We are searching for a Lead Threat Modeling Architect in the Security Center of Excellence for PC and Smart Devices business (PCSD). This is an exciting role where you will be leading the Threat Modeling team that supports our global development teams. You will be working alongside some of the best security teams in the industry.
Leads threat modeling training, workshops, and collaborative sessions for a wide array of products and services.
Partner with multiple international development teams across business units gaining in-depth knowledge of many products in order to design threat models and security architecture solutions for them in order to reduce the attack surface and lower the risk profiles of our products.
Lead training for global development teams related to threat modeling techniques and our threat modeling tools so that they become partners with the security organization to create, review and maintain threat models for products.
Champion threat modeling practices within the development teams, promoting best industry practices.
Develop meaningful metrics for threat modeling and use them to track improvements made to the cybersecurity posture of our product lines.
Remain current in the latest security technologies, methodologies, and best practices, especially as it relates to threat modeling.
Bachelor’s degree or higher in cyber security or related discipline.
3+ years of experience creating, maintaining, and reviewing threat models for application development teams, leading threat modeling activities.
3+ years’ experience in Security Architecture assessments of all types
3+ years’ experience with threat modeling practices, tools, and techniques.
7+ years of experience creating, maintaining, and reviewing threat models for application development teams, leading threat modeling activities.
In-depth knowledge of security concepts and design techniques relating to cloud/web application, IOT, client and mobile applications.
Proficiency in software development practices, release planning, and quality assurance.
Proficient in STRIDE analysis method.
Expert-level skills with the Threat Modeler Tool.
Practical experience in Secure Development Lifecycle, DevSecOps.
Familiarity with security and privacy frameworks, standards and regulations like GDPR, CCPA, CSA STAR, ISO 27000 series, NIST, etc.
Strong learning ability, strong self-drive, good adaptability and passion for security.
Strong communication skills in English
Multiple Industry security certifications such as CISSP, CCSLP, SANS-GGWEB (or other SANS certs) desired.