Skip to content

Senior Security Engineer

  • On-site
    • Singapore, Central Singapore, Singapore
  • Software Engineering

Job description

Who we are

Open Government Products is an in-house team of engineers, designers, and product managers who build technology for the public good. We proactively identify areas where technology can help, test our prototypes with actual users, and bring our best ones to launch. This includes everything from building better frontend applications for citizens, to automating the internal operations of public agencies. We use and release open source software, keep a flat hierarchy, and bypass bureaucracy to focus on delivery. We work on real problems, build for the user, and push for change.

Projects we have worked on include:

Covid-19 Vaccination National Appointment System - A suite of systems built to enable Singapore's national vaccination campaign for Covid-19. This includes informational sites, appointment booking systems, and records management systems.

FormSG - A form builder tool for agencies to self-service and create online forms that capture classified data, with the goal of replacing paper forms.

Isomer - Isomer provides government agencies with an easy-to-deploy static website building and hosting service to create usable, secure and faster informational websites quickly.

An overview of other OGP products can be found on our website https://open.gov.sg

What does a Senior Security Engineer do?

If you can hack and build, this is the job for you!

The security engineering team supports OGP’s mission by solving real cybersecurity and application security problems. We develop guardrails and secure-by-default building blocks so that anyone can deliver secure products easily.

As a senior security engineer, you will:

  • Identify security gaps in the organisation and product teams and potential solutions that scale well.

  • Develop secure-by-design application and infrastructure components.

  • Build and deploy systems that automate detection, containment, and remediation of security failures.

  • Create distributed testing tools to measure security outcomes at OGP and across government.

Strong software engineering skills are preferred. You're not just here to identify security problems but also build the solutions.

We use cloud services, open source software, and commodity hardware as much as possible. These often include, but are not limited to: Typescript, GitHub, AWS, Pulumi, DataDog, Okta, and Semgrep. Knowing what to build and what to reuse lets us avoid wasting time on solved problems and focus on delivering actual value.

What it is like working here

Rapid Prototyping - Instead of spending too much time debating ideas we prefer testing them. This identifies potential problems quickly, and more importantly, conveys what is possible to others easily.

Ownership - In addition to technical responsibilities, this means having opinions on what is being done and having ideas on what should be done next. Building something that you believe in is the best way to build something good.

Continuous Learning - Working on new ideas often means not fully understanding what you are working on. Taking time to learn new architectures, frameworks, technologies, and even languages is not just encouraged but essential


Job requirements

Who we are looking for

We are look for security engineers who:

Demonstrated foundation in security - Prior work and personal projects count for much more than specific degrees. You can “think like an attacker” and identify vulnerabilities from code.

Design practical solutions to solve security problems - Clear thinking, scalability, and understanding the limits of an approach matter much more than getting the “correct” answer. Security-related projects are a plus.

Talk and reason about security issues with other engineers - We work as a team and don’t work by top-down mandates, so you need to be able to not just solve security problems, but have other people understand and embrace your solutions.

Take initiative to make things happen - Our job is to push for change in government, so we need to challenge the status quo and not wait for instruction.

Want to work for the public good - We are public servants, we serve the public. This sometimes means ignoring political pressures and misguided policies. We need people who will push back if something is not in the public interest.

Overall we look for people who have ability, initiative, good communication, and strong values.

or

Consent to Use and Disclosure of Personal Data

I hereby give my consent to Open Government Products, Government Technology Agency (“OGP”) to: Obtain and verify information from or with any source (including third parties) as may be deemed appropriate by OGP and/or any relevant Government agency for the purposes of assessing my application for employment and/or for recommendation to a third party for employment with or engagement by that third party (see below for more information). Share my personal data set out in this application form and any other personal data subsequently provided by me arising out of or in connection with my application for employment with other Government agencies or a third party vendor appointed by OGP for the purposes of recruitment and/or review of recruitment practices, and for such personal data to also be used as part of de-identified and aggregated data for reporting purposes.  

Additionally, where relevant, OGP may share my personal data set out in this application form and any other personal data subsequently provided by me to a third party for that third party to consider employing or otherwise engaging me to undertake work relevant to OGP. I understand and acknowledge that the collection, use and/or disclosure of such personal data may also be subject to that third party’s privacy terms. I declare that all the information given by me is true to the best of my knowledge and voluntarily given.   By clicking the 'Apply' button, I hereby certify that I have read and understood all of the clauses above and that I agree to all of them.