Threat Modeler

Responsibilities

• Perform threat modeling using documented processes such as STRIDE or PASTA.
• Develop, test, and deploy secure Python-based applications and automation tools.
• Identify threats and specify mitigating controls while maintaining high work standards.
• Manage the lifecycle of identified threats and controls within a DevOps environment.
• Design and review technical architectures to ensure security compliance.
• Provide feedback and improvements to existing threat modeling processes.
• Present technical findings and work to senior stakeholders and cross-functional teams.

Requirements

• Minimum of 6 years of IT experience with at least 4 years specifically in Cyber-Security.
• Proven expertise in Threat Modeling (STRIDE, PASTA, Attack trees, or MITRE ATT&CK).
• Strong proficiency in Python (asynchronous programming) and FastAPI.
• Experience with Infrastructure as Code (Terraform or CloudFormation).
• Hands-on experience with CI/CD pipelines, SDLC, and GitOps.
• Knowledge of containerization and orchestration (Docker, K8s, or Serverless).
• Ability to identify vulnerabilities using CWE or OWASP frameworks.
• Experience working in regulated environments and agile/DevOps team structures.

Preferred Qualifications

• Associate or professional level cloud certification (AWS, GCP, or Azure).
• Associate or professional cyber-security certification (e.g., CISA, GSEC, SSCP, or CySA+).
• Experience with Snowflake, MongoDB, Databricks, or GitHub.
• Experience performing or supporting penetration testing.
• Bachelor's degree in a computer-related field or equivalent professional experience.

About the Company

Deloitte is a leading global provider of audit and assurance, consulting, financial advisory, risk advisory, tax, and legal services.