Who We Are Looking ForWe are looking for a
Senior Threat Modeler. You will be responsible for performing threat modeling activities across enterprise applications, cloud platforms, APIs, and emerging technologies to identify security risks early in the development lifecycle and drive secure-by-design outcomes. You will partner with architects, engineers, developers, and cybersecurity teams to strengthen the security posture of critical business systems and technology platforms.
What You Will Be Responsible ForAs a
Senior Threat Modeler, you will:
- Conduct threat modeling activities for business applications, cloud-native platforms, APIs, and strategic technology initiatives.
- Analyze application architectures, data flows, trust boundaries, and cloud deployments to identify security threats and design weaknesses.
- Partner with application development, cloud engineering, and security teams to recommend practical risk mitigation strategies and secure design improvements.
- Perform security assessments using established methodologies such as STRIDE, MITRE ATT&CK, attack trees, and risk-based analysis techniques.
- Contribute to the development of threat modeling standards, reusable patterns, training materials, and secure-by-design practices across the enterprise.
- Strong knowledge of cloud-native architectures and security controls across AWS, Azure, and Google Cloud, with the ability to identify and mitigate risks in distributed, containerized, and platform-based environments.
What We ValueThese skills will help you succeed in this role:
- Strong analytical, problem-solving, and risk assessment skills with the ability to identify complex security threats and vulnerabilities.
- Deep understanding of application security, cloud security, secure software development, and modern technology architectures.
- Strong communication and stakeholder management skills, with the ability to influence engineering and architecture teams.
- Experience working in large-scale, complex environments with diverse technology stacks and distributed teams.
- Ability to translate technical security findings into actionable recommendations that reduce business risk.
Education & Preferred Qualifications- Degree in Computer Science, Cybersecurity, Information Technology, Engineering, or a related discipline.
- 12 years or more of experience in application security, cloud security, cybersecurity architecture, threat modeling, or related technology disciplines, with at least 7 years of hands-on cybersecurity experience preferred.
- Demonstrated experience conducting threat modeling exercises for enterprise applications, APIs, cloud platforms, and distributed systems.
- Strong expertise in application security principles, secure software development lifecycles, OWASP Top 10, API security, and secure coding practices.
- Experience assessing and securing cloud environments across AWS, Azure, and/or Google Cloud Platform.
- Knowledge of microservices, containers, Kubernetes, CI/CD pipelines, DevSecOps practices, and modern software architectures.
- Experience with threat modeling methodologies such as STRIDE, MITRE ATT&CK, attack trees, and adversary-based risk analysis.
- Professional certifications such as CISSP, CCSP, CSSLP, GWAPT, GWEB, AWS Security Specialty, Azure Security Engineer, or equivalent security certifications are highly desirable.
- Experience within financial services or other highly regulated industries is preferred.
Additional Requirements- Ability to effectively collaborate with development, engineering, architecture, and cybersecurity teams.
- Strong written and verbal communication skills with the ability to present technical findings to both technical and non-technical audiences.
- Limited travel may be required based on business needs.
Work RequirementHybrid: Expected to work in accordance with State Street's hybrid work model.
Shift: Standard business hours with flexibility to support global stakeholders across multiple time zones.
Salary Range: $120,000 - $202,500 Annual
The range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
Employees are eligible to participate in State Street's comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.
For a full overview, visit https://hrportal.ehr.com/statestreet/Home.