Threat Modeler

Role: Threat Modeler

Location: London / Belfast

Start Date: ASAP

End Date: 6 Months

Daily Rate: Competitive Day Rate, Inside IR35

Payroll provider – Rockford

Payroll Info for Contingent Workers – Rockford Pay

Responsibilities

• Threat Modeling using a documented process.
• Development of automation tools as required.
• Maintain a high standard of work in identifying threats and specifying mitigating controls.
• Attending to the lifecycle of identified threats and controls.
• Delivery of threat models and supporting tasks within existing timeframes.
• Provide feedback, support, and improvements to the existing threat modeling process.
• Present work to seniors, the team, and other technical teams.
• Work with little supervision to complete work
• Develop, test, and deploy secure and efficient Python-based applications, adhering to established SDLC processes and quality standards.

Certification Requirements

You’re expected to have an associate level cloud certification (defined further below) from either AWS, GCP or Azure.

You’re expected to have an associate or professional cyber-security (defined further below) certification.

Technical skills

You’re expected to have two to five years of experience in several of the following:

• IT experience minimum of 6 years with minimum of 4 years Cyber-Security/Information Security – must
• Threat Modeling (STRIDE, PASTA, Attack trees, tooling, Att&ck) – must.
• Identifying vulnerabilities using CWE or OWASP.
• Experience working in a cyber-security role - must.
• Security practices pertaining to authentication, authorization, logging/monitoring, encryption, infrastructure security, network/segmentation – must.
• Operating systems and their hardening.
• Development concepts (such as: CICD, Pipelines, SDLC).
• Scripting languages, Infrastructure as Code (Terraform, CloudFormation) – must.
• Cloud Development Kit (CDK), GitOps.
• Operating in a DevOps / agile team structure.
• Jira or other ticketing systems – must.
• Understanding of docker/K8S/serverless/helm.
• Support or perform pen testing.
• Snowflake/MongoDB/Terraform Cloud/GitHub/Databricks.
• Design and review technical architectures – must.
• Strong proficiency in Programming Languages, with a preference for Python (asynchronous programming), and FastAPI (must).
• Unit Testing: Developing and executing unit tests using frameworks like Pytest to ensure code quality (must).
• Ensure all software platforms adhere to the clients security standards and Software Development Life Cycle (SDLC) processes (must).

Essential skills

• Analytical, diligence and attention to detail.
• Eagerness to research using vendor documentation.
• Create and maintain quality documentation.
• Experience of regulated environment.
• Adversary mindset.
• Work with diverse set of people and teams.
• Constant learner of new technologies and methodologies.
• Problem solver.
• Communication and collaboration skills.
• Builder of relationships across cross-functional teams.

Education

Bachelor's degree in computer related field or equivalent work experience.

Associate level cloud certification

• AWS Certified Developer
• AWS Certified Solutions Architect
• AWS Certified SysOps Administrator
• CompTIA Cloud+
• Google Associate Cloud Engineer or other professional GCP certification
• Oracle Cloud Infrastructure Certified Architect Associate
• Oracle Cloud Infrastructure Certified Cloud Operations Associate
• Microsoft Certified: Azure Developer Associate

Associate or professional cyber-security

• ISACA Certified Information Systems Auditor (CISA)
• GIAC Security Essentials (GSEC)
• ISC2 Systems Security Certified Practitioner (SSCP)
• CompTIA CySA+
• Microsoft Certified: Security Operations Analyst Associate;
• Information Protection Administrator Associate