Threat Modeler with Dev Background
About the role
Inclusion without Exception
Tata Consultancy Services (TCS) is an equal opportunity employer, and embraces diversity in race, nationality, ethnicity, gender, age, physical ability, neurodiversity, and sexual orientation, to create a workforce that reflects the societies we operate in. Our continued commitment to Culture and Diversity is reflected in our people stories across our workforce and implemented through equitable workplace policies and processes.
Tata Consultancy Services (BSE: 532540, NSE: TCS) is the technology partner of choice for industry-leading organizations worldwide. Since its inception in 1968, TCS has upheld the highest standards of innovation, engineering excellence and customer service. It has set an aspiration to become the world's largest AI-led technology services company and is enabling its clients to transform themselves across the full AI stack, from infrastructure to intelligence.
Rooted in the heritage of the Tata Group, TCS is focused on creating long term value for its clients, its investors, its employees, and the community at large. With a highly skilled workforce spread across 56 countries and 194 service delivery centers across the world, the company has been recognized as a top employer in six continents. With the ability to rapidly apply and scale new technologies, the company has built long term partnerships with its clients. Many of these relationships have endured into decades and navigated every technology cycle, from mainframes in the 1970s to artificial intelligence today.
Job Description:-
Must Have Technical/Functional Skills
Threat Modeler, Security Architect with Development background Artificial Intelligence, Machine Learning & Data Science professional with experience in enterprise architecture, AI product security, and digital transformation. Strong hands-on expertise in cloud-native architectures (AWS/GCP), threat modeling, secure AI system development, and AI governance. Led mission-critical initiatives with cross-functional teams, aligning product innovation with cybersecurity best practices and compliance standards.
Roles & Responsibilities
Threat Modeler, Security Architect with Development background Experience with threat modeling frameworks, attack vectors and vulnerability analysis: CAPEC, ATT&CK, STRIDE. Experience with application security controls (Web, API, Mobile, AI). Experience with common information security management and application frameworks: NIST 800-53, CSF, OWASP ASVS.- Experience with Application Security design and DevSecOps Full stack knowledge of application architectures including: Single Page Applications, REST APIs, SOAP APIs, Mobile Applications.- Experience with Java, Javascript and mobile application development. Knowledge or familiarity with database architectures including Oracle, SQL, DB2 and NoSQL Databases Experience with Cloud security, architecture, design, implementation, and operations- Exposure to IAM Controls (OAuth 2.0, OIDC, JWT) Strong familiarity with Cryptography Controls (Data at rest, in motion).- CISSP, CISM, CSSLP, CISA, CRISC, OSCP
Generic Managerial Skills, If any
Conducts security risk assessments of applications with respect to design and implementation of system and application code
- Develop and manage security governance processes and procedures for the threat modeling program and application security design & DevSecOps programs.
- Assist in the development of threat modeling governance documentation.- Works with information security leadership to develop strategies and plans to enforce threat modeling and address identified control gaps.- Develops reports for management concerning residual risk and non-compliance.
- Monitor and track compliance with application owners to ensure implementation of security controls as planned.
- Review issued security controls with application owners to ensure identified requirements are implemented.
- Validate implementation of security controls against outputs of scanning tools to enable auditability and verifiability.
- Assist application owners in filing appropriate security standard exceptions as identified through threat modeling.
- Develop, Maintain, update and enhance secure design patterns and secure coding standards.
- Develop, Maintain, update and enhance threat libraries.
- Socialize secure design patterns and secure coding standards with engineering teams.
- Assist application teams with threat modeling consultancy questions.
- Consistently enable strong developer and customer experience when liaising with application teams. Uphold Blue Box values when liaising with application teams.
- Develop innovative attack techniques to foil protective design and in-place mitigations.
- Participate in the development of strategies for information security processes and programs.
- Support the investment decision process by developing business cases and cost benefit analysis
- Create reports and other materials to assist in prioritizing activities related to various threats to applications.
- Recommend resource types and skillsets required to resolve project and process issues.
- Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP"s ability to manage IT risk and protect data
- Provide ongoing awareness and education of industry efforts and statistics relevant to information security.
- Develop and define IT and information security standardized metrics and criteria.- Facilitates improvement solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance obligations.- Facilitates Agile events that help the team deliver value incrementally and iteratively- Supports the Program Increment (PI) execution through facilitating team level events and partners with the RTE.- Supports the team in achieving the PI objectives.
- Provides consultation and advice to assess information security risks and mitigate controls to protect corporate intellectual capital, and other sensitive data.
Key Words to search in Resume
Artificial Intelligence, Machine Learning, Threat Modelling
Pre-Screening Questionnaire Hands on experience with Artificial Intelligence, Machine Learning & Data Science professional, Python skills.
Salary Range - CA$ 100,000 - CA$ 120,000 Per Year
TCS does not use artificial intelligence tools for candidate screening or evaluation. This post is for a current vacancy. The hiring process includes an initial screening, followed by a technical evaluation and managerial discussion.
Tata Consultancy Services Canada Inc. is committed to meeting the accessibility needs of all individuals in accordance with the Accessibility for Ontarians with Disabilities Act (AODA) and the Ontario Human Rights Code (OHRC). Should you require accommodation during the recruitment and selection process, please inform Human Resources.
Thank you for your interest in TCS. Candidates that meet the qualifications for this position will be contacted within a 2-week period. We invite you to continue to apply for other opportunities that match your profile.
Similar Jobs
Threat Modeler with Dev Background
About the role
Inclusion without Exception
Tata Consultancy Services (TCS) is an equal opportunity employer, and embraces diversity in race, nationality, ethnicity, gender, age, physical ability, neurodiversity, and sexual orientation, to create a workforce that reflects the societies we operate in. Our continued commitment to Culture and Diversity is reflected in our people stories across our workforce and implemented through equitable workplace policies and processes.
Tata Consultancy Services (BSE: 532540, NSE: TCS) is the technology partner of choice for industry-leading organizations worldwide. Since its inception in 1968, TCS has upheld the highest standards of innovation, engineering excellence and customer service. It has set an aspiration to become the world's largest AI-led technology services company and is enabling its clients to transform themselves across the full AI stack, from infrastructure to intelligence.
Rooted in the heritage of the Tata Group, TCS is focused on creating long term value for its clients, its investors, its employees, and the community at large. With a highly skilled workforce spread across 56 countries and 194 service delivery centers across the world, the company has been recognized as a top employer in six continents. With the ability to rapidly apply and scale new technologies, the company has built long term partnerships with its clients. Many of these relationships have endured into decades and navigated every technology cycle, from mainframes in the 1970s to artificial intelligence today.
Job Description:-
Must Have Technical/Functional Skills
Threat Modeler, Security Architect with Development background Artificial Intelligence, Machine Learning & Data Science professional with experience in enterprise architecture, AI product security, and digital transformation. Strong hands-on expertise in cloud-native architectures (AWS/GCP), threat modeling, secure AI system development, and AI governance. Led mission-critical initiatives with cross-functional teams, aligning product innovation with cybersecurity best practices and compliance standards.
Roles & Responsibilities
Threat Modeler, Security Architect with Development background Experience with threat modeling frameworks, attack vectors and vulnerability analysis: CAPEC, ATT&CK, STRIDE. Experience with application security controls (Web, API, Mobile, AI). Experience with common information security management and application frameworks: NIST 800-53, CSF, OWASP ASVS.- Experience with Application Security design and DevSecOps Full stack knowledge of application architectures including: Single Page Applications, REST APIs, SOAP APIs, Mobile Applications.- Experience with Java, Javascript and mobile application development. Knowledge or familiarity with database architectures including Oracle, SQL, DB2 and NoSQL Databases Experience with Cloud security, architecture, design, implementation, and operations- Exposure to IAM Controls (OAuth 2.0, OIDC, JWT) Strong familiarity with Cryptography Controls (Data at rest, in motion).- CISSP, CISM, CSSLP, CISA, CRISC, OSCP
Generic Managerial Skills, If any
Conducts security risk assessments of applications with respect to design and implementation of system and application code
- Develop and manage security governance processes and procedures for the threat modeling program and application security design & DevSecOps programs.
- Assist in the development of threat modeling governance documentation.- Works with information security leadership to develop strategies and plans to enforce threat modeling and address identified control gaps.- Develops reports for management concerning residual risk and non-compliance.
- Monitor and track compliance with application owners to ensure implementation of security controls as planned.
- Review issued security controls with application owners to ensure identified requirements are implemented.
- Validate implementation of security controls against outputs of scanning tools to enable auditability and verifiability.
- Assist application owners in filing appropriate security standard exceptions as identified through threat modeling.
- Develop, Maintain, update and enhance secure design patterns and secure coding standards.
- Develop, Maintain, update and enhance threat libraries.
- Socialize secure design patterns and secure coding standards with engineering teams.
- Assist application teams with threat modeling consultancy questions.
- Consistently enable strong developer and customer experience when liaising with application teams. Uphold Blue Box values when liaising with application teams.
- Develop innovative attack techniques to foil protective design and in-place mitigations.
- Participate in the development of strategies for information security processes and programs.
- Support the investment decision process by developing business cases and cost benefit analysis
- Create reports and other materials to assist in prioritizing activities related to various threats to applications.
- Recommend resource types and skillsets required to resolve project and process issues.
- Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP"s ability to manage IT risk and protect data
- Provide ongoing awareness and education of industry efforts and statistics relevant to information security.
- Develop and define IT and information security standardized metrics and criteria.- Facilitates improvement solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance obligations.- Facilitates Agile events that help the team deliver value incrementally and iteratively- Supports the Program Increment (PI) execution through facilitating team level events and partners with the RTE.- Supports the team in achieving the PI objectives.
- Provides consultation and advice to assess information security risks and mitigate controls to protect corporate intellectual capital, and other sensitive data.
Key Words to search in Resume
Artificial Intelligence, Machine Learning, Threat Modelling
Pre-Screening Questionnaire Hands on experience with Artificial Intelligence, Machine Learning & Data Science professional, Python skills.
Salary Range - CA$ 100,000 - CA$ 120,000 Per Year
TCS does not use artificial intelligence tools for candidate screening or evaluation. This post is for a current vacancy. The hiring process includes an initial screening, followed by a technical evaluation and managerial discussion.
Tata Consultancy Services Canada Inc. is committed to meeting the accessibility needs of all individuals in accordance with the Accessibility for Ontarians with Disabilities Act (AODA) and the Ontario Human Rights Code (OHRC). Should you require accommodation during the recruitment and selection process, please inform Human Resources.
Thank you for your interest in TCS. Candidates that meet the qualifications for this position will be contacted within a 2-week period. We invite you to continue to apply for other opportunities that match your profile.