Cybersecurity Principal/Lead Engineer — TradeNet CII

About GovTech

The Government Technology Agency (GovTech) transforms the delivery of Government digital services by taking an "outside-in" view, putting citizens and businesses at the heart of everything we do. We build the Smart Nation infrastructure and the platforms the public sector runs on, and we partner agencies to engineer trustworthy, resilient digital services at national scale.

What is this role?

TradeNet is Singapore's national single-window trade platform and a legislated Critical Information Infrastructure (CII). Its availability and integrity underpin national trade continuity; disruption is an economic event, not a system outage.

We are seeking a Cybersecurity Principal/Lead Engineer to be the technical design authority for the modernised TradeNet CII rebuild, focusing on architecture security and resilience.

This is an architect-and-build mandate, not an assurance or operations role. As a first-line engineering role, you will:

1. Design and embed security and resilience controls into the platform starting from the architecture and down to the implementation details.
2. Decide what is inherited from the GovTech security tech stack versus built and owned by the product team.
3. Design the defensive terrain jointly with the Singapore Customs Agency CISO (ACISO) so that the agency can defensibly discharge its CII regulatory accountability to Cyber Security Agency (CSA).

You will be measured on the delivery of TradeNet CII that is secure and resilient by design and construction — not on the volume of findings triaged or evidence produced after the fact.

Impact and outcomes

You will be successful when:

• TradeNet's security architecture is conformant with CSA CCoP v2 and WOG IM8 by design, not by downstream remediation, and the conformance basis is clearly documented and defensible to CSA.
• The Customs ACISO can stand behind a coherent, evidenced security and resilience architecture for the CII without reconstructing it from operational artefacts.
• The platform has an engineered national trade-continuity posture — recoverability, degraded-mode operation, and containment of blast radius are designed properties, not aspirations.
• The boundary between controls inherited from the GovTech security tech stack and controls owned by the TradeNet product is explicit, maintained, and used to scope CII audit and attestation.
• Security control intent is expressed as code and continuously monitored, reducing reliance on point-in-time attestation.

What you will be working on

Secure and resilient architecture (core mandate)

• Own the reference security architecture for the TradeNet CII: trust boundaries, identity architecture, segmentation and trust-zone strategy, east-west controls, encryption and key management, and blast-radius containment for the CII boundary.
• Embed secure-by-design controls by working inside product and engineering teams through the delivery lifecycle — at design, solutioning and implementation time, not as post-build validation.
• Maintain a living threat model per system and trust boundary, referenced to MITRE ATT&CK and to relevant adversary classes (including supply-chain and nation-state), and use it to drive architecture and segmentation decisions — not merely to prioritise remediation.

Resilience and national trade continuity

• Engineer the platform's recoverability and graceful degradation: degraded-mode operation, recovery objectives appropriate to a national single-window, and containment design that preserves trade continuity under attack.
• Map and treat dependency and concentration risk across the TradeNet ecosystem (traders, brokers, ports, and partner agencies), including third-party and supply-chain integration risk.
• Design for, and participate in, CSA-mandated cyber resilience exercising for the CII, feeding findings back into the architecture.

Defensive terrain (with the Customs ACISO)

• Partner the Customs ACISO as the technical design authority enabling the agency to discharge CII accountability to CSA: design the Customs digital terrain and CII boundary with multi-layered defence, and translate regulatory obligation into architecture rather than into compliance tasks.
• Co-develop the defensible architecture and resilience narrative the ACISO relies on for CSA engagement, audits, and CII regulatory submissions.

Platform leverage and control inheritance

• Determine and document what the CII inherits from the GovTech security tech stack (e.g. GCC, central SOC/monitoring, ShipHats pipeline guardrails, IM8 baseline controls) versus what the TradeNet product team must build and own.
• Maintain the shared-responsibility delineation as an architectural artefact that also scopes CII audit boundaries, so inherited controls are not re-attested.

Continuous assurance and secure delivery

• Express security control intent as code: pipeline guardrails, policy-as-code, and continuous control monitoring designed into the platform so conformance is observable continuously rather than reconstructed for audits.
• Champion secure SDLC and agile security practice within the delivery cadence, embedded in engineering teams rather than gating them.

Transitional / Day-2 scope (explicitly secondary)

The following are transitional and not the primary remit. Operational validation of the CLE's own designs sits with an independent assurance line to preserve control independence; the CLE provides engineering guidance, not self-validation:

• Advisory and incident-response engineering support in coordination with SIRO, ACISO, and GCSOC.
• Scoping and engineering guidance for external VAPT and vulnerability assessment, with closure validation performed independently.

What we are looking for

• 10+ years in Cybersecurity as a Software Engineer and not just in the capacity of auditing, pen-testing, operational triage, etc….
• Demonstrated experience with designing security architecture into regulated / critical systems and platforms at the national or whole enterprise level, not just providing testing and assurance but actually designing and implementing.
• Working command of Singapore regulatory frameworks for critical systems: CSA CCoP v2 for CII and WOG IM8 (Reform), with the ability to translate obligation into architecture and to delineate control inheritance for audit scoping.
• Strong systems thinking: able to reason about a national platform as an interdependent whole — boundaries, failure modes, recoverability, and concentration risk — not as a checklist of controls.
• Depth across cloud and platform security architecture (IaaS/PaaS/SaaS), identity, encryption and key management, segmentation and zero-trust patterns, and secure SDLC / policy-as-code.
• Fluency with architectural and adversary frameworks (MITRE ATT&CK, NIST, ISO 27001, CIS benchmarks) used to drive design decisions.
• Ability to operate as a technical design authority alongside a CISO, clearly within the first line, and to produce architecture that withstands regulatory and audit scrutiny.
• Proficiency in at least one scripting/automation language (e.g. Python, TypeScript, Shell/Bash, etc…) for policy-as-code and tooling.
• Preferably proficient in both Kotlin/JVM stack and TypeScript.
• Architecture-leaning certifications are advantageous (e.g. CISSP / CISSP-ISSAP, SABSA, cloud security architecture). Incident-response and offensive certifications are useful but not the primary signal for this role.
• Subject to personnel security clearance / CII vetting appropriate to access to a national CII.
• Subject to the nature of the role, onsite presence during fixed hours may be required.

How this role sits in our assurance model

This is a first-line engineering role. The Customs ACISO holds CII risk accountability; an independent assurance function validates and attests. The CLE provides the engineering and architectural substance both rely on, and does not validate or attest to the controls it designs. This separation is deliberate and protects the integrity of the CII assurance chain.

Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks. These include leave benefits to meet your work-life needs and employee wellness programmes.

We champion flexible work arrangements (subject to your job role) and trust that you will manage your own time to deliver your best, wherever you are, and whatever works best for you.

Learn more about life inside GovTech at go.gov.sg/GovTechCareers.

Stay connected with us on social media at go.gov.sg/ConnectWithGovTech