Threat Modeler

Covetus, LLC
Jersey City, United States of America
22 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate

Job location

Jersey City, United States of America

Tech stack

Comptia Cloud+
Amazon Web Services (AWS)
Software System Penetration Testing
JIRA
Azure
Cloud Computing
Cloud Engineering
Computer Security
Information Systems
Continuous Integration
Data Security
DevOps
Github
Issue Tracking Systems
Microsoft Security Essentials
MongoDB
Oracle Applications
Open Web Application Security
Systems Development Life Cycle
Data Logging
Scripting (Bash/Python/Go/Ruby)
Google Cloud Platform
Snowflake
Mitre Att&ck
Cloudformation
Kubernetes
Information Technology
Terraform
Oracle Cloud Infrastructure
Serverless Computing
Docker
Databricks
Vulnerability Analysis

Job description

Threat Modeling using a documented process. Development of automation tools as required. Maintain a high standard of work in identifying threats and specifying mitigating controls. Attending to the lifecycle of identified threats and controls. Delivery of threat models and supporting tasks within existing timeframes. Provide feedback, support, and improvements to the existing threat modeling process. Present work to seniors, the team, and other technical teams. Work with little supervision to complete work Bachelor's degree in computer related field or equivalent work experience. Associate level cloud certification: AWS Certified Developer, AWS Certified Solutions Architect, AWS Certified SysOps Administrator CompTIA Cloud+ Google Associate Cloud Engineer or other professional Google Cloud Platform certification Oracle Cloud Infrastructure Certified Architect Associate, Oracle Cloud Infrastructure Certified Cloud Operations Associate Microsoft Certified: Azure Developer Associate Associate or professional cyber-security ISACA Certified Information Systems Auditor (CISA) GIAC Security Essentials (GSEC) ISC2 Systems Security Certified Practitioner (SSCP) CompTIA CySA+

Requirements

IT experience minimum of 6 years with minimum of 4 years Cyber-Security/Information Security must Threat Modeling (STRIDE, PASTA, Attack trees, tooling, Att&ck) must. Identifying vulnerabilities using CWE or OWASP. Experience working in a cyber-security role - must. Security practices pertaining to authentication, authorization, logging/monitoring, encryption, infrastructure security, network/segmentation must. Operating systems and their hardening. Development concepts (such as: CICD, Pipelines, SDLC). Scripting languages, Infrastructure as Code (Terraform, CloudFormation) must. Cloud Development Kit (CDK), GitOps. Operating in a DevOps / agile team structure. Jira or other ticketing systems must. Understanding of docker/K8S/serverless/helm. Support or perform pen testing. Snowflake/MongoDB/Terraform Cloud/GitHub/Databricks. Design and review technical architectures must., Microsoft Certified: Security Operations Analyst Associate; Information Protection Administrator A ssociate.

Apply for this position