Threat Modeler / Threat Actor

Bank of America   •  

Simi Valley, CA

Industry: Business Services


5 - 7 years

Posted 377 days ago

This job is no longer available.

Job Description:

We are looking for a skilled architect with who can bring Threat Modeling capabilities to GIS and LOB teams. If you have hands on, in depth understanding of software development processes including: design, development, integration, quality assurance, and threat modeling.

Required Skills & Experience

Skills needed are below:

  • Build data flow diagrams including processes, data flows, trust boundaries, and data stores
  • Define securitydesign patterns for Authentication, Strong Authentication, Coarse and Fine Grained Authorization (RBAC, ABAC)
  • Develop Threat Models that enumerate threats by attack surface, and identify countermeasure options
  • Define defensive services that can mitigate SQL Injection, Cross-Site Scripting (XSS) and other common threats
  • Develop and deliver Threat Model training
  • Build attack trees to drill on specific attacks in detail
  • Engage with a wide variety of different projects and technologies and deliver actionable guidance on how to proceed on countermeasures
  • Able to write python scripts and develop integration with Maven, Jenkins

Enterprise Role Overview:

As an experienced professional, provide advice to client management with regard to moderately complex security issues. Assists in the review, development, testing and implementation of security plans, products and control techniques. Coordinates the reporting data security incidents. Provides technical support to the client and management and staff in risk assessments and implementation of appropriate data security procedures and products. Monitors existing and proposed security standard setting groups. State and Federal legislation and regulations. Identifies and escalates changes that will affect information security policy, standards and procedures. Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs. Researches attempted efforts to compromise security protocols. Administers security policies to control access to systems and maintains the company firewall. Works on complex problems where analysis of situations or data requires an in-depth evaluation of various factors. Exercises judgment within broadly defined practices and policies in selecting methods, techniques, and evaluation criterion for obtaining results. Work leadership may be provided by assigning work and resolving problems. Typically 5-7 years of IT experience.

Job number: 17073891