About the role
Job Role-: Threat Modeling Location : Toronto, ON Hire Type-: Full Time
Job Description:
-
Conducts security risk assessments of applications with respect to design and implementation of system and application code
-
Develop and manage security governance processes and procedures for the threat modeling program and application security design & devsecops programs.
-
Assist in the development of threat modeling governance documentation.
-
Works with information security leadership to develop strategies and plans to enforce threat modeling and address identified control gaps.
-
Develops reports for management concerning residual risk and non-compliance.
-
Monitor and track compliance with application owners to ensure implementation of security controls as planned.
-
Review issued security controls with application owners to ensure identified requirements are implemented.
-
Validate implementation of security controls against outputs of scanning tools to enable auditability and verifiability.
-
Assist application owners in filing appropriate security standard exceptions as identified through threat modeling.
-
Develop, Maintain, update and enhance secure design patterns and secure coding standards.
-
Develop, Maintain, update and enhance threat libraries.
-
Socialize secure design patterns and secure coding standards with engineering teams.
-
Assist application teams with threat modeling consultancy questions.
-
Consistently enable strong developer and customer experience when liaising with application teams. Uphold Blue Box values when liaising with application teams.
-
Develop innovative attack techniques to foil protective design and in-place mitigations.
-
Participate in the development of strategies for information security processes and programs.
-
Support the investment decision process by developing business cases and cost benefit analysis
-
Create reports and other materials to assist in prioritizing activities related to various threats to applications.
-
Recommend resource types and skillsets required to resolve project and process issues.
-
Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage IT risk and protect data
-
Provide ongoing awareness and education of industry efforts and statistics relevant to information security.
-
Develop and define IT and information security standardized metrics and criteria.
-
Facilitates improvement solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance obligations.
-
Facilitates Agile events that help the team deliver value incrementally and iteratively
-
Supports the Program Increment (PI) execution through facilitating team level events and partners with the RTE.
-
Supports the team in achieving the PI objectives.
-
Provides consultation and advice to assess information security risks and mitigate controls to protect corporate intellectual capital, and other sensitive data.
Minimum Requirements:
-
Bachelor's Degree in Computer Science, Information Systems, Business Administration or other related field
-
Certification may be required for specific functions
-
6-9 years of information security experience
-
Experience with gathering functional requirements, deployment of information security tools, and data analysis
-
In-depth experience with desktop software and office automation tools
-
Experience with information security risk management and process improvement Preferred Qualifications:
-
Experience with threat modeling frameworks, attack vectors and vulnerability analysis: CAPEC, ATT&CK, STRIDE.
-
Experience with application security controls (Web, API, Mobile, AI).
-
Experience with common information security management and application frameworks: NIST 800-53, CSF, OWASP ASVS.
-
Experience with Application Security design and DevSecOps
-
Full stack knowledge of application architectures including: Single Page Applications, REST APIs, SOAP APIs, Mobile Applications.
-
Experience with Java, Javascript and mobile application development.
-
Knowledge or familiarity with database architectures including Oracle, SQL, DB2 and NoSQL Databases
-
Experience with Cloud security, architecture, design, implementation, and operations
-
Exposure to IAM Controls (OAuth 2.0, OIDC, JWT)
-
Strong familiarity with Cryptography Controls (Data at rest, in motion).
-
CISSP, CISM, CSSLP, CISA, CRISC, OSCP
Not the right fit? Search for Threat Modeling jobs in Toronto, Ontario, Canada
About Epsilon Solutions Ltd.
Based in Toronto, Ontario, Epsilon Solutions Ltd. has been providing business and IT solutions throughout Canada since 2013. At Epsilon Solutions, we are cognizant that you have many choices when selecting an IT services company.
Epsilon Solutions delivers expert information technology consultants who can contribute to a fast-paced and ever-changing technological world. Whether you need to accelerate your IT projects or get your career moving full speed ahead, Epsilon Solutions helps you achieve success.
Our IT talent management expertise ensures you attract, develop and retain the best IT professionals required to achieve your business targets better, faster and more cost-effectively. With over 50+ employees, we deploy more than 900+ technical professionals annually to support critical engagements, including Fortune 500.
We strive to differentiate ourselves by providing a level of service unparalleled in the industry.
Dedicated Account Managers who serve as your single point of contact Experienced Technical Recruiters qualify candidates based on your requirements. Trained professional staff who stay abreast of emerging technologies A flexible business approach to work within your guidelines The selective and confidential recruiting process Access to passive job seekers
We meet you where you are and take you where you want to go—the way you want to get there.
Our services can scale from staff augmentation to fully outsourced services, depending on the level of responsibility you want us to assume. Additionally, we can leverage our global delivery models to ensure cost-competitive solutions without sacrificing quality outcomes.
Similar Jobs
About the role
Job Role-: Threat Modeling Location : Toronto, ON Hire Type-: Full Time
Job Description:
-
Conducts security risk assessments of applications with respect to design and implementation of system and application code
-
Develop and manage security governance processes and procedures for the threat modeling program and application security design & devsecops programs.
-
Assist in the development of threat modeling governance documentation.
-
Works with information security leadership to develop strategies and plans to enforce threat modeling and address identified control gaps.
-
Develops reports for management concerning residual risk and non-compliance.
-
Monitor and track compliance with application owners to ensure implementation of security controls as planned.
-
Review issued security controls with application owners to ensure identified requirements are implemented.
-
Validate implementation of security controls against outputs of scanning tools to enable auditability and verifiability.
-
Assist application owners in filing appropriate security standard exceptions as identified through threat modeling.
-
Develop, Maintain, update and enhance secure design patterns and secure coding standards.
-
Develop, Maintain, update and enhance threat libraries.
-
Socialize secure design patterns and secure coding standards with engineering teams.
-
Assist application teams with threat modeling consultancy questions.
-
Consistently enable strong developer and customer experience when liaising with application teams. Uphold Blue Box values when liaising with application teams.
-
Develop innovative attack techniques to foil protective design and in-place mitigations.
-
Participate in the development of strategies for information security processes and programs.
-
Support the investment decision process by developing business cases and cost benefit analysis
-
Create reports and other materials to assist in prioritizing activities related to various threats to applications.
-
Recommend resource types and skillsets required to resolve project and process issues.
-
Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage IT risk and protect data
-
Provide ongoing awareness and education of industry efforts and statistics relevant to information security.
-
Develop and define IT and information security standardized metrics and criteria.
-
Facilitates improvement solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance obligations.
-
Facilitates Agile events that help the team deliver value incrementally and iteratively
-
Supports the Program Increment (PI) execution through facilitating team level events and partners with the RTE.
-
Supports the team in achieving the PI objectives.
-
Provides consultation and advice to assess information security risks and mitigate controls to protect corporate intellectual capital, and other sensitive data.
Minimum Requirements:
-
Bachelor's Degree in Computer Science, Information Systems, Business Administration or other related field
-
Certification may be required for specific functions
-
6-9 years of information security experience
-
Experience with gathering functional requirements, deployment of information security tools, and data analysis
-
In-depth experience with desktop software and office automation tools
-
Experience with information security risk management and process improvement Preferred Qualifications:
-
Experience with threat modeling frameworks, attack vectors and vulnerability analysis: CAPEC, ATT&CK, STRIDE.
-
Experience with application security controls (Web, API, Mobile, AI).
-
Experience with common information security management and application frameworks: NIST 800-53, CSF, OWASP ASVS.
-
Experience with Application Security design and DevSecOps
-
Full stack knowledge of application architectures including: Single Page Applications, REST APIs, SOAP APIs, Mobile Applications.
-
Experience with Java, Javascript and mobile application development.
-
Knowledge or familiarity with database architectures including Oracle, SQL, DB2 and NoSQL Databases
-
Experience with Cloud security, architecture, design, implementation, and operations
-
Exposure to IAM Controls (OAuth 2.0, OIDC, JWT)
-
Strong familiarity with Cryptography Controls (Data at rest, in motion).
-
CISSP, CISM, CSSLP, CISA, CRISC, OSCP
Not the right fit? Search for Threat Modeling jobs in Toronto, Ontario, Canada
About Epsilon Solutions Ltd.
Based in Toronto, Ontario, Epsilon Solutions Ltd. has been providing business and IT solutions throughout Canada since 2013. At Epsilon Solutions, we are cognizant that you have many choices when selecting an IT services company.
Epsilon Solutions delivers expert information technology consultants who can contribute to a fast-paced and ever-changing technological world. Whether you need to accelerate your IT projects or get your career moving full speed ahead, Epsilon Solutions helps you achieve success.
Our IT talent management expertise ensures you attract, develop and retain the best IT professionals required to achieve your business targets better, faster and more cost-effectively. With over 50+ employees, we deploy more than 900+ technical professionals annually to support critical engagements, including Fortune 500.
We strive to differentiate ourselves by providing a level of service unparalleled in the industry.
Dedicated Account Managers who serve as your single point of contact Experienced Technical Recruiters qualify candidates based on your requirements. Trained professional staff who stay abreast of emerging technologies A flexible business approach to work within your guidelines The selective and confidential recruiting process Access to passive job seekers
We meet you where you are and take you where you want to go—the way you want to get there.
Our services can scale from staff augmentation to fully outsourced services, depending on the level of responsibility you want us to assume. Additionally, we can leverage our global delivery models to ensure cost-competitive solutions without sacrificing quality outcomes.