Threat Modeler Application Security Architect

TL;DR

Threat Modeler Application Security Architect: Threat modeling applications, services, and platforms with an accent on identifying and prioritizing threats and applying mitigating controls. Focus on designing threat models, collaborating with cross-functional teams, and reviewing security mitigations.

Location: Onsite/Hybrid (Iselin, NJ, USA)

Company

hirify.global provides staffing services and is hiring for a W2 contract role with a large client.

What you will do

• Collaborate with application, service, and platform teams to understand architectures.
• Model architectures using threat modeling tools and methodologies.
• Identify, prioritize, and propose mitigations for security threats.
• Review evidence of threat mitigations including designs and source code.
• Publish and present threat modeling results.
• Work with Cybersecurity Architecture to create new mitigating controls.

Requirements

• Location: Onsite/Hybrid in Iselin, NJ, USA
• Work authorization: W2 contract only, no C2C
• 4+ years in Systems Architecture or Development.
• 3+ years cybersecurity experience or equivalent.
• 1+ years engineering experience with Azure, GCP, or AWS.
• 1+ years Python programming experience.
• Proficiency in at least one threat modeling methodology (STRIDE, PASTA, OCTAVE, LINDDUN, VAST).
• Experience with Threat Modeler, Microsoft Threat Modeling tool, or OWASP Threat Dragon.
• Understanding of OWASP Top 10, CAPEC, MITRE ATTACK, and Secure Design principles.

Nice to have

• Security and cloud certifications such as CISSP, CCSP, Azure, GCP, or AWS certifications.
• 3+ years leading Architecture Risk Reviews and building threat models.
• Experience with Threat Modeling GenAI and Threat modeling-as-a-Code (TaaC).