Threat Modelling Engineer - GCP

Publicis Sapient is a digital transformation partner helping established organisations get to their future, digitally-enabled state, both in the way they work and the way they serve their customers. We help unlock value through a start-up mindset and modern methods, fusing strategy, consulting, and customer experience with agile engineering and problem-solving creativity. United by our core values and our purpose of helping people thrive in the brave pursuit of next, our 20,000+ people in 53 offices around the world combine experience across technology, data sciences, consulting, and customer obsession to accelerate our clients’ businesses through designing the products and services their customers truly value.

As a Senior Engineer - Threat Modelling, you will be part of a cross-functional team delivering digital business transformation solutions to our clients. This role focuses on Security Architecture and Threat Modelling, including governance, evaluation of public cloud services, and conducting security reviews for Public Cloud Providers. Collaboration with Engineering, Information Security, Program Management, and Development teams is essential. You will conduct technical architecture reviews to identify security opportunities, threats, and mitigation strategies.

• Conduct threat modeling exercises using established methodologies.
• Identify potential threats and specify mitigation controls.
• Manage the lifecycle of threats and controls, ensuring updates.
• Deliver threat models within deadlines.
• Provide feedback to improve threat modeling processes.
• Present findings to leadership and stakeholders.

Your Skills & ExperienceWe seek candidates with experience in:

• Proficiency in GCP (essential)
• Security architecture principles, frameworks, and best practices
• Threat modeling methodologies like MITRE ATT&CK, STRIDE, PASTA
• Cybersecurity experience of 5+ years
• Security practices including authentication, authorization, logging, encryption, infrastructure security, network segmentation
• Knowledge of cloud security frameworks
• Rest API knowledge
• Scripting and Infrastructure as Code (Terraform, CloudFormation)
• Experience with Jira or similar ticketing systems
• Technical architecture review skills
• Vulnerability identification (CWE, OWASP)
• Operating systems and hardening techniques
• Development concepts like CICD, Pipelines, SDLC
• Penetration testing knowledge (useful)
• Familiarity with Cloud Development Kit (CDK), GitOps
• Experience in DevOps/agile environments
• Docker, Kubernetes, serverless, Helm
• Platforms like Snowflake, MongoDB, Terraform Cloud, GitHub, Databricks
• Analytical skills, attention to detail
• Research using vendor documentation
• Documentation skills
• Adversary mindset
• Continuous learning
• Problem-solving skills
• Communication and collaboration skills
• Relationship building across teams

Set Yourself Apart With

• Security Certifications: CISSP, CCSP, CISA, CISM, ITIL
• GCP certifications: Professional Cloud Architect, Professional Cloud Security Engineer
• Knowledge of standards like ISO, NIST, CSA
• Experience in regulated environments
• Experience with Azure security design
• Development experience in Python, Node
• Desire to learn and contribute

Our hybrid work policy requires employees to be in-office or at client sites at least 3 days/week (4 days for VP+). We trust employees to manage their commute to meet these expectations. We are committed to diversity and equal opportunity employment. We support inclusivity for individuals with disabilities and provide adjustments during recruitment. For adjustments, contact hiringuk@publicissapient.com. Learn more at Diversity & Inclusion.