Sr. Threat Modeling Analyst to lead the identification of Cyber security risks and ensure suffi[...]

Sr. Threat Modeling Analyst to lead the identification of Cyber security risks and ensure sufficient controls are in place to mitigate these risks for our banking client

Hybrid work arrangement, with 2 days per week in the office.

The Work:

The Senior Threat Modeling Analyst will work closely with the technology teams and line of business teams to develop secure technology solution designs. The Senior Threat Modeling Analyst will lead the identification of Cyber security risks to the bank’s technologies and ensure sufficient controls are in place to mitigate these risks which could otherwise result in Cyber Security attacks, while enabling the business to grow the bank and serve our customers efficiently and securely.

Must haves:

1. At least 5+ years of information security performing IT security risk assessments and developing risk mitigation recommendations.
2. Experience performing Threat modeling and threat modeling analysis (i.e. attack trees, sequence flow diagrams, Data Flow Diagrams etc.).
3. Experience in supporting application security programs working with Application Security frameworks is required e.g. OWASP.
4. MS Azure Experience and deep understanding of hybrid cloud technologies is required.

Nice to haves:

1. Understanding of CI/CD pipeline and approaches to automate security testing is an asset.
2. Understanding of API security is an asset.
3. Having coding experience is an asset.
4. The following certifications are preferred: CCSP, SABSA, CCSK, CISM, CISSP, or CRISC.
5. Understanding and experience with TOGAF, OWASP, SAMM, MITRE ATT&CK, BSIMM, NIST, ISO 27K series is an asset.
6. Experience working in a banking or financial services environment is an asset.

Job Description:

1. Perform the threat modeling for applications still in design phase.
2. Provide security advisory services to technology and business teams.
3. Perform security assessments for technical solution designs.
4. Identify threat scenarios and evaluate risk rating based on a thorough review of the solution design by working closely with SMEs.
5. Track and remediate design flaws identified by the Threat Model process.
6. Ensure onboarding of appropriate security services by the project; e.g. Automated security scanning, MFA, SIEM onboarding etc.
7. Manage design security flaws tracking and escalate outstanding risks as required.
8. Manage security risks for assigned portfolio to ensure that action/mitigation plans are defined and actioned in-time.
9. Support Threat modeling and solution design security process improvements.