Application Security Consultant

Title: Application Security Consultant - Threat Modeling

Duration: 6 months (Possibility of extension)

Location: Toronto, ON (hybrid, once a week onsite)

Job Summary:

As a Threat Modeling Consultant, you will be part of Application Security Risk Assessments team within Cybersecurity. The Application Security Risk Assessment team performs Threat Modelling of applications and technology designs to identify threats early in Client Financial Group’s SDLC and risk management process. The Application Security Risk Assessment team is part of highly collaborative Cybersecurity and Technology organization. As a Threat Modeling Consultant, you will have an opportunity to take collaborative approach in identify relevant security threats to business technology and countermeasures, maintain an understanding of security standards and patterns, produce quality reports, and enable business objectives.

About Client:

The Financial Crimes Unit (FCU) brings together our Cybersecurity, Fraud, Physical Security and Resilience Planning capabilities to address the ever-growing and increasingly complex global security environment. It is a highly collaborative effort that greatly enhances Client’s ability to rapidly prevent, detect, respond to, and recover from all security & crisis threats.

Skills and Experience we are looking for:

• Proficient level working experience in application security and security risk management practices.
• Working experience in Agile methodologies.
• Proficient level knowledge of Threat Modeling methodologies (e.g., Attack Trees, MSTM/STRIDE, PASTA) or performing Architecture Risk Analysis.
• Abreast of new technology trends and associated application security risks.
• Proficient ability to decompose applications and system designs in hybrid cloud architectures to identify potential threats.
• Prior experience in software development (e.g., Java, JS, Python) is preferred.
• Prior experience in 2 or more other security domains, e.g., ethical hacking, cloud security, network security, platform security, IAM is preferred.
• Proficient communication and negotiations skills, both verbal and written.
• Is empathetic and eager to solve problems and always maintains high integrity.
• Typically 3+ years of relevant experience and a post-secondary degree in Computer Science, Engineering, or Information Systems or a related field of study or an equivalent combination of education