Threat Modelling Specialist

JD:

The Threat Modeling Specialist is responsible for identifying, analyzing, and mitigating potential security threats to the organization’s systems and applications. 
This role involves developing comprehensive threat models, conducting security assessments, and collaborating with cross-functional teams to enhance the organization’s security posture.

Roles & Responsibilities Strong understanding of threat modeling methodologies (e.g., STRIDE, DREAD, PASTA).

Proficiency in using threat modeling tools (e.g., Microsoft Threat Modeling Tool, Threat Modeler, OWASP Threat Dragon).

In-depth knowledge of common security vulnerabilities (e.g., OWASP Top Ten, CVEs) and attack vectors.

Experience with secure software development practices and principles.

Develop and maintain detailed threat models for various systems, applications, and network architectures.

Identify potential threats, vulnerabilities, and attack vectors that could impact the organization’s assets.

Use structured methodologies and tools to create accurate and comprehensive threat models. Conduct risk assessments to evaluate the likelihood and impact of identified threats.

Develop and recommend risk mitigation strategies and controls to address identified vulnerabilities.

Work with development and operations teams to implement security controls and ensure they are effective.

Perform security assessments, including vulnerability assessments and penetration testing.

Analyze assessment results to identify weaknesses and provide actionable recommendations for improvement.

Ensure that security assessments align with industry standards and best practices.

Collaborate with cross-functional teams, including developers, system administrators, and project managers, to integrate threat modeling into the development lifecycle.

Communicate findings and recommendations to stakeholders in a clear and concise manner. Provide training and guidance to teams on threat modeling practices and security best practices. Document threat models, risk assessments, and security recommendations in detailed reports. Maintain an up-to-date repository of threat modeling artifacts and documentation.

Stay current with the latest security threats, vulnerabilities, and industry trends.

Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or specific threat modeling certifications.