Jersey City, New Jersey, United States
The ThreatModeler platform is the industry’s #1 automated threat modeling solution that enables a repeatable and scalable threat modeling process enterprise wide. Through ThreatModeler’s easy-to-understand dashboards and reports, threat data is presented in a format that is clear, concise, and actionable with role-based accessibility on a self-serve basis. Security team expertise is therefore scaled across all stakeholder functions, allowing enterprise-wide collaboration on the prioritization and management of risk across the entire IT ecosystem. ThreatModeler’s unique architecturally based framework also allows organizations to analyze and manage their comprehensive attack surface, including upstream threats and downstream impacts. As a member of the ThreatModeler cloud team you will be at the forefront of managing ThreatModeler’s AWS infrastructure. You will be surrounded by people who are smart, passionate about cloud computing, and believe that world class support is critical to customer success.
Duties and responsibilities
- Build and manage a team of researchers
- Work with new and existing customers in building dedicated threat libraries.
- Conduct research to build and maintain the Threat Library of ThreatModeler
- Identify current and future cybersecurity threats facing cloud-enabled enterprises
- Implement regulatory standards such as NIST 800-53 Rev. 5, PCI-DSS, FDA, HIPAA etc. as part of the library
- Work closely with the Product team to implement solutions to achieve results faster.
- Build threat modeling templates of common architectural patterns
- Research controls and the implementation of the controls to make a part of the libraries.
- Generate list of security requirements and security controls
- Build a rules engine framework for ThreatModeler
- Assist clients in building threat models and providing threat modeling as a service using ThreatModeler.
Requirements for Position
- Master’s in computer engineering/Computer Science
- 7+ years of Experience in the Governance, Risk & Compliance, Security Architecture, Threat Intelligence teams within large organizations
- Cloud Certification (AWS, Azure or GCP) is a plus.
- Strong understanding of regulatory standards such as NIST 800-53, HIPAA, PCI-DSS, FDA
- Strong understanding of MITRE’s ATT&CK and D3FEND Frameworks
- Familiar with CIS benchmarks
- Hands on experience with multiple CSPs is a plus
- Familiarity with Python, Bash, CLI, etc.
- Microsoft Office (Word, Excel, PowerPoint, etc)
- Strong Communication and Research Skills
- Ability to work with a team and as an individual
- Self-starter and eagerness to learn