Seeking multiple Cyber Security/Threat Modeling Engineers to my client on their dynamic, cross-functional team dedicated to delivering cutting-edge digital business transformation solutions for our clients. This is an individual contributor position with a strong focus on Security Architecture and Threat Modeling.
Salary: Senior Level: 140-160K Manager Level: 160-180K
Location: Hybrid role in Rutherford, NJ
Your Impact:- Lead and execute in-depth threat modeling exercises by leveraging established methodologies, frameworks, and industry best practices to identify vulnerabilities.
- Uphold a high standard of excellence and precision in recognizing potential threats and articulating effective, tailored mitigation strategies.
- Take ownership of the threat lifecycle management, ensuring threats and associated mitigation controls are continuously monitored, updated, and refined based on evolving risks and business needs.
- Deliver high-quality, comprehensive threat models and associated deliverables within established timelines, ensuring that the overall security posture is continuously strengthened.
- Provide actionable feedback, insights, and suggestions to refine and enhance the threat modeling process and overall security strategy, contributing to the team's continuous improvement.
- Regularly present findings, progress, and strategic recommendations to senior leadership, technical teams, and stakeholders, ensuring alignment with business objectives and security goals.
Qualifications: We are seeking a highly skilled and experienced professional with over 8 years of expertise in various technologies and processes, including:
- Proficiency in Google Cloud Platform (GCP) - a critical skill for this role.
- Extensive knowledge of security architecture principles, industry frameworks, and best practices for designing resilient and secure systems.
- Hands-on experience with advanced threat modeling methodologies, including MITRE ATT&CK, STRIDE, PASTA, and others, ensuring a holistic approach to threat identification and mitigation.
- 5+ years in Cybersecurity with an emphasis on building robust security architectures and threat management processes.
- Solid understanding of security practices, including authentication, authorization, encryption, logging/monitoring, network segmentation, and infrastructure security.
- Expertise in REST API security and their integration within secure architectures.
- Familiarity with scripting languages and Infrastructure as Code tools such as Terraform and CloudFormation, ensuring efficient and secure infrastructure management.
- Proficiency in Jira or other ticketing systems - a must-have for managing workflows and tracking security tasks.
- Strong technical architecture design and review skills, ensuring the alignment of security initiatives with system and application designs.
- Ability to identify vulnerabilities using established security databases and frameworks such as CWE or OWASP, and develop strategies to remediate them.
- Deep knowledge of operating systems, including advanced hardening techniques to bolster overall security resilience.
- Understanding of modern software development concepts such as CICD, Pipelines, and SDLC, ensuring security is seamlessly integrated into development processes.
- Practical experience with penetration testing, identifying security gaps and vulnerabilities in systems and applications.
- Familiarity with Cloud Development Kit (CDK) and GitOps methodologies, enabling efficient cloud-native development and deployment practices.
- Experience working within DevOps and agile teams, ensuring that security is integrated throughout the lifecycle of development and operations.
- Proficiency with Docker, Kubernetes, serverless architecture, and Helm, ensuring secure containerization and orchestration practices in cloud environments.
- Exposure to platforms like Snowflake, MongoDB, GitHub, Databricks, and others, adding depth to cloud-based security strategies.
- Excellent analytical and problem-solving skills, demonstrating a keen eye for detail in identifying and addressing complex security issues.
Set Yourself Apart With:- Professional Security Certifications such as CISSP, CCSP, CISA, CISM, or ITIL to demonstrate your expertise in the field.
- GCP Certifications such as GCP Professional Cloud Architect or GCP Professional Cloud Security Engineer are highly desirable, showcasing advanced cloud security knowledge.
- A solid understanding of industry security standards, including ISO, NIST, and Cloud Security Alliance (CSA) frameworks, to ensure compliance and best practices.
- Hands-on experience with cloud security designs and implementations specifically within the GCP ecosystem.