Synergy Interactive · 13 hours ago
Sr. Manager, Threat Modeling Engineer
United States
Full-time
Remote
Senior Level, Lead/Staff
$180K/yr - $200K/yr
8+ years expSynergy Interactive is seeking a Senior Engineer - Threat Modeling to be part of a cross-functional team delivering digital business transformation solutions. This role focuses on Security Architecture and Threat Modeling, conducting security reviews, and collaborating with various teams to manage and mitigate potential threats.
ConsultingCreative AgencyEmploymentInformation TechnologyMarketingProfessional ServicesRecruitingStaffing Agency
Responsibilities
Conduct thorough threat modeling exercises utilizing established methodologies and frameworks
Maintain a rigorous standard of excellence in identifying potential threats and specifying effective mitigation controls
Manage the lifecycle of identified threats and associated controls, ensuring timely updates and adjustments as necessary
Deliver comprehensive threat models and related tasks within specified timeframes
Offer constructive feedback, support, and suggestions for enhancing the existing threat modeling process
Present findings and progress updates to senior leadership, team members, and relevant technical stakeholders
Qualification
Required
8+ years of experience in a range of technologies and processes
Proficiency in GCP - essential
Strong knowledge of security architecture principles, frameworks, and best practices
Experience working with threat modeling methodologies such as MITRE ATT&CK, STRIDE, PASTA etc
Overall experience in Cybersecurity: 5+ years
Security practices encompassing authentication, authorization, logging/monitoring, encryption, infrastructure security, and network/segmentation
Knowledge of Rest API
Knowledge in scripting languages and Infrastructure as Code (Terraform, CloudFormation)
Familiarity with Jira or other ticketing systems – essential
Technical architecture design and review skills – essential
Ability to identify vulnerabilities using CWE or OWASP
Knowledge of operating systems and their hardening techniques
Understanding of development concepts such as CICD, Pipelines, and SDLC
Penetration testing knowledge is also super useful
Familiarity with Cloud Development Kit (CDK) and GitOps
Experience operating in a DevOps/agile team environment
Understanding of docker, Kubernetes, serverless architecture, and Helm
Exposure to platforms like Snowflake, MongoDB, Terraform Cloud, GitHub, and Databricks
Strong analytical skills, diligence, and attention to detail
Willingness to conduct research using vendor documentation
Capability to create and maintain high-quality documentation
Possession of an adversary mindset
Continuous learning attitude towards new technologies and methodologies
Strong problem-solving skills
Excellent communication and collaboration abilities
Ability to build and nurture relationships across cross-functional teams
Preferred
Professional Security Certifications: CISSP, CCSP, CISA, CISM, ITIL
Relevant GCP certifications are highly desirable: GCP Professional Cloud Architect, GCP Professional Cloud Security Engineer
Strong knowledge of industry standards as they relate to Cloud and Application security management to include ISO, NIST, and Cloud Security Alliance (CSA)
Hands-on-experience with cloud security designs on GCP
Experience working in regulated environments
Exposure to agile development, DevOps, SecOps and scrum teams
Experience with another CSP provider: AWS, Azure
Development experience (python, Node)
Strong desire to learn and contribute solutions and ideas to broader team
Company
Synergy Interactive
Synergy Interactive is a forward-thinking staffing firm that ignites innovation by connecting visionary companies with elite AI and digital talent.
51-200 employees
Funding
Current Stage
Growth StageLeadership Team
B
Blake Bhatia
CEO, Founder
Company data provided by crunchbase