Threat Modeler

Covetus

Irving

Description

Job Title: Threat Modeler

Location: Irving, TX/Jersey City, NJ/Tampa, FL

Employment type: Type: Full Time Onsite

(Note: We are considering full Time only, please do not apply those candidates who are seeking jobs for C2C and C2H roles)

Job Description:

Must Have Technical/Functional Skills

• IT experience minimum of 6 years with minimum of 4 years Cyber-Security/Information Security – must

• Threat Modeling (STRIDE, PASTA, Attack trees, tooling, Att&ck) – must.

• Identifying vulnerabilities using CWE or OWASP.

• Experience working in a cyber-security role - must.

• Security practices pertaining to authentication, authorization, logging/monitoring, encryption, infrastructure security,

network/segmentation – must.

• Operating systems and their hardening.

• Development concepts (such as: CICD, Pipelines, SDLC).

• Scripting languages, Infrastructure as Code (Terraform, CloudFormation) – must.

• Cloud Development Kit (CDK), GitOps.

• Operating in a DevOps / agile team structure.

• Jira or other ticketing systems – must.

• Understanding of docker/K8S/serverless/helm.

• Support or perform pen testing.

• Snowflake/MongoDB/Terraform Cloud/GitHub/Databricks.

• Design and review technical architectures – must.

Roles & Responsibilities:

• Threat Modeling using a documented process.

• Development of automation tools as required.

• Maintain a high standard of work in identifying threats and specifying mitigating controls.

• Attending to the lifecycle of identified threats and controls.

• Delivery of threat models and supporting tasks within existing timeframes.

• Provide feedback, support, and improvements to the existing threat modeling process.

• Present work to seniors, the team, and other technical teams.

• Work with little supervision to complete work

Bachelor's degree in computer related field or equivalent work experience.

Associate level cloud certification:

•AWS Certified Developer, AWS Certified Solutions Architect, AWS Certified SysOps Administrator

•CompTIA Cloud+

•Google Associate Cloud Engineer or other professional GCP certification

•Oracle Cloud Infrastructure Certified Architect Associate, Oracle Cloud Infrastructure Certified Cloud Operations Associate

•Microsoft Certified: Azure Developer Associate

Associate or professional cyber-security:

•ISACA Certified Information Systems Auditor (CISA)

•GIAC Security Essentials (GSEC)

•ISC2 Systems Security Certified Practitioner (SSCP)

•CompTIA CySA+

•Microsoft Certified: Security Operations Analyst Associate; Information Protection Administrator A ssociate