About the role
Key Responsibility Conducts security risk assessments of applications with respect to design and implementation of system and application code
- Develop and manage security governance processes and procedures for the threat modeling program and application security design & devsecops programs.
- Assist in the development of threat modeling governance documentation.
- Works with information security leadership to develop strategies and plans to enforce threat modeling and address identified control gaps.
- Develops reports for management concerning residual risk and non-compliance.
- Monitor and track compliance with application owners to ensure implementation of security controls as planned.
- Review issued security controls with application owners to ensure identified requirements are implemented.
- Validate implementation of security controls against outputs of scanning tools to enable auditability and verifiability.
- Assist application owners in filing appropriate security standard exceptions as identified through threat modeling.
- Develop, Maintain, update and enhance secure design patterns and secure coding standards.
- Develop, Maintain, update and enhance threat libraries.
- Socialize secure design patterns and secure coding standards with engineering teams.
- Assist application teams with threat modeling consultancy questions.
- Consistently enable strong developer and customer experience when liaising with application teams. Uphold Blue Box values when liaising with application teams.
- Develop innovative attack techniques to foil protective design and in-place mitigations.
- Participate in the development of strategies for information security processes and programs.
- Support the investment decision process by developing business cases and cost benefit analysis
- Create reports and other materials to assist in prioritizing activities related to various threats to applications.
- Recommend resource types and skillsets required to resolve project and process issues.
- Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage IT risk and protect data
- Provide ongoing awareness and education of industry efforts and statistics relevant to information security.
- Develop and define IT and information security standardized metrics and criteria.
- Facilitates improvement solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance obligations.
- Facilitates Agile events that help the team deliver value incrementally and iteratively
- Supports the Program Increment (PI) execution through facilitating team level events and partners with the RTE.
- Supports the team in achieving the PI objectives.
- Provides consultation and advice to assess information security risks and mitigate controls to protect corporate intellectual capital, and other sensitive data.
Preferred Qualifications:
- Experience with threat modeling frameworks, attack vectors and vulnerability analysis: CAPEC, ATT&CK, STRIDE.
- Experience with application security controls (Web, API, Mobile, AI).
- Experience with common information security management and application frameworks: NIST 800-53, CSF, OWASP ASVS.
- Experience with Cloud security, architecture, design, implementation, and operations
- Exposure to IAM Controls (OAuth 2.0, OIDC, JWT)
- Strong familiarity with Cryptography Controls (Data at rest, in motion).
- CISSP, CISM, CSSLP, CISA, CRISC, OSCP
Not the right fit? Search for Threat Modeler jobs in North York, Ontario, Canada
About Atos
Atos is the services brand of Atos Group, delivering AI powered, secure and end to end digital services to public and private organizations worldwide. Atos designs, builds and run digital environments that are critical to performance, resilience and sovereignty, helping clients keep control of their data, infrastructure and compliance, with clear accountability from strategy to operations. With more than 54,000 people serving 4,500+ clients in 54 countries, Atos helps modernize core IT, accelerate cloud and data transformation, strengthen cybersecurity and enable secure digital workplaces, delivering impact for clients, employees and society at large. Atos offers end-to-end IT services across the cloud, cybersecurity, data and AI, application services, smart platforms and digital workplace, as well as localized consulting and advisory services under its brand Atos Amplify. Atos is trusted to operate complex, business-critical environments, especially in regulated and sovereign contexts.
Atos Group is a global leader in digital transformation with c. 56,000 employees and annual revenue of c. €7.2 billion (at the go-forward perimeter), operating in 54 countries under two brands - Atos for services and Eviden for products and systems. European number one in cybersecurity and a leader in cloud, Atos Group is committed to a secure and decarbonized future and provides tailored AI-powered, end-to-end solutions for all industries. Atos Group is listed on Euronext Paris.
Similar Jobs
About the role
Key Responsibility Conducts security risk assessments of applications with respect to design and implementation of system and application code
- Develop and manage security governance processes and procedures for the threat modeling program and application security design & devsecops programs.
- Assist in the development of threat modeling governance documentation.
- Works with information security leadership to develop strategies and plans to enforce threat modeling and address identified control gaps.
- Develops reports for management concerning residual risk and non-compliance.
- Monitor and track compliance with application owners to ensure implementation of security controls as planned.
- Review issued security controls with application owners to ensure identified requirements are implemented.
- Validate implementation of security controls against outputs of scanning tools to enable auditability and verifiability.
- Assist application owners in filing appropriate security standard exceptions as identified through threat modeling.
- Develop, Maintain, update and enhance secure design patterns and secure coding standards.
- Develop, Maintain, update and enhance threat libraries.
- Socialize secure design patterns and secure coding standards with engineering teams.
- Assist application teams with threat modeling consultancy questions.
- Consistently enable strong developer and customer experience when liaising with application teams. Uphold Blue Box values when liaising with application teams.
- Develop innovative attack techniques to foil protective design and in-place mitigations.
- Participate in the development of strategies for information security processes and programs.
- Support the investment decision process by developing business cases and cost benefit analysis
- Create reports and other materials to assist in prioritizing activities related to various threats to applications.
- Recommend resource types and skillsets required to resolve project and process issues.
- Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage IT risk and protect data
- Provide ongoing awareness and education of industry efforts and statistics relevant to information security.
- Develop and define IT and information security standardized metrics and criteria.
- Facilitates improvement solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance obligations.
- Facilitates Agile events that help the team deliver value incrementally and iteratively
- Supports the Program Increment (PI) execution through facilitating team level events and partners with the RTE.
- Supports the team in achieving the PI objectives.
- Provides consultation and advice to assess information security risks and mitigate controls to protect corporate intellectual capital, and other sensitive data.
Preferred Qualifications:
- Experience with threat modeling frameworks, attack vectors and vulnerability analysis: CAPEC, ATT&CK, STRIDE.
- Experience with application security controls (Web, API, Mobile, AI).
- Experience with common information security management and application frameworks: NIST 800-53, CSF, OWASP ASVS.
- Experience with Cloud security, architecture, design, implementation, and operations
- Exposure to IAM Controls (OAuth 2.0, OIDC, JWT)
- Strong familiarity with Cryptography Controls (Data at rest, in motion).
- CISSP, CISM, CSSLP, CISA, CRISC, OSCP
Not the right fit? Search for Threat Modeler jobs in North York, Ontario, Canada
About Atos
Atos is the services brand of Atos Group, delivering AI powered, secure and end to end digital services to public and private organizations worldwide. Atos designs, builds and run digital environments that are critical to performance, resilience and sovereignty, helping clients keep control of their data, infrastructure and compliance, with clear accountability from strategy to operations. With more than 54,000 people serving 4,500+ clients in 54 countries, Atos helps modernize core IT, accelerate cloud and data transformation, strengthen cybersecurity and enable secure digital workplaces, delivering impact for clients, employees and society at large. Atos offers end-to-end IT services across the cloud, cybersecurity, data and AI, application services, smart platforms and digital workplace, as well as localized consulting and advisory services under its brand Atos Amplify. Atos is trusted to operate complex, business-critical environments, especially in regulated and sovereign contexts.
Atos Group is a global leader in digital transformation with c. 56,000 employees and annual revenue of c. €7.2 billion (at the go-forward perimeter), operating in 54 countries under two brands - Atos for services and Eviden for products and systems. European number one in cybersecurity and a leader in cloud, Atos Group is committed to a secure and decarbonized future and provides tailored AI-powered, end-to-end solutions for all industries. Atos Group is listed on Euronext Paris.