Senior Threat Modeler
Posted 2 days ago by Deloitte
Negotiable
Inside
Undetermined
London Area, United Kingdom
Summary: The Senior Threat Modeler role involves developing and maintaining threat models, automating tools, and supervising team members while ensuring high standards in identifying and mitigating threats. The position requires collaboration with technical teams and the delivery of threat models within established timelines. Candidates must possess extensive experience in cyber-security and threat modeling methodologies, along with relevant cloud and cyber-security certifications. The role is based in London and is classified as inside IR35.
Key Responsibilities:
- Threat Modeling using a documented process.
- Development of automation tools as required.
- Maintain a high standard of work in identifying threats and specifying mitigating controls.
- Attending to the lifecycle of identified threats and controls.
- Delivery of threat models and supporting tasks within existing timeframes.
- Provide feedback, support, and improvements to the existing threat modeling process.
- Present work to seniors, the team, and other technical teams.
- Train newer members of the team.
- Supervise junior members of the team.
- Run parts of the threat model service.
- Work with little supervision to complete work.
- Develop, test, and deploy secure and efficient Python-based applications, adhering to established SDLC processes and quality standards.
Key Skills:
- Professional level cloud certification from AWS, GCP, or Azure.
- Vendor's cloud security certification from AWS, GCP, or Azure.
- Professional cyber-security certification.
- Five or more years of experience in IT, with a minimum of 10 years overall experience and at least 4 years in Cyber-Security/Information Security.
- Experience in Threat Modeling (STRIDE, PASTA, Attack trees, tooling, Att&ck).
- Identifying vulnerabilities using CWE or OWASP.
- Experience working in a cyber-security role.
- Security practices pertaining to authentication, authorization, logging/monitoring, encryption, infrastructure security, network/segmentation.
- Operating systems and their hardening.
- Development concepts (CICD, Pipelines, SDLC).
- Scripting languages, Infrastructure as Code (Terraform, CloudFormation).
- Cloud Development Kit (CDK), GitOps.
- Operating in a DevOps/agile team structure.
- Understanding of docker/K8S/serverless/helm.
- Support or perform penetration testing.
- Strong proficiency in Programming Languages, preferably Python (asynchronous programming) and FastAPI.
- Unit Testing: Developing and executing unit tests using frameworks like Pytest.
- Analytical, diligence, and attention to detail.
- Experience in regulated environments.
- Communication and collaboration skills.
- Bachelor's degree in a computer-related field or equivalent work experience.
Salary (Rate): undetermined
City: London
Country: United Kingdom
Working Arrangements: undetermined
IR35 Status: inside IR35
Seniority Level: undetermined
Industry: IT
Role: Senior Threat Modeler
Location: London / Belfast
Start Date: ASAP
End Date: 6 Months
Daily Rate: Competitive Day Rate, Inside IR35
Payroll provider – Rockford
Payroll Info for Contingent Workers – Rockford
Responsibilities
- Threat Modeling using a documented process.
- Development of automation tools as required.
- Maintain a high standard of work in identifying threats and specifying mitigating controls.
- Attending to the lifecycle of identified threats and controls.
- Delivery of threat models and supporting tasks within existing timeframes.
- Provide feedback, support, and improvements to the existing threat modeling process.
- Present work to seniors, the team, and other technical teams.
- Train newer members of the team
- Supervise junior members of the team
- Run parts of our threat model service
- Work with little supervision to complete work
- Develop, test, and deploy secure and efficient Python-based applications, adhering to established SDLC processes and quality standards.
Certification Requirements
You’re expected to have a professional level cloud certification (defined further below) from either AWS, GCP or Azure.
You’re expected to have a vendor's cloud security certification (defined further below) from either AWS, GCP or Azure.
You’re expected to have a professional cyber-security certification (defined further below).
Technical skills
You’re expected to have five or more years of experience in several of the following:
- IT experience minimum of 10 years with minimum of 4 years Cyber-Security/Information Security – must
- Threat Modeling (STRIDE, PASTA, Attack trees, tooling, Att&ck) – must.
- Identifying vulnerabilities using CWE or OWASP.
- Experience working in a cyber-security role - must.
- Security practices pertaining to authentication, authorization, logging/monitoring, encryption, infrastructure security, network/segmentation – must.
- Operating systems and their hardening.
- Development concepts (such as: CICD, Pipelines, SDLC) – must.
- Scripting languages, Infrastructure as Code (Terraform, CloudFormation) – must.
- Cloud Development Kit (CDK), GitOps.
- Operating in a DevOps / agile team structure.
- Jira or other ticketing systems.
- Understanding of docker/K8S/serverless/helm – must.
- Support or perform pen testing.
- Snowflake/MongoDB/Terraform Cloud/GitHub/Databricks.
- Design and review technical architectures.
- Strong proficiency in Programming Languages, with a preference for Python (asynchronous programming), and FastAPI (must).
- Unit Testing: Developing and executing unit tests using frameworks like Pytest to ensure code quality (must).
- Ensure all software platforms adhere to the client’s security standards and Software Development Life Cycle (SDLC) processes (must).
Essential skills
- Analytical, diligence and attention to detail.
- Eagerness to research using vendor documentation.
- Create and maintain quality documentation.
- Experience of regulated environment.
- Adversary mindset.
- Work with diverse set of people and teams.
- Constant learner of new technologies and methodologies.
- Problem solver.
- Communication and collaboration skills.
- Builder of relationships across cross-functional teams.
Education
Bachelor's degree in computer related field or equivalent work experience.
Professional level cloud certification
- AWS Certified Solutions Architect, AWS Certified DevOps Engineer
- Google Cloud Architect, Cloud Developer, Data Engineer, Network Engineer, and more
- Oracle Cloud Infrastructure Certified Architect Professional, Oracle Cloud Infrastructure HPC and Big Data Solutions Associate
- Microsoft Certified: Azure Solutions Architect Expert
Cloud security certification
- Google Professional Cloud Security Engineer
- Microsoft Certified Azure Security Engineer Associate
- AWS Certified Security - Specialty
Professional cyber-security certification
- ISACA Certified Information Security Manager (CISM)
- GIAC Certified Enterprise Defender (GCED), GIAC Certified Intrusion Analyst (GCIA), GIAC Open Source Intelligence (GOSI)
- ISC2 Certified Information Systems Security Professional (CISSP)
- CompTIA CASP+, CompTIA PenTest+
- Microsoft Certified: Identity and Access Administrator Associate