DescriptionThreat Modeler
Responsibilities:
·Develop training material for how to engage the Threat Management service, make use of technologies, and interpret findings.
·Drive beneficial security change into the business through supporting Developers with creation of threat models for their applications and remediation of potential threats, balancing risk against business need.
·Support the Security Architecture team to develop and mature an Application Threat Modeling Program by defining processes, procedures, controls, KRI’s/KPI’s, etc., that identify threats early in the development process reducing risks prior to deployment.
·Work with the InfoSec functional teams in the development of the Information Security strategy and roadmap, including and with focus on Threat Modeling; liaison and consult with Enterprise Architecture, IT and the business for ongoing input and awareness
·Advise and Contribute to Strategy and Roadmaps
Qualifications:
·5-7 years related experience in Cyber Security, Insider Threat, Intelligence Community, Federal Law Enforcement, or a related field
·Strong understanding of access controls and authentication mechanisms, PKI, and cryptography
·Demonstrated experience developing technical threat models
·Demonstrated experience performing security code reviews and explaining results to project teams
·Strong understanding of protocols, networking, firewalls, caching, VIPs, proxies, web applications, and database systems
·Experience with AWS
·Knowledge of several of the following programming languages; Java, C#, Python, C++, Node.JS, JavaScript
·Knowledge in one or several of the following Frontend frameworks; React, Angular, Ember, Vue
·Minimum of 2 years’ experience working as an Information Security Threat Modeling subject matter expert at a senior level
·Minimum of 2 years’ experience working as an Information Security Professional, preferably within the architecture or engineering disciplines
Desirable:
·Able to provide references to CVEs filled, Bug Bounty Username, or GitHub repositories
·One or more security-related certifications associated with AWS, GCP, or Azure
·CISSP (+ ISSAP), CCSP, CEH, OSCP, CSSLP
Keys to Success in this Role:
·Strong written and verbal communication skills
·Able to mentor and guide team members
·Self-starter, candidate must be able to anticipate tasks and take action
·Excellent presentation, program management and relationship management skills