Application Security Architect (Threat Modeling)
Вакансия из Hirify Global, списка международных tech-компанийДля мэтча и отклика нужен Plus
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Application Security Architect (Threat Modeling): Designing and implementing architecture-driven threat models for enterprise-scale applications and cloud environments with an accent on identifying attack paths and pragmatic risk mitigation. Focus on decomposing complex systems, applying STRIDE/PASTA/VAST methodologies, and validating security controls across distributed microservices.
Location: Hybrid (3 days onsite / 2 remote) in Charlotte, NC; Raleigh, NC; Irving (Dallas), TX; or Columbus, OH
Company
is a professional staffing firm providing high-level technical expertise for enterprise-scale security and engineering initiatives.
What you will do
- Perform architecture-driven threat modeling across enterprise applications and cloud platforms.
- Decompose systems into components, data flows, and trust boundaries using STRIDE, PASTA, or VAST.
- Identify and prioritize threats based on real-world risk and exploitability using tools like ThreatModeler or OWASP Threat Dragon.
- Validate security controls through architecture reviews, configuration audits, and code analysis.
- Recommend practical design-level mitigations and present findings to engineering teams and risk stakeholders.
- Collaborate with cybersecurity and platform teams to improve enterprise-wide security patterns and controls.
Requirements
- 6+ years of experience in software engineering, systems architecture, or platform engineering.
- 2+ years of experience specifically in application security or threat modeling.
- Hands-on experience with threat modeling methodologies (STRIDE, PASTA, VAST) and tools (ThreatModeler, OWASP Threat Dragon, Microsoft TMT).
- Strong understanding of distributed systems, microservices, and cloud platforms (AWS, Azure, or GCP).
- Ability to analyze code, configurations, and Infrastructure as Code (IaC) artifacts.
- Scripting experience using Python.
Nice to have
- Experience leading enterprise threat modeling programs or utilizing Threat Modeling as Code (TaaC).
- Background in cloud-native, event-driven architectures, or AI/GenAI systems security.
- Industry certifications such as CISSP, CCSP, or cloud-provider certifications (AWS/Azure/GCP).
- Experience working within large, regulated enterprise environments.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →