Threat Modeling Engineer- GCP (Hybrid, NYC/Dallas)
$140,000 - $185,000/Yr
Sapient Razorfish - New York, NY
posted 12 days ago
Full-time - Senior
New York, NY
10,001+ employees
About the position
The Senior Engineer - Threat Modeling role focuses on Security Architecture and Threat Modeling within a cross-functional team dedicated to delivering digital business transformation solutions. The position involves conducting security reviews for public cloud services, managing the lifecycle of identified threats, and collaborating with various teams to enhance security measures and processes.
Responsibilities
- Conduct thorough threat modeling exercises utilizing established methodologies and frameworks.
- Maintain a rigorous standard of excellence in identifying potential threats and specifying effective mitigation controls.
- Manage the lifecycle of identified threats and associated controls, ensuring timely updates and adjustments as necessary.
- Deliver comprehensive threat models and related tasks within specified timeframes.
- Offer constructive feedback, support, and suggestions for enhancing the existing threat modeling process.
- Present findings and progress updates to senior leadership, team members, and relevant technical stakeholders.
Requirements
- 8+ years of experience in a range of technologies and processes including proficiency in GCP.
- Strong knowledge of security architecture principles, frameworks, and best practices.
- Experience working with threat modeling methodologies such as MITRE ATT&CK, STRIDE, PASTA.
- 5+ years of overall experience in Cybersecurity.
- Knowledge of security practices encompassing authentication, authorization, logging/monitoring, encryption, infrastructure security, and network/segmentation.
- Knowledge of cloud security frameworks and Rest API.
- Familiarity with Jira or other ticketing systems.
- Technical architecture design and review skills.
- Ability to identify vulnerabilities using CWE or OWASP.
- Knowledge of operating systems and their hardening techniques.
- Understanding of development concepts such as CICD, Pipelines, and SDLC.
- Penetration testing knowledge is also super useful.
- Familiarity with Cloud Development Kit (CDK) and GitOps.
- Experience operating in a DevOps/agile team environment.
- Understanding of docker, Kubernetes, serverless architecture, and Helm.
- Exposure to platforms like Snowflake, MongoDB, Terraform Cloud, GitHub, and Databricks.
- Strong analytical skills, diligence, and attention to detail.
- Willingness to conduct research using vendor documentation.
- Capability to create and maintain high-quality documentation.
- Possession of an adversary mindset.
- Continuous learning attitude towards new technologies and methodologies.
- Strong problem-solving skills.
- Excellent communication and collaboration abilities.
Nice-to-haves
- Professional Security Certifications: CISSP, CCSP, CISA, CISM, ITIL.
- Relevant GCP certifications: GCP Professional Cloud Architect, GCP Professional Cloud Security Engineer.
- Strong knowledge of industry standards related to Cloud and Application security management including ISO, NIST, and Cloud Security Alliance (CSA).
- Experience working in regulated environments.
- Exposure to agile development, DevOps, SecOps and scrum teams.
- Hands-on experience with cloud security designs on Azure.
- Development experience (python, Node).
- Strong desire to learn and contribute solutions and ideas to the broader team.
Benefits
- Flexible vacation policy; time is not limited, allocated, or accrued.
- 16 paid holidays throughout the year.
- Generous parental leave and new parent transition program.
- Tuition reimbursement.
- Corporate gift matching program.
