Threat Modelling- Cyber Security

**Role: Senior Cyber Security Engineer - Threat Modelling**

Having good security is one of the most important things and we are now looking for a Cyber Security Specialist in **Threat Modelling** that can help us build the future. Our ethos is security and privacy by design. We expect security to be a built-in quality aspect, not a bolted-on property.

As a **Cyber Security Specialist**, you will work closely together with the architects and software engineers and focus on enabling client to develop secure and high-quality products. You will become a member of client’s cyber security team, support the secure development of products and help to shape the future.

We are looking for a person with **atleast 4+ years** of experience as a developer, preferably in multiple programming languages and frameworks, and a good understanding of software security.

You are required to have a good understanding of agile ways of working and be inspired by working in a product-oriented organization.

**Responsibilities**:

- Responsible for building cyber threat models following the defined standards;
- Responsible for writing and maintaining the documentation relating threat models and technical architecture of analyzed systems;
- Advise and enable informed decisions using clear language, purpose, and fact;
- Deliver learning opportunities relevant to stakeholders;
- Familiarity with one or more threat modeling methodologies (e.g. STRIDE, PASTA, LINDDUN,

CVSS, Attack Trees, Security Cards, hTMM, Qunatitative Threat Modeling Method, VAST
Modeling, OCTAVE);
- Knowledge and practice of network attack simulation by means of tools such as:

- AttackIQ, Cymulate, Pentera, SafeBreach, Verodin (Mandiant Security Validation)
- Knowledge of cybersecurity processes with reference to NIST CSF;
- Knowledge and practice about writing professional documents.
- Define the scope of depth of analysis for threat modelling
- Gain a visual understanding of what you are threat modelling
- Creating a component diagram with a control flow graph (which shows all possible execution paths in a program)
- Model the attack possibilities
- Identifying assets, security controls, trust zones, and threat agents
- Identify threats and create a traceability matrix of missing or weak security controls

**Qualification**:
Education: Information Technology Engineering or equivalent degree.
Certifications: Relevant certifications is an added advantage.

**Personal Skills**:

- Desire to work in fast-paced environment;
- Self-organization and follow-up skills;
- Excellent verbal and written communication skills;
- Excellent technical procedure and specification writing;
- Effective interpersonal skills;
- Demonstrated ability to lead, motivate, and participate as a team player;
- Creative problem solver;
- Relentless seeker of new knowledge.

As a person, we believe that you
- Have a genuine interest in cyber security, be used to manage highly confidential information, and act with a strict level of professional discretion.
- Have powerful analytic capabilities as well as an ordered and structured approach to problem-solving.
- Have good communication skills and the capability to build strong relations with the internal developer community.
- Are passionate about creating the best technical solutions for our customers at the right price with the right quality, beautiful in design, and with a focus on sustainability.
- Are pragmatic and ensure that we enable the business to flourish, today and tomorrow.
- Excel when confronted by an open-ended situation.

We believe that you are passionate to drive, explore and understand how things are built and how they break. Where theoretical knowledge helps you, it is backed up by practical skills learned and honed beyond what can be taught.

**Job Types**: Full-time, Regular / Permanent

**Salary**: ₹1,000,000.00 - ₹3,000,000.00 per year

**Benefits**:

- Flexible schedule

Schedule:

- Monday to Friday

Supplemental pay types:

- Yearly bonus