Cybersecurity Consultant

Company:

Sopra Steria is a listed European tech leader specializes in Consulting, Digital Service, and Software. We have 60,000 employees worldwide located in different regions (Europe, North America and Asia), whereby Singapore is the HQ for APAC. EvaGroup Asia Pacific is part of Sopra Steria I2S APAC, in charge of Infrastructure, Cloud and Cybersecurity services.

Description:

For this project, we are forming a team of 6 (including 1 team lead) to assist in a huge upcoming government project to perform the following scope of works:

(i) Security Risk Assessment

(ii) Security Policies, Standards, Guidelines, And Procedures Review

(iii) Security Design

(iv) Application Security

(v) Vulnerability assessment and

(vi) System Security Acceptance Testing

The selected candidate will be working collaboratively within the team to fulfil the project requirements. As such, there is no expectation for one individual to possess all skill sets in the 6 domains.

Responsibilities:

• Support the execution of security risk assessments across various environments including on-premise, cloud, DevOps, IoT, and third-party systems
• Assist in performing vulnerability assessments, analyzing findings, and documenting remediation recommendations
• Contribute to the review of security policies, standards, and procedures, ensuring alignment with industry and regulatory requirements
• Participate in application security activities such as secure code reviews, threat modelling, and CI/CD pipeline assessments
• Support cloud security assessments, including configuration reviews, access controls, and data protection practices across public and hybrid cloud platforms
• Assist in System Security Acceptance Testing (SSAT) by executing test scenarios, analyzing results, and documenting security gaps
• Document security findings, assist in preparing risk reports, and help maintain the security risk register
• Collaborate with other team members to support the delivery of cybersecurity assessments, design reviews, and compliance activities
• Perform all tasks and duties as assigned to support the completion of project, including any ad-hoc activities necessary to fulfill the client’s scope of work

Requirements:

• Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field preferred.
• Relevant certifications such as CISSP, CISM, CISA, or equivalent.
• At least 3-5 of experience in cybersecurity consulting, with a focus on areas in Risk assessment, Application Security and Cloud Security.
• Hands-on experience working in cloud security environments (e.g., AWS, Azure, GCP), including identifying and mitigating security risks in cloud-based architectures.
• Strong knowledge and practical experience in conducting risk assessments and threat modelling using methodologies such as STRIDE and PASTA.
• Familiar with regulatory frameworks and standards, including NIST, and ISO 27001, etc.
• Excellent project management skills with the ability to manage multiple engagements simultaneously.
• Strong analytical and problem-solving skills, with the ability to think strategically and act tactically
• Exceptional communication skills, both written and verbal, with the ability to convey complex technical concepts to non-technical stakeholders.
• Proven ability to build and maintain client relationships, demonstrating a commitment to delivering exceptional client service.