build something good.

Continuous Learning - Working on new ideas often means not fully understanding what you are working on. Taking time to learn new architectures, frameworks, technologies, and even languages is not just encouraged but essential

Who we are looking for

We work mostly in Typescript. However, we don’t require experience in any specific programming language or technology. Core competency in at least one language and the ability to learn is what matters to us.

We look for people who:

Have a demonstrated ability to build software - Prior work and personal projects count for much more than specific degrees. Security-related projects are a plus.

Design practical solutions to solve security problems - Clear thinking, scalability, and understanding the limits of an approach matter much more than getting the “correct” answer.

Talk and reason about security issues with other engineers - We work as a team and don’t work by top-down mandates, so you need to be able to not just solve security problems, but have other people understand and embrace your solutions.

Take initiative to make things happen - Our job is to push for change in government, so we need to challenge the status quo and not wait for instruction.

Want to work for the public good - We are public servants, we serve the public. This sometimes means ignoring political pressures and misguided policies. We need people who will push back if something is not in the public interest.

Overall we look for people who have ability, initiative, good communication, and strong values.