Job Description

Seeking multiple Cyber Security/Threat Modeling Engineers to my client on their dynamic, cross-functional team dedicated to delivering cutting-edge digital business transformation solutions for our clients. This is an individual contributor position with a strong focus on Security Architecture and Threat Modeling.

Salary: Senior Level: 140-160K Manager Level: 160-180K

Location: Hybrid role in Rutherford, NJ

Your Impact:

• Lead and execute in-depth threat modeling exercises by leveraging established methodologies, frameworks, and industry best practices to identify vulnerabilities.
• Uphold a high standard of excellence and precision in recognizing potential threats and articulating effective, tailored mitigation strategies.
• Take ownership of the threat lifecycle management, ensuring threats and associated mitigation controls are continuously monitored, updated, and refined based on evolving risks and business needs.
• Deliver high-quality, comprehensive threat models and associated deliverables within established timelines, ensuring that the overall security posture is continuously strengthened.
• Provide actionable feedback, insights, and suggestions to refine and enhance the threat modeling process and overall security strategy, contributing to the team's continuous improvement.
• Regularly present findings, progress, and strategic recommendations to senior leadership, technical teams, and stakeholders, ensuring alignment with business objectives and security goals.

Qualifications: We are seeking a highly skilled and experienced professional with over 8 years of expertise in various technologies and processes, including:

• Proficiency in Google Cloud Platform (GCP) – a critical skill for this role.
• Extensive knowledge of security architecture principles, industry frameworks, and best practices for designing resilient and secure systems.
• Hands-on experience with advanced threat modeling methodologies, including MITRE ATT&CK, STRIDE, PASTA, and others, ensuring a holistic approach to threat identification and mitigation.
• 5+ years in Cybersecurity with an emphasis on building robust security architectures and threat management processes.
• Solid understanding of security practices, including authentication, authorization, encryption, logging/monitoring, network segmentation, and infrastructure security.
• Expertise in REST API security and their integration within secure architectures.
• Familiarity with scripting languages and Infrastructure as Code tools such as Terraform and CloudFormation , ensuring efficient and secure infrastructure management.
• Proficiency in Jira or other ticketing systems – a must-have for managing workflows and tracking security tasks.
• Strong technical architecture design and review skills, ensuring the alignment of security initiatives with system and application designs.
• Ability to identify vulnerabilities using established security databases and frameworks such as CWE or OWASP , and develop strategies to remediate them.
• Deep knowledge of operating systems, including advanced hardening techniques to bolster overall security resilience.
• Understanding of modern software development concepts such as CICD , Pipelines , and SDLC , ensuring security is seamlessly integrated into development processes.
• Practical experience with penetration testing , identifying security gaps and vulnerabilities in systems and applications.
• Familiarity with Cloud Development Kit (CDK) and GitOps methodologies, enabling efficient cloud-native development and deployment practices.
• Experience working within DevOps and agile teams, ensuring that security is integrated throughout the lifecycle of development and operations.
• Proficiency with Docker , Kubernetes , serverless architecture , and Helm , ensuring secure containerization and orchestration practices in cloud environments.
• Exposure to platforms like Snowflake , MongoDB , GitHub , Databricks , and others, adding depth to cloud-based security strategies.
• Excellent analytical and problem-solving skills , demonstrating a keen eye for detail in identifying and addressing complex security issues.

Set Yourself Apart With:

• Professional Security Certifications such as CISSP , CCSP , CISA , CISM , or ITIL to demonstrate your expertise in the field.
• GCP Certifications such as GCP Professional Cloud Architect or GCP Professional Cloud Security Engineer are highly desirable, showcasing advanced cloud security knowledge.
• A solid understanding of industry security standards, including ISO , NIST , and Cloud Security Alliance (CSA) frameworks, to ensure compliance and best practices.
• Hands-on experience with cloud security designs and implementations specifically within the GCP ecosystem.

Job Tags

Similar Jobs