Threat Modelling Security Engineer

The purpose of this role is to design the organisation’s computer and network security infrastructure and protect its systems and sensitive information from cyber threats, * Enterprise Reference Architecture: define threat modeling reference patterns for common architectures (microservices, APIs, event-driven, cloud). Threat-Informed Integration: integrate ATT&CK-informed scenarios and control validation into design-time practices.

• Align threat modeling with broader security architecture (Zero Trust, IAM, monitoring).
• Aware of common methodologies such as Dread and Stride, PASTA etc
• Set up Threat Modelling Process,
• On-board Client Applications for Threat Modelling,
• Execute Threat Modelling, (Identify Threat vectors using automated / manual methods, create the threat model and publish to stake holders)
• Explain the Results with the end client developers,
• Remediation Support,
• Remediation Co-ordination
• Cloud Security Knowledge is a good to have, * Control validation and assurance framework with KPIs/KRIs.Executive briefings and decision memos."

• Very good knowledge on OWASP security standards. Deep understanding of common security vulnerabilities.
• Very good presentation skill. Strong communication and good customer handling skill.
• Should be capable of understanding customer requirement for security testing.
• Capable of providing security solutions to the customer for complex security testing/risk requirement.
• Automation Strategy: define tool integrations (repo, CI gates, KB/RAG) and quality controls for scaling. Key Deliverables