Senior Threat Modeller (Global Security)

Design and implement low-friction, high-value, and scalable threat modelling practices across the organization.,Define and analyze potential threat scenarios to identify security gaps and assess associated risks.,Develop and provide recommendations on threat mitigation or remediation.,Deliver threat models for applications, systems, and architecture patterns.,Perform code and architectural design reviews for internal and external software products.,Conduct and facilitate threat modelling workshops with technical and business stakeholders.,Design, develop, and implement tooling and processes to support threat modeling activities.,Design, develop, and deliver security training and education programs.,Prioritize and track application security issues across the organization.,Lead implementation efforts for security initiatives and resolutions.,Ensure identified issues are appropriately prioritized and addressed in future product releases.,Work with development teams to guarantee timely resolution of issues.,Identify and provide application security recommendations during requirement and design reviews.,Track open issues and follow up with different teams.,Communicate technical information to non-technical audiences and vice-versa in cross-site and cross-functional settings.,Enable application owners and developers to understand threats and appropriately prioritize security issues and mitigations.

Minimum of a B.S. in Computer Science, MIS or related degree.,Expertise in threat modelling methodologies (e.g., STRIDE, DREAD, PASTA, etc.) and modern threat modelling tooling.,Ability to analyze, decompose, and analyze complex application architectures.,Strong understanding of networking and operating systems (Windows, MacOS, Linux, Unix).,Experience working with waterfall, agile, agile variants, and hybrid methodologies of software development.,Understanding of modern, cloud-centric architectures and DevOps principles.,A strong understanding of offensive security tactics, techniques, and procedures.,Certifications in the Cyber Security domain (Nice-to-Have).,Experience with designing and delivering training programs for a technical audience (Nice-to-Have).,Previous Big 4 consulting experience (Nice-to-Have).,Prior experience in banking/financial services industry (Nice-to-Have).,Computer Information Systems Security Professional (CISSP) certification or the ability to obtain within six (6) months (Nice-to-Have).

Bachelor's Degree