Cyber Security Analyst – Threat Modeling

Cyber Security Analyst Threat Modeling is responsible for performing security assessments for applications infrastructure and emerging technologies and guiding product / service teams in secure design of IT systems.

Position responsibilities include:

• Perform threat modeling for Enterprise and SaaS IT assets.
• Gain understanding of the business process application architecture IT infrastructure and interaction with external entities.
• Work with business application and supplier teams to perform in-depth threat assessments by leveraging methods such as STRIDE VAST Attack Tree etc.
• Provide subject matter expertise in assessing potential security threats in the application architecture and evaluate security controls to mitigate threats.
• Assess the risk of identified threats by evaluating likelihood and impact determine countermeasures and remediation.
• Apply Information Security Policy and industry security standards (E.g.: OWASP NIST CIS etc.) and guide application teams to help build secure products.
• Follow security governance process for issue tracking and closure. Ensure that security improvement actions are evaluated validated and implemented as required.
• Provide feedback for improving Threat Modeling tools and processes.
• Leverage industry best practices to continually improve process maturity.
• Promote awareness of security issues among application teams and business teams through training and awareness programs.
• Stay updated through continuous learning of emerging technologies like LLM ZTNA LCNC etc.

Skillset required:

• Experience in handling web application security risks - OWASP Top-10 E.g.: Injection attacks buffer overflow cross-site scripting etc.
• Skill to provide security controls guidance related to data usage processing storage and transmission.
• Knowledge of different Threat Modeling methodologies (E.g.: STRIDE VAST Attack Tree etc.).
• Knowledge of security assessment risk management processes cyber security threats vulnerabilities attack methods and techniques.
• Knowledge of organizations information security policies standards and procedures.
• Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality integrity availability authentication non-repudiation).
• Knowledge of network access cryptography cryptographic key management concepts identity and access management (e.g.: OAuth OpenID SAML).
• Knowledge of cloud security and API security.
• Knowledge of security assessment for Microservices architecture Databases (SQL/NoSQL) Google Cloud Platform resources like cloud storage Redis Pub/Sub and Cloud Run.
• Knowledge of computer networking and network security architecture concepts including topology protocols components and principles.
• Knowledge of laws regulations policies and ethics related to cybersecurity and privacy.
• Ability to evaluate information for reliability validity and relevance.
• Excellent analytical communication documentation and presentation skills.
• Knowledge of emerging technologies like AI/ML Zero Trust LCNC etc. and willingness to learn new technologies and concepts.
• Knowledge of Agile practices and SDLC
• Self-Starter who can work in ambiguous situations and drive to a solution.
• Strong interpersonal skills including ability to educate and influence.

Qualifications required:

• Bachelors degree in computer science Cyber Security or related field of study
• 2 years of experience in Cyber Security or related fields of IT.
• Knowledge on Security Framework such as NIST CSF ISO27001 OWASP Top-10 etc.
• Cyber security certifications like CISSP OSCP CEH Pentest are highly desirable.