Thread Modeling Consultant - Toronto, Canada - Aforce solutions

Description

• Provide security advisory services to technology and business teams.
• Perform security assessments for technical solution designs.
• Identify threat scenarios and evaluate risk rating based on a thorough review of the solution design by working closely with SMEs.
• Track and remediate design flaws identified by the Threat Model process.
• Ensure onboarding of appropriate security services by the project; e.g. Automated security scanning, MFA, SIEM onboarding etc.
• Manage design security flaws tracking and escalate outstanding risks as required.
• Manage security risks for assigned portfolio to ensure that action/mitigation plans are defined and actioned intime.
• Support Threat modeling and solution design security process improvements.

• A college diploma or university degree is required. Higher accreditation (e.g. Bachelor of Computer Science) is preferred.
• At least five (5) years of information security and information risk experience.
• Experience in performing Threat modeling is required.
• Experience and deep understanding of hybrid cloud technologies is required.
• Experience in performing IT security risk assessments is required.
• Experience in developing risk mitigation recommendations is required.
• Experience and ability to document security architecture views and threat modeling analysis (i.e. attack trees, sequence flow diagrams, Data Flow Diagrams etc.) for various technology designs.
• Understanding and experience in Application Security frameworks is required e.g. OWASP.
• Understanding of CI/CD pipeline and approaches to automate security testing is an asset
• Understanding of API security is an asset.
• The following certifications are preferred: CCSP, SABSA, CCSK, CISM, CISSP, or CRISC.
• Understanding and experience with TOGAF, OWASP, SAMM, MITRE ATT&CK, BSIMM, NIST, ISO 27K series is an asset.
• Experience working in a banking or financial services environment is an asset.

• The Senior Threat Modeling Analyst works under the direct management of the Manager, Threat Modeling.
• The incumbent is expected to provide technical leadership and guidance to colleagues within the department.
• The incumbent is accountable for formulating, developing and drafting security guidelines, and other relevant documents while liaising with the concerned stakeholders to ensure that the Information Security concerns are amicably addressed and their buyin is obtained.
• The incumbent is accountable for the managing of security risk throughout the lifecycle, right from identifying the security risk to explaining it to the relevant stakeholders and getting their buyin in remediating to tracking the closure of the weaknesses/risks to the organization.
• The incumbent is accountable for ensuring regulatory and Corporate Cyber Security policy compliance for initiatives, projects, or designs that they assess.
• The incumbent is responsible for triggering security services onboarding for the respective security teams e.g. SIEM onboarding by the Cyber Defense center, or SSO/MFA by the IAM team.
• The incumbent is responsible for tracking, monitoring, and reporting on status of design flaw findings and ensuring accurate data is maintained in the design flaw database.
• This position is required to work with internal and external audit and compliance related teams and partners on an as needed basis.
• The incumbent is accountable for ensuring that the information security controls identified and agreed for implementation have been properly implemented/embedded within the Information technology systems and operations. Nonimplementation may result in the organization being exposed to cyber threats.

• 8 hour shift