Threat Modeler Security Architect – AI Security, Cloud & DevSecOps


Job Location:

Toronto - Canada

Monthly Salary: K 10 - 10
Experience Required: 5years
Posted on: 3 days ago
Vacancies: 1 Vacancy

Job Summary

Threat Modeler / Security Architect AI Security Cloud & DevSecOps

Must Have Technical/Functional Skills

Security Architecture & Threat Modeling

Threat Modeler and Security Architect with a strong development background.
Experience in Artificial Intelligence Machine Learning and Data Science with expertise in enterprise architecture AI product security and digital transformation.
Strong hands-on experience with cloud-native architectures including AWS and GCP.
Experience with secure AI system development AI governance and cybersecurity best practices.
Experience with threat modeling frameworks attack vectors and vulnerability analysis including:
CAPEC
ATT&CK
STRIDE

Application Security & DevSecOps

Experience with application security controls across:
Web applications
APIs
Mobile applications
AI systems
Knowledge of security frameworks and standards including:
NIST 800-53
NIST Cybersecurity Framework (CSF)
OWASP ASVS
Experience with Application Security design and DevSecOps practices.
Full-stack knowledge of application architectures including:
Single Page Applications
REST APIs
SOAP APIs
Mobile applications
Experience with:
Java
JavaScript
Mobile application development

Database Cloud & Identity Security

Knowledge of database architectures including:
Oracle
SQL
DB2
NoSQL databases
Experience with cloud security architecture design implementation and operations.
Exposure to IAM controls including:
OAuth 2.0
OIDC
JWT
Strong understanding of cryptography controls:
Data at rest
Data in motion

Certifications

Preferred certifications:
CISSP
CISM
CSSLP
CISA
CRISC
OSCP

Key Responsibilities

Threat Modeling & Security Assessment

Conduct security risk assessments of applications based on system design and application code implementation.
Develop and manage security governance processes and procedures for:
Threat modeling programs
Application security design
DevSecOps programs
Assist in developing threat modeling governance documentation.
Develop reports for management related to:
Residual risk
Non-compliance
Review security controls with application owners to ensure requirements are implemented.
Validate security control implementation against scanning tool outputs to support auditability and verification.

Security Governance & Compliance

Work with information security leadership to develop strategies and plans to enforce threat modeling and address control gaps.
Monitor and track compliance with application owners to ensure security controls are implemented as planned.
Assist application teams with security standard exceptions identified through threat modeling.
Develop and define security metrics and criteria for information security programs.

Secure Design & Engineering Enablement

Develop maintain update and enhance:
Secure design patterns
Secure coding standards
Threat libraries
Socialize secure design patterns and secure coding standards with engineering teams.
Provide threat modeling consultation and guidance to application teams.
Enable strong developer and customer experience while collaborating with application teams.
Develop innovative attack techniques to evaluate protective designs and existing mitigations.

Security Strategy & Architecture

Participate in developing strategies for information security processes and programs.
Document current and future state security capabilities using industry-leading technologies to improve IT risk management and data protection.
Provide security awareness and education on industry trends efforts and statistics.
Recommend resource types and skillsets required to address security project and process challenges.
Support investment decisions through business cases and cost-benefit analysis.

Agile Delivery & Collaboration

Facilitate Agile events to help teams deliver value incrementally and iteratively.
Support Program Increment (PI) execution through team-level events and collaboration with Release Train Engineers (RTE).
Support teams in achieving PI objectives.
Provide consultation and advice to assess information security risks and implement controls to protect intellectual property and sensitive data.





Required Skills:

Sailpoint

Threat Modeler / Security Architect AI Security Cloud & DevSecOpsMust Have Technical/Functional SkillsSecurity Architecture & Threat Modeling Threat Modeler and Security Architect with a strong development background. Experience in Artificial Intelligence Machine Learning and Data Science with exp...