Lead Security Engineer

Who We Are

Open Government Products (OGP) operates like a startup within the government; We are a fast-paced, dynamic team of engineers, designers, and product managers dedicated to public good. We autonomously identify opportunities to solve public problems using tech, rapidly prototype, and launch solutions—from citizen apps to automating public agency operations. Embracing an open-sourced and flat hierarchy, we cut through bureaucracy to focus on real-world, user-centric innovations that drive change.

The Security Engineering Team

If you can hack and build, this is the job for you!

The security engineering team supports OGP’s mission by building, integrating, and maintaining solutions for cybersecurity problems. We develop guardrails and secure-by-default building blocks so that anyone can deliver secure products easily.

Strong software engineering skills are preferred. You're not just here to identify security problems but also build the solutions.

We use cloud services, open source software, and commodity hardware as much as possible. These often include, but are not limited to: Typescript, GitHub, AWS, Pulumi, DataDog, Okta, and Semgrep. Knowing what to build and what to reuse lets us avoid wasting time on solved problems and focus on delivering actual value.

Why This Role Matters

OGP builds some of Singapore’s most critical digital systems — from nationwide citizen-facing apps to internal government platforms. As our footprint grows, security is no longer just a function — it is an organisation-wide capability.

This role exists to:

• Resolve key-person risk in security engineering

• Provide clear technical leadership and direction to the security engineering team

• Build sustainable, scalable security systems that keep pace with OGP’s speed and autonomy

You will be the technical authority for security engineering at OGP, shaping how security is designed, embedded, and operated across the organisation.

About the Role

We are looking for a Lead Security Engineer to set technical direction for security engineering at OGP.

You will:

• Own the architecture and evolution of OGP’s security systems

• Identify systemic security risks and design solutions at an organisational level

• Build and mature incident response, monitoring, and detection capabilities

• Develop security testing processes and lead security consultations

• Train security engineers and developers in best practices

• Partner closely with engineering leadership to embed security into how OGP builds software and measures security outcomes

This is a hands-on technical leadership role, not a governance or advisory position.

What You Will Do

Technical Leadership & Strategy

• Set technical direction and standards for the security engineering team

• Identify key security problem spaces across the organisation and prioritise solutions

• Design organisation-wide or function-wide security systems to address root causes

Security Engineering & Systems Design

• Perform deep root cause analysis of recurring or systemic security issues

• Architect scalable, maintainable security solutions and evaluate trade-offs

• Integrate security platforms and tooling into day-to-day engineering workflows

Incident Response & Operations

• Build, maintain, and continuously improve OGP’s security incident response capability

• Design monitoring, alerting, and observability for security-relevant events

• Lead or support investigations into security incidents and near-misses

Training, Collaboration & Change Management

• Work closely with the Head of Engineering, Director, COO, and engineering teams

• Drive organisation-wide security improvements through influence and alignment

• Identify leverage points or training opportunities to effect meaningful, large-scale change

What We’re Looking For (Must-Haves)

Strong Technical Expertise

• Ability to perform root cause analysis of persistent security problems

• Experience designing and deploying organisation-scale security systems

• Ability to evaluate solutions objectively against alternatives

• Strong understanding of security platforms and their APIs

• Ability to integrate security tooling into engineering workflows

• Experience performing security code reviews and identifying vulnerabilities

• Familiarity with monitoring, observability, and detection engineering

Communication & Stakeholder Management

• Proven ability to drive large-scale change across engineering and the organisation

• Ability to influence senior stakeholders and align teams with different incentives

• Communicates complex security trade-offs clearly and pragmatically

Good to Have

Training & Enablement

• Experience conducting security training for engineers

• Ability to document runbooks, playbooks, and critical processes

People Leadership & Growth

• Experience mentoring or leading other engineers

• Ability to navigate interpersonal conflict constructively

• Experience or strong instincts in hiring and developing engineers

• Interest in growing into a Tech Lead Manager (TLM) or Engineering Manager role

Why Join OGP

Security with Real Impact

Your work protects systems used by millions and underpins national digital infrastructure.

High Trust, High Ownership

You will be trusted to set direction and make decisions that matter.

Engineering-Led Security

Security at OGP is built with engineers, not imposed on them.

Mission-Driven Work

We build for public good, not profit maximisation.

Projects OGP has worked on include:

ScamShield — iOS and Android mobile apps, enhanced in August 2024, help users check and report suspicious communications. The apps automatically filter known scams using an AI-powered machine learning classifier. An Admin Dashboard also allows police to verify reported scams.

ParkingSG — A mobile app alternative to parking coupons. It lets users pay, extend, and refund their parking sessions just using their phones.

RedeemSG — Helps the Singapore Government to create, send and track redemptions of digital vouchers easily.

COVID-19 Vaccination — A suite of systems built to enable Singapore's national vaccination campaign for COVID-19. This includes informational sites, appointment booking systems, and records management systems.

data.gov.sg — An open repository of all the Singapore Government's public data. It helps people understand the data using visualizations and articles, and provides real-time APIs for developers to use.

Isomer — Provides government agencies with an easy-to-deploy static website building and hosting service to create usable, secure and faster informational websites quickly.

FormSG — A form builder tool for agencies to self-service and create online forms that capture classified data, with the goal of replacing paper forms.

PaySG — Was developed to enable digital payments for government services, and was initially used for payments for COVID-19 swab tests and Stay-Home Notices for incoming travellers to Singapore.

An overview of other OGP products can be found on our website https://open.gov.sg

Apply Now

If you want to protect the technology that millions rely on, and shape the future of technology in Singapore, we'd love to meet you.