Senior Threat Modeler

Deloitte

London

Role: Senior Threat Modeler

Location: London / Belfast

Start Date: ASAP

End Date: 6 Months

Daily Rate: Competitive Day Rate, Inside IR35

Payroll provider – Rockford Payroll Info for Contingent Workers – Rockford Pay

Responsibilities

Threat Modeling using a documented process.
Development of automation tools as required.
Maintain a high standard of work in identifying threats and specifying mitigating controls.
Attending to the lifecycle of identified threats and controls.
Delivery of threat models and supporting tasks within existing timeframes.
Provide feedback, support, and improvements to the existing threat modeling process.
Present work to seniors, the team, and other technical teams.
Train newer members of the team
Supervise junior members of the team
Run parts of our threat model service
Work with little supervision to complete work
Develop, test, and deploy secure and efficient Python-based applications, adhering to established SDLC processes and quality standards.

Certification Requirements

You’re expected to have a professional level cloud certification (defined further below) from either AWS, GCP or Azure.
You’re expected to have a vendors cloud security certification (defined further below) from either AWS, GCP or Azure.
You’re expected to have a professional cyber-security certification (defined further below).

Technical skills

You’re expected to have five or more years of experience in several of the following:
IT experience minimum of 10 years with minimum of 4 years Cyber-Security/Information Security – must
Threat Modeling (STRIDE, PASTA, Attack trees, tooling, Att&ck) – must.
Identifying vulnerabilities using CWE or OWASP.
Experience working in a cyber-security role - must.
Security practices pertaining to authentication, authorization, logging/monitoring, encryption, infrastructure security, network/segmentation – must .
Operating systems and their hardening.
Development concepts (such as: CICD, Pipelines, SDLC) – must.
Scripting languages, Infrastructure as Code (Terraform, CloudFormation) – must.
Cloud Development Kit (CDK), GitOps.
Operating in a DevOps / agile team structure.
Jira or other ticketing systems.
Understanding of docker/K8S/serverless/helm – must .
Support or perform pen testing.
Snowflake/MongoDB/Terraform Cloud/GitHub/Databricks.
Design and review technical architectures.
Strong proficiency in Programming Languages, with a preference for Python (asynchronous programming), and FastAPI (must).
Unit Testing: Developing and executing unit tests using frameworks like Pytest to ensure code quality (must).
Ensure all software platforms adhere to the client’s security standards and Software Development Life Cycle (SDLC) processes (must).

Essential Skills

Education

Professional level cloud certification

AWS Certified Solutions Architect, AWS Certified DevOps Engineer
Google Cloud Architect, Cloud Developer, Data Engineer, Network Engineer, and more
Oracle Cloud Infrastructure Certified Architect Professional, Oracle Cloud Infrastructure HPC and Big Data Solutions Associate
Microsoft Certified: Azure Solutions Architect Expert

Cloud security certification

Professional cyber-security certification

ISACA Certified Information Security Manager (CISM)
GIAC Certified Enterprise Defender (GCED), GIAC Certified Intrusion Analyst (GCIA), GIAC Open Source Intelligence (GOSI)
ISC2 Certified Information Systems Security Professional (CISSP)
CompTIA CASP+, CompTIA PenTest+
Microsoft Certified: Identity and Access Administrator Associate