MyPage is a personalized page based on your interests.The page is customized to help you to find content that matters you the most.


I'm not curious
1

Information Security Specialist- Cloud Threat Modeler

Location Toronto, United States
Posted 08-January-2022
Description
Job Description

Information Security Specialist - Cloud Threat Modeler

About This Role
Building Enterprise Level Azure Services - Paas

Information Security Specialist will be performing threat models for new and existing applications moving to the cloud. Information Security Specialist will Provide guide and advice for attacking and securing cloud applications. Providing developers and application stakeholders with the most accurate and update to date guidance on how to make their applications more secure. Help drive security standards and governance using automation wherever possible. Security Integration Engineering - help us build security into everything we do.
What were Looking For:

Information Security Specialist must have Strong, hands-on experience with Threat Modeling using one or more methodologies (e.g. Attack Trees, Persona non-grata, MSTM/Stride, PASTA) or performing Architecture Risk Analyses AppSec Testing - Hands-on Experience with one or more of SAST, DAST, Pen Testing, Open Source An engineering mindset: systems thinking and problem-solving focused. Experience working with DevOps, CI/CD, and building security into the pipeline. Experience with automation and scripting
Job Requirements

Advanced knowledge of securing cloud applications and platforms, specifically on Microsoft Azure . Demonstrated hands-on experience with threat modeling. Understanding of industry standards and frameworks (e.g. Cloud Control Matrix, NIST 800-39,53) Knowledge of OWASP, CIS Top 10 in Threat modeling, secure dev practices (DevSecOps) Strong knowledge and understanding of networking theory as well as SDN University Degree or equivalent combination of experience and education. 5-7 years of relevant AppSec and Threat Modeling experience. A firm commitment to staying informed and abreast of emerging issues, industry trends, etc. Sound to advanced knowledge of business, technology controls, security, and risk issues. Demonstrated ability to participate in projects of moderate to high complexity. Ability and commitment to serve as a subject matter expert on Readiness to participate in projects of moderate to high complexity and provide complex reporting, analysis, and assessments at the functional, business line or enterprise level. Information Security Certification / Accreditation an asset (e.g. CISSP, CCSP, etc.)
Must-Have

Threat modeling App Sec Knowledge of OWASP, CIS Top 10 in Threat modeling Azure Cloud Control Matrix
Nice To Have

Information Security Certification / Accreditation an asset (e.g. CISSP, CCSP, etc.) DevOps Pen Testing #tech
#LI-GW1
#LI-Remote

 
Awards & Accolades for MyTechLogy
Winner of
REDHERRING
Top 100 Asia
Finalist at SiTF Awards 2014 under the category Best Social & Community Product
Finalist at HR Vendor of the Year 2015 Awards under the category Best Learning Management System
Finalist at HR Vendor of the Year 2015 Awards under the category Best Talent Management Software
Hidden Image Url