Senior Engineer/Engineer (Operations and Implementation Support – Info Air Traffic Management)

[What the role is]

[What the role is]

Cybersecurity is a critical pillar of CAAS’ work, and to ensure that the Singapore air hub remains safe and secure for air travel, every mission-critical system that supports air hub operations must be well-protected and resilient against rapidly evolving, and increasingly complex, cybersecurity threats.

CAAS is looking for a strong and dynamic esteemed engineer candidate who will join the Operations and Implementation Support (OIS) Section, under the Cybersecurity and Data Governance (CDG) Division and be attached to the Air Navigation Services Support Systems (ANSSS) Branch under Aeronautical Telecommunications and Engineering (ATE) Division to plan, design, integrate, enhance and innovate the next generation informational Air Navigation Services (ANS) Systems. Together, you will develop and review the overall cybersecurity architecture for existing and future CAAS’ Air Navigation Services (ANS) System which includes mission-critical Communications, Navigation Aid, Surveillance and Air Traffic Management (CNS/ATM) systems.

[What you will be working on]

Candidate will review systems infrastructure, design and architecture to ensure cybersecurity factors are considered and in compliance within existing government IM8 requirements. In addition, candidate will support the implementation of cyber and data security measures, and incident response and management for these systems. These systems are software intensive, complex and requires high availability. Depending on the phase of the systems lifecycle, candidate will be assigned to specify the technical requirements of the systems, evaluate on the proposed solutions, work on relevant approvals, execute the implementation of enhancement or technical refresh as well as maintenance of the systems.

Responsibilities

Key responsibilities include:

• Manage ANS projects/ systems including cyber-security implementations, as well as the design and engineering information security (e.g. authentication, perimeter security, security compliance tools), technology systems (software & hardware), and security policies / procedures.
• Implement solutions to enhance cyber-security posture (e.g. cyber defenses, mitigation measures) to meet CAAS’, national, international standards and requirements.
• Work closely with multiple stakeholders both internal and external (including other government agencies, system suppliers, maintenance operators, operation users, IT consultants/auditors etc) which include coordinate, liaise, support and conduct meetings to facilitate and validate the implementation in accordance with national and international cybersecurity standards and requirements.
• Coordinate, liaise, support and conduct internal as well as external audit needs/issues including technical discussions and internal audits (e.g. scanning exercises, penetration tests).
• Formulate process and procedures relating to cyber security through continuous engagement with the various stakeholders including the regulator, industry players and relevant agencies.
• Keep abreast of the latest industry cybersecurity practices and technologies as well as emerging threats and vulnerabilities, then recommend appropriate controls for implementation to improve the ANS systems security posture.
• Conduct investigations into security breaches to determine the cause of the incidents and work closely with multiple stakeholders both internal and external to resolve the incidents, participate in post-incident reporting and study/implement the proposed enhancement to the systems and infrastructure to close the security gaps.
• Manage relevant security documentation and updating of the ANS Group's overall security programme, including planning, coordinating and conducting relevant training for security and assurance matters to raise and maintain high cyber security awareness in the ANS Group.
• Coordinate internal and external audit needs/issues and participate in technical discussions and internal audit (e.g. scanning exercises, penetration tests).

[What we are looking for]

Requirements
• Trained in Cybersecurity, Information Security, Information Technology, Computer Science, Engineering (Computing/ Electrical/ Electronics/ Telecommunication) or equivalent
• Professional certification such as Certified Information Security Auditors (CISA) and/or Certified Information Systems Security Professional (CISSP) would be advantageous.
• An active professional certification in Cybersecurity or Information Security from ISACA, (ISC)2 or equivalent will be an advantage
• At least 3-5 years of relevant experience in system project implementation and cybersecurity compliance and/or cybersecurity work experiences in ICT infrastructure or network implementation
• Possess good experience in managing cybersecurity projects, preferably having gone through at least one project implementation life cycle
• Strong domain knowledge of information security governance and risk management, controls, vulnerability assessment/penetration testing, compliance, business continuity, investigations, system architecture and design, legal, and industry IT and cyber security best-practices.
• Able to show understanding of the relationship between cybersecurity and the broader business goals and objectives
• Self-motivated and independent, a good team player with well-rounded skillset, and can-do attitude
• Curious and passionate about cybersecurity with a hacker mindset
• Excellent verbal, written communication and interpersonal skills
• Strong analytical, presentation and negotiation skill

If you share our passion to make a difference in the aviation cybersecurity landscape, apply now.

Note: Your appointment designation will commensurate with your relevant work experience. Successful candidates will be offered a 3-year contract in the first instance and may be considered for placement on a permanent tenure or subsequent contract renewal.

[What you will be working on]

[What we are looking for]