Description
You will own the threat modeling and risk assessment lifecycle for systems, applications, and network architectures. You identify, analyze, and mitigate security threats while integrating secure practices into the software development lifecycle.
Responsibilities
- Develop and maintain detailed threat models using structured methodologies like STRIDE, DREAD, or PASTA.
- Conduct risk assessments to evaluate the likelihood and impact of identified threats and attack vectors.
- Recommend and implement risk mitigation strategies and security controls in collaboration with development and operations teams.
- Perform security assessments, including vulnerability assessments and penetration testing, to identify system weaknesses.
- Document threat models, risk assessments, and security recommendations in detailed reports for stakeholders.
Required Skills
- 5+ years of experience in security threat modeling and risk assessment.
- Proficiency with Microsoft Threat Modeling Tool, Threat Modeler, or OWASP Threat Dragon.
- Deep understanding of threat modeling methodologies such as STRIDE, DREAD, and PASTA.
- In-depth knowledge of OWASP Top Ten, CVEs, and common attack vectors.
- Experience applying secure software development practices and principles.
- Ability to perform vulnerability assessments and penetration testing.
- Strong communication skills to provide training and guidance on security best practices.
Preferred Skills
- CISSP, CEH, or specific threat modeling certifications.