Sr. Threat Modeling Engineer

• Conduct thorough threat modeling exercises utilizing established methodologies and frameworks.
• Maintain a rigorous standard of excellence in identifying potential threats and specifying effective mitigation controls.
• Manage the lifecycle of identified threats and associated controls, ensuring timely updates and adjustments as necessary.
• Deliver comprehensive threat models and related tasks within specified timeframes.
• Offer constructive feedback, support, and suggestions for enhancing the existing threat modeling process.
• Present findings and progress updates to senior leadership, team members, and relevant technical stakeholders.

Qualifications

We are seeking an ideal candidate with 8 years of experience in a range of technologies and processes including:

• Proficiency in GCP - essential
• Strong knowledge of security architecture principles, frameworks, and best practices
• Experience working with threat modeling methodologies such as MITRE ATT&CK, STRIDE, PASTA etc.
• Overall experience in Cybersecurity: 5 years
• Security practices encompassing authentication, authorization, logging/monitoring, encryption, infrastructure security, and network/segmentation
• Knowledge of Rest API
• Knowledge in scripting languages and Infrastructure as Code (Terraform, CloudFormation)
• Familiarity with Jira or other ticketing systems – essential
• Technical architecture design and review skills – essential
• Ability to identify vulnerabilities using CWE or OWASP
• Knowledge of operating systems and their hardening techniques
• Understanding of development concepts such as CICD, Pipelines, and SDLC
• Penetration testing knowledge is also super useful
• Familiarity with Cloud Development Kit (CDK) and GitOps
• Experience operating in a DevOps/agile team environment
• Understanding of docker, Kubernetes, serverless architecture, and Helm
• Exposure to platforms like Snowflake, MongoDB, Terraform Cloud, GitHub, and Databricks
• Strong analytical skills, diligence, and attention to detail
• Willingness to conduct research using vendor documentation
• Capability to create and maintain high-quality documentation
• Possession of an adversary mindset
• Continuous learning attitude towards new technologies and methodologies
• Strong problem-solving skills
• Excellent communication and collaboration abilities
• Ability to build and nurture relationships across cross-functional teams

Nice to have

• Professional Security Certifications: CISSP, CCSP, CISA, CISM, ITIL
• Relevant GCP certifications are highly desirable: GCP Professional Cloud Architect, GCP Professional Cloud Security Engineer.
• Strong knowledge of industry standards as they relate to Cloud and Application security management to include ISO, NIST, and Cloud Security Alliance (CSA)
• Hands-on-experience with cloud security designs on GCP
• Experience working in regulated environments
• Exposure to agile development, DevOps, SecOps and scrum teams
• Experience with another CSP provider: AWS, Azure
• Development experience (python, Node)

Strong desire to learn and contribute solutions and ideas to broader team