Threat Modeler

Deloitte

London Area, United Kingdom

Description

Role: Threat Modeler

Location: London / Belfast

Start Date: ASAP

End Date: 6 Months

Daily Rate: Competitive Day Rate, Inside IR35

Payroll provider – Rockford Payroll Info for Contingent Workers – Rockford Pay

Responsibilities

  • Threat Modeling using a documented process.
  • Development of automation tools as required.
  • Maintain a high standard of work in identifying threats and specifying mitigating controls.
  • Attending to the lifecycle of identified threats and controls.
  • Delivery of threat models and supporting tasks within existing timeframes.
  • Provide feedback, support, and improvements to the existing threat modeling process.
  • Present work to seniors, the team, and other technical teams.
  • Work with little supervision to complete work
  • Develop, test, and deploy secure and efficient Python-based applications, adhering to established SDLC processes and quality standards.

Certification Requirements

  • You’re expected to have an associate level cloud certification (defined further below) from either AWS, GCP or Azure.
  • You’re expected to have an associate or professional cyber-security (defined further below) certification.

Technical skills

You’re expected to have two to five years of experience in several of the following:

  • IT experience minimum of 6 years with minimum of 4 years Cyber-Security/Information Security – must
  • Threat Modeling (STRIDE, PASTA, Attack trees, tooling, Att&ck) – must.
  • Identifying vulnerabilities using CWE or OWASP.
  • Experience working in a cyber-security role - must.
  • Security practices pertaining to authentication, authorization, logging/monitoring, encryption, infrastructure security, network/segmentation – must.
  • Operating systems and their hardening.
  • Development concepts (such as: CICD, Pipelines, SDLC).
  • Scripting languages, Infrastructure as Code (Terraform, CloudFormation) – must.
  • Cloud Development Kit (CDK), GitOps.
  • Operating in a DevOps / agile team structure.
  • Jira or other ticketing systems – must.
  • Understanding of docker/K8S/serverless/helm.
  • Support or perform pen testing.
  • Snowflake/MongoDB/Terraform Cloud/GitHub/Databricks.
  • Design and review technical architectures – must.
  • Strong proficiency in Programming Languages, with a preference for Python (asynchronous programming), and FastAPI (must).
  • Unit Testing: Developing and executing unit tests using frameworks like Pytest to ensure code quality (must).
  • Ensure all software platforms adhere to the clients security standards and Software Development Life Cycle (SDLC) processes (must).

Essential skills

  • Analytical, diligence and attention to detail.
  • Eagerness to research using vendor documentation.
  • Create and maintain quality documentation.
  • Experience of regulated environment.
  • Adversary mindset.
  • Work with diverse set of people and teams.
  • Constant learner of new technologies and methodologies.
  • Problem solver.
  • Communication and collaboration skills.
  • Builder of relationships across cross-functional teams.

Education

  • Bachelor's degree in computer related field or equivalent work experience.

Associate level cloud certification

  • AWS Certified Developer, AWS Certified Solutions Architect, AWS Certified SysOps Administrator
  • CompTIA Cloud+
  • Google Associate Cloud Engineer or other professional GCP certification
  • Oracle Cloud Infrastructure Certified Architect Associate, Oracle Cloud Infrastructure Certified Cloud Operations Associate
  • Microsoft Certified: Azure Developer Associate

Associate or professional cyber-security

  • ISACA Certified Information Systems Auditor (CISA)
  • GIAC Security Essentials (GSEC)
  • ISC2 Systems Security Certified Practitioner (SSCP)
  • CompTIA CySA+
  • Microsoft Certified: Security Operations Analyst Associate; Information Protection Administrator Associate