Security Architect - Threat Modeling (8-15 yrs)

Experience : 8 - 15 Years

Job Location : Pune

Job Description :

1) Strong understanding of security threats, attack vectors, and mitigation techniques 8+ years of experience in a SOC environment.

2) Knowledge of secure design patterns, cryptography, and access control models.

3) Deep technical knowledge of web related technologies such Web applications, Web Services and REST-based Service Architectures and of network/web related protocols.

4) Experience with industry-standard threat modelling frameworks, such as STRIDE, DREAD, or PASTA.

5) Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams.

6) Proficiency in creating and interpreting technical documentation, including data flow diagrams and use case diagrams.

7) Familiarity with security standards and regulations such as ISO 27001, NIST, MITRE, CIS and GDPR.

8) Willing to embark on technical challenges with inadequate training or information.

9) Openness and Integrity.

10) Individual contributor as well as excellent team player.

Advantageous (not essential) :

- Cloud Secrets Management (Cloud Vaults / Key Management & Rotation / MFA / Passwords).

- Scripting tool such as Python etc.

- API Security

To be successful in this role, we're seeking the following :

1) Competent with diverse technologies and security solutions (particularly securing applications in Azure cloud and M365).

2) Sound knowledge of Cyber security principles for secure analysis, design, build, and support aspects with an emphasis on threat modelling frameworks, methodologies, techniques.

3) Be able to design/engineer, build and support activities for different phases of the application life cycle in support of the business.

4) Backed by proven experience of successful application of threat modelling and security design.

5) Self-starter who can work with diverse teams to deliver individually the results amidst lot of uncertainties and with limited resources.

6) He or she will proactively work with various stakeholders to implement security practices that are aligned with industry and Insight policies and standards for Cyber Security.