HT

IT Security Lead

Helius Technologies Pte. Ltd.

D01 Marina, Raffles Place, People's Park, CecilFull TimeS$6,500 – S$7,600/mo

Posted 9 Jul 2026

About this role

Job Requirements Role Overview The IT Security Lead will be responsible for end-to-end security governance, implementation, compliance, and operational security for mission-critical system operating in a secured environment. This role covers both: Day 1 Security (Build / Project Implementation) Day 2 Security (Operations / Production Support) The Security Lead will work closely with Infra, System, and Software teams, InfoSec stakeholders, and external auditors to ensure the system complies with government security policies and standards. Key Responsibilities Day 1 – Project / Implementation Security 1. Security Architecture & Design Define system security architecture aligned with Singapore Government security policies. Review application, middleware, infrastructure, and platform designs for security compliance. Conduct threat modelling and risk assessments; map risks to mitigating controls. Translate policy requirements into actionable technical controls across the stack. 2. Compliance & Governance Ensure compliance with: IM8 / Government security policies Whole‑of‑Government (WOG) security requirements PDPA (where applicable) Establish and oversee cyber security governance across infrastructure, application, and project teams. Prepare and maintain documentation for: Security Risk Assessment (SRA) Vulnerability Assessment (VA) Penetration Testing (PT) Security hardening baselines and reports 3. Secure Development Oversight Partner with software teams to enforce secure coding standards and DevSecOps practices. Integrate and govern SAST/DAST, dependency/SCA scanning, and container image scanning in CI/CD. Review and triage findings from tools (e.g., SonarQube, SCA, container scanners), drive remediation, and risk acceptance where needed. Provide guidance on API security, token/secret management, and secure service-to-service communication. 4. Security Testing & Certification Plan, coordinate, and manage VA/PT engagements and vendors. Track findings through remediation to closure; document residual risk and risk acceptance. Support all security clearances and go‑live certifications. 5. Security Hardening Review and approve: OS and baseline hardening Middleware hardening Database security configurations Kubernetes / container security (RBAC, network policies, admission controls, secrets, image provenance) API gateway / WAF / rate‑limiting / mTLS / OAuth2/OIDC configurations Day 2 – Operations / Production Security 1. Incident Management Lead security incident investigation, containment, and recovery. Perform root cause analysis (RCA) and define corrective/preventive actions. Coordinate with Gov SOC and stakeholders; contribute to and refine playbooks. Provide clear, timely communications to both technical and non-technical audiences. 2. Vulnerability & Patch Management Oversee continuous vulnerability monitoring and posture management. Track patch and configuration compliance across infrastructure, middleware, applications, and containers. Provide risk assessments and compensating controls for deferred patches. 3. Security Monitoring & Audit Review and tune alerts, detections, and dashboards in SIEM and related tools. Ensure monitoring coverage for critical systems and high‑value assets. Support internal/external audits and evidence collection; close audit findings. 4. Compliance & Reporting Prepare and present security posture, metrics, and trend reports to management. Maintain risk registers and mitigation plans; ensure up‑to‑date security documentation. Communicate security assessments and findings effectively to varied stakeholders. 5. Access Control Governance Oversee and periodically review RBAC, MFA, Privileged Access Management (PAM), and joiner/mover/leaver processes. Ensure least privilege, SoD, and periodic access recertifications. 6. Security Operations Contribution Support incident response handling, log analysis, and activity reviews. Drive continuous improvement across identify → protect → detect → respond → recover functions. Required Qualifications & Experience Mandatory Singapore Citizen Degree in Computer Science / Cybersecurity / Information Security or equivalent 8–12 years of IT experience, including ≥5 years as a Security Lead or Security Architect Proven experience in Singapore Government IT projects and IM8/government security compliance Hands-on experience with: Kubernetes / Docker security API security Identity & Access Management (IAM) Security tools (SAST/DAST/SIEM) and CI/CD-integrated s…

What they're looking for

Microsoft OfficeMicrosoft ExcelRole ModellingResolving Customer Queries

About Helius Technologies Pte. Ltd.

Industry: Information & communications

Frequently asked questions

What does a IT Security Lead at Helius Technologies Pte. Ltd. do?

Job Requirements Role Overview The IT Security Lead will be responsible for end-to-end security governance, implementation, compliance, and operational security for mission-critical system operating in a secured environment. This role covers both: Day 1 Security (Build / Project Implementation) Day …

What skills does this IT Security Lead role need?

Key skills for this role include Microsoft Office, Microsoft Excel, Role Modelling, Resolving Customer Queries.

How much does a IT Security Lead at Helius Technologies Pte. Ltd. pay?

This role lists a salary of S$6,500 – S$7,600 per month.

Is this IT Security Lead role remote, hybrid, or on-site?

The listing is based in D01 Marina, Raffles Place, People's Park, Cecil. Check the posting for remote or hybrid options.

How do I apply for this IT Security Lead role?

You can apply directly on Helius Technologies Pte. Ltd.'s careers page. ApplyLah can tailor your résumé and cover letter to this exact role in seconds first.