Job Description

Role Purpose

The purpose of this role is to design the organisation’s computer and network security infrastructure and protect its systems and sensitive information from cyber threats

͏

Threat Modelling

• Hands-on experience in Security Testing.
• Strong experience in Threat Modelling and Security Risk Assessment
• Enterprise Reference Architecture: define threat modeling reference patterns for common architectures (microservices, APIs, event-driven, cloud).
  Threat-Informed Integration: integrate ATT&CK-informed scenarios and control validation into design-time practices.
• Align threat modeling with broader security architecture (Zero Trust, IAM, monitoring).
• Aware of common methodologies such as Dread and Stride, PASTA etc
• Set up Threat Modelling Process,
• On-board Client Applications for Threat Modelling,
• Execute Threat Modelling, (Identify Threat vectors using automated / manual methods, create the threat model and publish to stake holders)
• Explain the Results with the end client developers,
• Remediation Support,
• Remediation Co-ordination
• Cloud Security Knowledge is a good to have
• Very good knowledge on OWASP security standards. Deep understanding of common security vulnerabilities.
• Very good presentation skill. Strong communication and good customer handling skill.
• Should be capable of understanding customer requirement for security testing.
• Capable of providing security solutions to the customer for complex security testing/risk requirement.
• Automation Strategy: define tool integrations (repo, CI gates, KB/RAG) and quality controls for scaling.Key Deliverables:

• Enterprise threat modeling framework, reference architectures, and multi-quarter roadmap.
• Control validation and assurance framework with KPIs/KRIs.
• Executive briefings and decision memos."

͏

͏

͏