Cybersecurity Engineer (Public Healthcare)

• 1-year contract, renewable
• Government project
• Hybrid work arrangement

We are seeking an experienced Security Engineer to support and strengthen the cybersecurity posture of a growing digital technology environment. This role will be responsible for implementing and managing security controls across endpoints, cloud infrastructure, networks, and application development pipelines to ensure operational resilience, regulatory compliance, and secure product delivery.

The successful candidate will work closely with infrastructure, engineering, and operations teams to enhance security monitoring, improve DevSecOps practices, and support ongoing cybersecurity initiatives within a regulated environment.

Key Responsibilities

Endpoint & Device Security

• Implement and manage endpoint security technologies including EDR solutions, endpoint hardening, full-disk encryption, and endpoint monitoring across enterprise devices.
• Administer Mobile Device Management (MDM) and Data Loss Prevention (DLP) solutions to enforce compliance policies and prevent unauthorised data exfiltration.
• Support ongoing tuning and optimisation of endpoint and network security controls to address evolving threats.

Network & Infrastructure Security

• Deploy and maintain network security technologies including Next-Generation Firewalls (NGFW), Web Application Firewalls (WAF), and Intrusion Prevention Systems (IPS).
• Monitor, manage, and improve security controls across network and infrastructure environments.
• Support security operations and contribute to improving detection and response capabilities.

Cloud Security

• Implement and manage cloud security controls within AWS environments, including IAM, centralised logging, security monitoring, and threat detection services.
• Manage and optimise services such as GuardDuty, Security Hub, and CloudTrail.
• Identify and remediate cloud misconfigurations to ensure alignment with security best practices and compliance requirements.

DevSecOps & Application Security

• Integrate security into the Secure Software Development Lifecycle (SSDLC) and CI/CD pipelines.
• Implement and manage application security tools including SAST, DAST, dependency scanning, and container security controls.
• Conduct application security reviews and vulnerability assessments aligned with OWASP Top 10 and secure coding standards.
• Work closely with engineering teams to prioritise, track, and remediate security findings.

Security Operations & Incident Response

• Monitor and triage security alerts across endpoint, network, cloud, and application layers.
• Investigate security incidents and support response, containment, and remediation activities.
• Improve operational playbooks, monitoring processes, and detection workflows to reduce response times.

Automation, Compliance & Documentation

• Develop and maintain automation scripts using Python, Bash, or similar technologies to improve monitoring, reporting, and operational efficiency.
• Maintain security documentation and support audit readiness.
• Ensure systems and controls align with organisational cybersecurity policies and regulatory requirements including PDPA and industry security frameworks.

Requirements

• Around 6–7 years of hands-on cybersecurity experience.
• Strong background in security engineering, security operations, cloud security, or related domains.
• Experience implementing and managing endpoint, network, and cloud security technologies.
• Hands-on experience with AWS security services and cloud security best practices.
• Familiarity with DevSecOps practices, CI/CD security integration, and application security tooling.
• Understanding of OWASP Top 10, secure coding principles, and vulnerability management.
• Experience with scripting or automation using Python, Bash, or similar languages.
• Strong analytical, troubleshooting, and incident response skills.
• Excellent communication and stakeholder management abilities.

Preferred Skills

• Experience working in regulated or enterprise environments.
• Familiarity with cybersecurity compliance frameworks and audit requirements.
• Experience supporting cloud-native applications and container security.
• Relevant certifications such as CISSP, CEH, Security+, AWS Security Specialty, or equivalent will be advantageous.