| Application Threat Modeling Engineer : onsite Pheonix : 60 per HR at Remote, Remote, USA |
| Email: [email protected] |
| From: Jay, Brillius [email protected] Reply to: [email protected] Threat modeling engineer Seeking an Application Threat Modeling Engineer with proven strong technical competence in developing, building and maintaining secure design & secure coding patterns. The Application Threat Modeling Engineer serves as a subject matter expert in developing comprehensive security requirements across a diverse number of technology stacks. The Application Threat Modeling Engineer supports the security champion practice by evangelizing secure design and secure coding controls. Primary Responsibilities * Design, develop and maintain comprehensive secure design patterns. * Design, develop and maintain secure coding standards. * Maintain, update and enhance threat libraries. * Socialize secure design patterns and secure coding standards with engineering teams. * Review issued threat based requirements with application owners to ensure identified requirements are implemented. * Perform ongoing governance and follow-through with application owners to ensure implementation of issued threat based requirements. * Assist application owners in filing appropriate security standard exceptions (Identity, Crvptography & Application Securitv) as identified through threat modeling. * Validate implementation of threat based countermeasures against outputs of scanning tools to enable auditability and verifiability. * Bring feedback loops to core team of threat modelers where customized or manual threat modeling may need to be invoked. * Assist application teams with threat modeling consultant * Consistently enable strong developer and customer experience when liasing with application teams. Uphold Blue Box values when liasing with application teams. Education Bachelor's degree in computer science, information systems, cybersecurity, or a related field. Security and Technical Experience * Direct hands on experience with application threat modeling. * Direct hands on experience with threat modeling frameworks, attack vectors an vulnerability analysis: CAPEG, ATT&CK, STRIDE. * Direct hands on experience with application security controls (Web, API and Mobile). * Strong familiarity with IAM Controls (OAuth 2.0, OIDC, JWT). Strong familiarity with Cryptography Controls (Data at rest, in motion). * Experience with Industry Standards and * Frameworks: NIST 800-53, CSF, OWASP ASVS. * Full stack knowledge of application architectures including: Single Page Applications, REST APIs, SOAP APIs, Mobile Applications. * Experience with Java, Javascript and mobile application development. * Full stack knowledge or familiarity with database architectures including Oracle, SQL, DB2 and NoSQL Databases. Preferred Security Certifications CISSP, SANS GIAC Key Behaviors/Competencies * Self-directed, Confident Team Player * Strong Technical Thinker * Strong Planning, Execution and Collaborative skills * Communication skills - Good verbal and written communication skills. Ability to document risk and control summary artifacts that translates complex threat models into easy to read reports for the business. * Openness to Learning: Takes personal responsibility for learning and upskilling. Acquires strategies for gaining new knowledge, behaviors and skills. Builds on and applies existing knowledge. Engages in learning from others, inside and outside the organization. * Adaptability: Demonstrates flexibility within a variety of changing situations, while working with individuals and groups. Changes his or her own ideas or perceptions in response to changing circumstances. Keywords: |
| [email protected] View all |
| Thu Aug 24 22:00:00 UTC 2023 |