itjobs.ca Logo
Atos logo

Threat Modeler

Atos1 day ago
North York, Ontario, Canada
Senior Level
Full-Time

About the role

Key Responsibility Conducts security risk assessments of applications with respect to design and implementation of system and application code

  • Develop and manage security governance processes and procedures for the threat modeling program and application security design & devsecops programs.
  • Assist in the development of threat modeling governance documentation.
  • Works with information security leadership to develop strategies and plans to enforce threat modeling and address identified control gaps.
  • Develops reports for management concerning residual risk and non-compliance.
  • Monitor and track compliance with application owners to ensure implementation of security controls as planned.
  • Review issued security controls with application owners to ensure identified requirements are implemented.
  • Validate implementation of security controls against outputs of scanning tools to enable auditability and verifiability.
  • Assist application owners in filing appropriate security standard exceptions as identified through threat modeling.
  • Develop, Maintain, update and enhance secure design patterns and secure coding standards.
  • Develop, Maintain, update and enhance threat libraries.
  • Socialize secure design patterns and secure coding standards with engineering teams.
  • Assist application teams with threat modeling consultancy questions.
  • Consistently enable strong developer and customer experience when liaising with application teams. Uphold Blue Box values when liaising with application teams.
  • Develop innovative attack techniques to foil protective design and in-place mitigations.
  • Participate in the development of strategies for information security processes and programs.
  • Support the investment decision process by developing business cases and cost benefit analysis
  • Create reports and other materials to assist in prioritizing activities related to various threats to applications.
  • Recommend resource types and skillsets required to resolve project and process issues.
  • Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage IT risk and protect data
  • Provide ongoing awareness and education of industry efforts and statistics relevant to information security.
  • Develop and define IT and information security standardized metrics and criteria.
  • Facilitates improvement solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance obligations.
  • Facilitates Agile events that help the team deliver value incrementally and iteratively
  • Supports the Program Increment (PI) execution through facilitating team level events and partners with the RTE.
  • Supports the team in achieving the PI objectives.
  • Provides consultation and advice to assess information security risks and mitigate controls to protect corporate intellectual capital, and other sensitive data.

Preferred Qualifications:

  • Experience with threat modeling frameworks, attack vectors and vulnerability analysis: CAPEC, ATT&CK, STRIDE.
  • Experience with application security controls (Web, API, Mobile, AI).
  • Experience with common information security management and application frameworks: NIST 800-53, CSF, OWASP ASVS.
  • Experience with Cloud security, architecture, design, implementation, and operations
  • Exposure to IAM Controls (OAuth 2.0, OIDC, JWT)
  • Strong familiarity with Cryptography Controls (Data at rest, in motion).
  • CISSP, CISM, CSSLP, CISA, CRISC, OSCP

About Atos

IT Services and IT Consulting

Similar Jobs