Crowdsourced Vulnerability Discovery Programme Operations Manager

[What the role is]

GovTech is the lead agency driving Singapore’s Smart Nation initiatives and public sector digital transformation.

As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), GovTech develops the Singapore Government’s capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity.

At GovTech, we offer you a purposeful career to make lives better where we empower our people to master their craft through robust learning and development opportunities all year round.

Play a part in Singapore’s vision to build a Smart Nation and embark on your meaningful journey to build tech for public good.

Join us to advance our mission and shape your future with us today!

Learn more about GovTech at tech.gov.sg.

[What you will be working on]

Do you want to play a critical role in securing our smart nation initiatives by uncovering weaknesses in various domains of cybersecurity programs even before the real threat actors come to play?

And are you up to race against the real threat actors before organisations are compromised?

We seek an experienced cybersecurity professional to lead our Crowdsourced Vulnerability Discovery Programme (CVDP) triage team.

The role encompasses managing daily operations, leading a team of triage specialists, and ensuring effective handling of vulnerability reports across government systems for the Government Bug Bounty Programme (GBBP), Vulnerability Disclosure Programme (VDP), and Vulnerability Rewards Programme (VRP) for Whole-of-Government (WoG).

Key Responsibilities

Team Leadership & Operations

• Lead and mentor a team of CVD triage specialists, providing technical guidance and ensuring optimal performance in vulnerability assessment and management

• Operational planning of day-to-day tasks and development of the team's technical capabilities and soft skills

• Foster a supportive and collaborative team environment with strong commitment to mentoring team members

Programme Management

• Lead the conduct of 6 runs of GBBP and Pre-GBBP per year

• Lead continuous VDP and VRP operations

• Lead the CVD team in performing technical and impact analysis of reported vulnerabilities for GBBP, VDP and VRP

• Lead the CVD team in performing in-depth testing on agencies' patches for all CVD programmes

Technical & Strategic Functions

• Prepare and present materials for bounty approval

• Develop and deliver presentations on notable vulnerabilities identified through programmes for cross-team sharing, SLM sharing, or forums

• Conduct technical sharing of vulnerabilities arising from the programmes to internal and external stakeholders

• Perform analysis on data and payloads of reports to derive insights, statistics, and trends to advise various stakeholders

• Devise global solutions for recurring vulnerabilities

Process & Documentation

• Review and maintain standard operating procedures (SOPs) for the vulnerability triage process

• Continuously improve existing processes and SOPs

• Develop comprehensive documentation for triage processes

• Prepare regular vulnerability trends and operational metrics reports

Stakeholder Management

• Interface with agencies for clarification

• Manage stakeholder relationships across government agencies, system owners, and security researchers

• Provide technical support to the Programme Team

• Oversee integration and maintenance of key platforms

[What we are looking for]

• Degree in Cybersecurity, Computer Science, Information Systems, Computer Engineering, Information Security, or related technical field

• OSCP certification (mandatory)

• Minimum 3-5 years' experience in cybersecurity, penetration testing, or web penetration testing

• At least 2 years' team leadership or management experience

• Technical experience in performing web penetration testing or similar skills

• Understanding of basic cybersecurity principles and concepts

• Must have legal authorisation to work in Singapore

Advantageous Qualifications

• Professional certifications ( OSWE, GPEN, CISSP)

• Experience with bug bounty programmes or vulnerability coordination

• Previous experience with government systems

• Background in technical team leadership

Required Skills

• Comprehensive understanding of web application security and vulnerability assessment

• Experience with vulnerability management platforms and bug tracking systems

• Excellent project management and team leadership abilities

• Strong analytical and problem-solving capabilities

• Outstanding communication and stakeholder management skills

• Good command of English (oral and written)

• Ability to perform under pressure and manage critical incidents

• Positive attitude and collaborative leadership style

• Demonstrated ability to foster a supportive and collaborative team environment

• Strong commitment to mentoring team members and promoting mutual support within the team
   

GovTech is an equal opportunity employer committed to fostering an inclusive workplace that values diverse voices and perspectives, as we believe that diversity is the foundation to innovation. 

 

Our employee benefits are based on a total rewards approach, offering a holistic and market-competitive suite of perks.

These include leave benefits to meet your work-life needs and employee wellness programmes. 

  

We champion flexible work arrangements (subject to your job role) and trust that you will manage your own time to deliver your best, wherever you are, and whatever works best for you. 

 

Learn more about life inside GovTech at go.gov.sg/GovTechCareers.

 

Stay connected with us on social media at go.gov.sg/ConnectWithGovTech.