InfoSec

Role :: Threat Modeler

Rate - $80-85/hr. on C2C
Location :: Remote
 

Responsibilities:

·         Develop training material for how to engage the Threat Management service, make use of technologies, and interpret findings.

·         Drive beneficial security change into the business through supporting Developers with creation of threat models for their applications and remediation of potential threats, balancing risk against business need.

·         Support the Security Architecture team to develop and mature an Application Threat Modeling Program by defining processes, procedures, controls, KRI’s/KPI’s, etc., that identify threats early in the development process reducing risks prior to deployment.

·         Work with the InfoSec functional teams in the development of the Information Security strategy and roadmap, including and with focus on Threat Modeling; liaison and consult with Enterprise Architecture, IT and the business for ongoing input and awareness

·         Advise and Contribute to Strategy and Roadmaps

Qualifications:

·         5-7 years related experience in Cyber Security, Insider Threat, Intelligence Community, Federal Law Enforcement, or a related field

·         Strong understanding of access controls and authentication mechanisms, PKI, and cryptography

·         Demonstrated experience developing technical threat models

·         Demonstrated experience performing security code reviews and explaining results to project teams

·         Strong understanding of protocols, networking, firewalls, caching, VIPs, proxies, web applications, and database systems

·         Experience with AWS

·         Knowledge of several of the following programming languages; Java, C#, Python, C++, Node.JS, JavaScript

·         Knowledge in one or several of the following Frontend frameworks; React, Angular, Ember, Vue

·         Minimum of 2 years’ experience working as an Information Security Threat Modeling subject matter expert at a senior level

·         Minimum of 2 years’ experience working as an Information Security Professional, preferably within the architecture or engineering disciplines

Desirable:

·         Able to provide references to CVEs filled, Bug Bounty Username, or GitHub repositories

·         One or more security-related certifications associated with AWS, GCP, or Azure

·         CISSP (+ ISSAP), CCSP, CEH, OSCP, CSSLP

Keys to Success in this Role:

·         Strong written and verbal communication skills

·         Able to mentor and guide team members

·         Self-starter, candidate must be able to anticipate tasks and take action

·         Excellent presentation, program management and relationship management skills