InfoSec

Threat Modeler

Rate - $80-85/hr. on C2C Location - Remote

Responsibilities:

• Develop training material for how to engage the Threat Management service, make use of technologies, and interpret findings.

• Drive beneficial security change into the business through supporting Developers with creation of threat models for their applications and remediation of potential threats, balancing risk against business need.

• Support the Security Architecture team to develop and mature an Application Threat Modeling Program by defining processes, procedures, controls, KRI's/KPI's, etc., that identify threats early in the development process reducing risks prior to deployment.

• Work with the InfoSec functional teams in the development of the Information Security strategy and roadmap, including and with focus on Threat Modeling; liaison and consult with Enterprise Architecture, IT and the business for ongoing input and awareness

• Advise and Contribute to Strategy and Roadmaps

Qualifications:

• 5-7 years related experience in Cyber Security, Insider Threat, Intelligence Community, Federal Law Enforcement, or a related field

• Strong understanding of access controls and authentication mechanisms, PKI, and cryptography

• Demonstrated experience developing technical threat models

• Demonstrated experience performing security code reviews and explaining results to project teams

• Strong understanding of protocols, networking, firewalls, caching, VIPs, proxies, web applications, and database systems

• Experience with AWS

• Knowledge of several of the following programming languages; Java, C#, Python, C++, Node.JS, JavaScript

• Knowledge in one or several of the following Frontend frameworks; React, Angular, Ember, Vue

• Minimum of 2 years' experience working as an Information Security Threat Modeling subject matter expert at a senior level

• Minimum of 2 years' experience working as an Information Security Professional, preferably within the architecture or engineering disciplines

Desirable:

• Able to provide references to CVEs filled, Bug Bounty Username, or GitHub repositories

• One or more security-related certifications associated with AWS, GCP, or Azure

• CISSP (+ ISSAP), CCSP, CEH, OSCP, CSSLP

Keys to Success in this Role:

• Strong written and verbal communication skills

• Able to mentor and guide team members

• Self-starter, candidate must be able to anticipate tasks and take action

• Excellent presentation, program management and relationship management skills

Required Skills:

• Access Governance IAM
• Access Management IAM
• App security threat Assessment
• Application Security Testing
• Archer
• BCP-DR GRC
• BSM Architecture GRC
• Big Data Security Analytics
• Checkpoint_ESS
• Content Mgmt:Siteminder
• Curion IAM
• DLP Management
• Domain Architect GRC
• Endpoint Protection Service:IG
• Enterprise Single Signon IAM
• F5
• Firewall Management
• Forensic Analysis
• IAM Design and Architecture
• IAM Operation and Service Mgmt
• IDS/IPS Management
• Identity Management IAM
• Information Security GRC
• Infosec_IGRC:IT Governance GRC
• MS AD Federation IAM
• Managed Authentication Service
• Oracle Access Manager IAM
• Oracle Identity Manager IAM
• Platform Architect GRC
• Privileged Access Mgmt IAM
• Quest Password Manager IAM
• Sec Analytics and Intelligence
• Secure Data Migration
• Security Architect GRC
• Security Architect SME
• Security Operation Centre
• Security Ops Mgmt
• Security Product Manager SM
• Security design and Arch GRC
• Service Mgmt Architect GRC
• Solution Architect GRC
• Tech Audit and Assessment GRC
• Technical Project Mgmt IAM
• Tivoli Access Manager IAM
• Tivoli Identity Mgr IAM
• Web App Firewall Management
• Web Malware Protection
• Wireless Sec Assessment GRC