Threat Modelling Engineer - GCP

Company description

Publicis Sapient is a digital transformation partner helping established organisations get to their future, digitally-enabled state, both in the way they work and the way they serve their customers. We help unlock value through a start-up mindset and modern methods, fusing strategy, consulting and customer experience with agile engineering and problem-solving creativity. United by our core values and our purpose of helping people thrive in the brave pursuit of next, our 20,000+ people in 53 offices around the world combine experience across technology, data sciences, consulting and customer obsession to accelerate our clients' businesses through designing the products and services their customers truly value.

Overview

As a Senior Engineer - Threat Modelling you will be a part of a smart cross-functional team delivering digital business transformation solutions to our clients. This position entails an individual contributor role focused on Security Architecture and Threat Modelling, encompassing governance, evaluation of public cloud services, and conducting security reviews for Public Cloud Providers. Collaboration and partnership with Engineering, Information Security, Program Management, and Development teams are essential. The candidate will conduct technical architecture reviews to pinpoint security opportunities, identify exploitable threats, and propose mitigation strategies.

Your Impact

1. Conduct thorough threat modeling exercises utilizing established methodologies and frameworks.
2. Maintain a rigorous standard of excellence in identifying potential threats and specifying effective mitigation controls.
3. Manage the lifecycle of identified threats and associated controls, ensuring timely updates and adjustments as necessary.
4. Deliver comprehensive threat models and related tasks within specified timeframes.
5. Offer constructive feedback, support, and suggestions for enhancing the existing threat modeling process.
6. Present findings and progress updates to senior leadership, team members, and relevant technical stakeholders.

Qualifications

Your Skills & Experience We are seeking an individual with experience in a range of technologies and processes including:

1. Proficiency in GCP - essential
2. Strong knowledge of security architecture principles, frameworks, and best practices
3. Experience working with threat modeling methodologies such as MITRE ATT&CK, STRIDE, PASTA etc.
4. Overall experience in Cybersecurity: 5+ years
5. Security practices encompassing authentication, authorization, logging/monitoring, encryption, infrastructure security, and network/segmentation
6. Knowledge of cloud security frameworks
7. Knowledge of Rest API
8. Knowledge in scripting languages and Infrastructure as Code (Terraform, CloudFormation)
9. Familiarity with Jira or other ticketing systems - essential
10. Technical architecture design and review skills - essential
11. Ability to identify vulnerabilities using CWE or OWASP
12. Knowledge of operating systems and their hardening techniques
13. Understanding of development concepts such as CICD, Pipelines, and SDLC
14. Penetration testing knowledge is also super useful
15. Familiarity with Cloud Development Kit (CDK) and GitOps
16. Experience operating in a DevOps/agile team environment
17. Understanding of docker, Kubernetes, serverless architecture, and Helm
18. Exposure to platforms like Snowflake, MongoDB, Terraform Cloud, GitHub, and Databricks
19. Strong analytical skills, diligence, and attention to detail
20. Willingness to conduct research using vendor documentation
21. Capability to create and maintain high-quality documentation
22. Possession of an adversary mindset
23. Continuous learning attitude towards new technologies and methodologies
24. Strong problem-solving skills
25. Excellent communication and collaboration abilities
26. Ability to build and nurture relationships across cross-functional teams

Set Yourself Apart With

1. Professional Security Certifications: CISSP, CCSP, CISA, CISM, ITIL
2. Relevant GCP certifications are highly desirable: GCP Professional Cloud Architect, GCP Professional Cloud Security Engineer.
3. Strong knowledge of industry standards as they relate to Cloud and Application security management to include ISO, NIST, and Cloud Security Alliance (CSA)
4. Experience working in regulated environments
5. Exposure to agile development, DevOps, SecOps and scrum teams
6. Hands-on experience with cloud security designs on Azure
7. Development experience (Python, Node)
8. Strong desire to learn and contribute solutions and ideas to broader team