Threat Modelling Engineer - GCP - Omiz Staffing Solutions (OSS) : Job Details

Job Title: Threat Modelling Engineer - GCP (Senior Associate, Technology)

Location: Dallas TX / New York City, NY Hybrid/ New Jersey/ Boston, Chicago, Arlington, Atlanta, Miami (3 days Onsite in a week, 2 days remote)

Secondary Focus: Boston, Chicago, Arlington, Atlanta

Salary: $160K

Duration: Fulltime

Job Description

• As a Senior Engineer - Threat Modelling you will be a part of a smart cross-functional team delivering digital business transformation solutions to our clients.
• This position entails an individual contributor role focused on Security Architecture and Threat Modelling, encompassing governance, evaluation of public cloud services, and conducting security reviews for Public Cloud Providers.
• Collaboration and partnership with Engineering, Information Security, Program Management, and Development teams are essential.
• The candidate will conduct technical architecture reviews to pinpoint security opportunities, identify exploitable threats, and propose mitigation strategies.

Your Impact

• Conduct thorough threat modeling exercises utilizing established methodologies and frameworks
• Maintain a rigorous standard of excellence in identifying potential threats and specifying effective mitigation controls.
• Manage the lifecycle of identified threats and associated controls, ensuring timely updates and adjustments as necessary.
• Deliver comprehensive threat models and related tasks within specified timeframes.
• Offer constructive feedback, support, and suggestions for enhancing the existing threat modeling process.
• Present findings and progress updates to senior leadership, team members, and relevant technical stakeholders.

Qualifications

• We are seeking an ideal candidate with 8+ years of experience in a range of technologies and processes including:
• Proficiency in GCP - essential
• Strong knowledge of security architecture principles, frameworks, and best practices
• Experience working with threat modeling methodologies such as MITRE ATT&CK, STRIDE, PASTA etc.
• Overall experience in Cybersecurity: 5+ years
• Security practices encompassing authentication, authorization, logging/monitoring, encryption, infrastructure security, and network/segmentation
• Knowledge of cloud security frameworks
• knowledge of Rest API
• Knowledge in scripting languages and Infrastructure as Code (Terraform, CloudFormation)
• Familiarity with Jira or other ticketing systems – essential
• Technical architecture design and review skills – essential
• Ability to identify vulnerabilities using CWE or OWASP
• Knowledge of operating systems and their hardening techniques
• Understanding of development concepts such as CICD, Pipelines, and SDLC
• Penetration testing knowledge is also super useful
• Familiarity with Cloud Development Kit (CDK) and GitOps
• Experience operating in a DevOps/agile team environment
• Understanding of docker, Kubernetes, serverless architecture, and Helm
• Exposure to platforms like Snowflake, MongoDB, Terraform Cloud, GitHub, and Databricks
• Strong analytical skills, diligence, and attention to detail
• Willingness to conduct research using vendor documentation
• Capability to create and maintain high-quality documentation
• Possession of an adversary mindset
• Continuous learning attitude towards new technologies and methodologies
• Strong problem-solving skills
• Excellent communication and collaboration abilities
• Ability to build and nurture relationships across cross-functional teams

Set Yourself Apart With

• Professional Security Certifications: CISSP, CCSP, CISA, CISM, ITIL
• Relevant GCP certifications are highly desirable: GCP Professional Cloud Architect, GCP Professional Cloud Security Engineer.
• Strong knowledge of industry standards as they relate to Cloud and Application security management to include ISO, NIST, and Cloud Security Alliance (CSA)
• Experience working in regulated environments
• Exposure to agile development, DevOps, SecOps and scrum teams
• Hands-on-experience with cloud security designs on Azure
• Development experience (python, Node)
• Strong desire to learn and contribute solutions and ideas to broader team.