WHO WE ARE:

As Singapore’s longest established bank, we have been dedicated to enabling individuals and businesses to achieve their aspirations since 1932. How? By taking the time to truly understand people. From there, we provide support, services, solutions, and career paths that meet their individual needs and desires.

 Today, we’re on a journey of transformation. Leveraging technology and creativity to become a future-ready learning organisation. But for all that change, our strategic ambition is consistently clear and bold, which is to be Asia’s leading financial services partner for a sustainable future.

 We invite you to build the bank of the future. Innovate the way we deliver financial services. Work in friendly, supportive teams. Build lasting value in your community. Help people grow their assets, business, and investments. Take your learning as far as you can. Or simply enjoy a vibrant, future-ready career.

Your Opportunity Starts Here.

Job Summary

We are looking for several Privileged Access Management (PAM) engineers. You will be responsible for the secure, resilient, and optimised operation of PAM platforms across production and non-production environments. Your scope includes platform stability, 24×7 operational support, patching, vulnerability remediation, automation, integrations, HA/DR, and providing incident-response support. You will work closely with Engineering, PID Admin, Infrastructure, Cloud, DevOps, and Cybersecurity teams to ensure strong PAM operational excellence across the Group.

Key Responsibilities

1. Platform Operations & 24/7 Reliability

• Support and maintain PAM platforms (CyberArk EPV and Conjur).

• Provide 24×7 operational support through on-call rotation, adhering to SLAs/SLOs for uptime, response, and recovery.

• Perform daily platform health checks, telemetry monitoring, and troubleshoot issues across PAM platforms.

2. Change, Patch & Vulnerability Management

• Execute patching, upgrades, and hotfix deployments with full change lifecycle management including CAB approval, testing, and rollback validation.

• Perform vulnerability remediation (scan, prioritise, fix, validate) for PAM platforms.

• Implement secure configuration baselines and hardening standards across PAM platforms.

• Identify and support platform modernization and reduction of technical debt.

3. High Availability, Resilience & Disaster Recovery

• Manage HA/DR architecture, replication monitoring, failover mechanisms, and backup/restore processes.

• Conduct DR drills, failover testing, and ensure platform readiness for disaster scenarios.

4. Integration & Platform Ecosystem Engineering

• Integrate PAM tools with enterprise systems including OS, databases, middleware, SIEM, IAM, and cloud services.

• Deploy and maintain CPM/PSM connectors, plug-ins, and platform definitions.

• Collaborate with PID Admin for lifecycle onboarding/off-boarding and privilege-related incidents.

5. Secrets Management & DevOps Integration

• Manage Conjur clusters, authentication methods, policy structures, and secrets hierarchy.

• Enable secure machine credential ingestion and application secrets management across pipelines.

6. Incident Response Support, Compliance Evidence & Documentation

• Provide platform logs, evidence, and analysis during PAM-related incidents and investigations.

• Execute PAM incident-response playbooks and support cybersecurity teams during threat events.

• Maintain comprehensive operational documentation including procedures, runbooks, architecture diagrams, DR plans, and post-incident reports.

Requirements

Qualifications

• Diploma or Degree in IT, Cybersecurity, Computer Science, or related fields.

Experience

• Minimum 5 years’ experience in PAM technical support, cybersecurity or platform support.

Technical Knowledge

• 3+ years hands‑on with CyberArk EPV and/or Conjur secrets manager

• Deep knowledge of Windows Server, IIS, Linux, networking, and cloud platforms.

• Strong scripting capability in PowerShell and Python; familiarity with CI/CD pipelines.

• Experience with monitoring/observability, SIEM integration, and performance tuning.

Skills

• Multi‑tasking and prioritisation across operational demands

• Independent, resourceful, and able to operate in a regulated environment.

• Strong stakeholder management and collaboration

Certifications (Preferred)

• CyberArk Sentry, Guardian

• CISSP/CCSP or equivalent.

What we offer:

Competitive base salary. A suite of holistic, flexible benefits to suit every lifestyle. Community initiatives. Industry-leading learning and professional development opportunities. Your wellbeing, growth and aspirations are every bit as cared for as the needs of our customers.