Cyber Security Analyst – Threat Modeling is responsible for performing security assessments for applications, infrastructure and emerging technologies and guiding product / service teams in secure design of IT systems.

Skillset required:

Experience in different Threat Modeling methodologies (E.g.: STRIDE, VAST, Attack Tree etc.). Knowledge of security assessment, risk management processes, cyber security threats, vulnerabilities, attack methods and techniques.  Knowledge of organization's information security policies, standards, and procedures. Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).  Knowledge of network access, cryptography, cryptographic key management concepts, identity and access management (e.g.: OAuth, OpenID, SAML).  Experience in cloud security and API security. Experience in security assessment for Microservices architecture, Databases (SQL/NoSQL), Google Cloud Platform resources like cloud storage, Redis Pub/Sub and Cloud Run. Knowledge of computer networking and network security architecture concepts including topology, protocols, components, and principles. Knowledge of laws, regulations, policies, and ethics related to cybersecurity and privacy.  Experience in handling web application security risks - OWASP Top-10 E.g.: Injection attacks, buffer overflow, cross-site scripting etc. Skill to provide security controls guidance related to data usage, processing, storage, and transmission. Ability to evaluate information for reliability, validity, and relevance. Excellent analytical, communication, documentation, and presentation skills. Knowledge of emerging technologies like AI/ML, Zero Trust, LCNC etc. and willingness to learn new technologies and concepts. Strong knowledge of Agile practices and SDLC Self-Starter who can work in ambiguous situations and drive to a solution. Strong interpersonal skills, including ability to educate and influence.  

Qualifications required:

Bachelor’s degree in computer science, Cyber Security, or related field of study 5+ years of experience in Cyber Security or related fields of IT. 2+ years of experience in Application development / Infrastructure management Knowledge on Security Framework such as NIST CSF, ISO27001, OWASP Top-10 etc. Cyber security certifications like CISSP, OSCP, CEH, Pentest+ are highly desirable.

Position responsibilities include:

Perform threat modeling for Enterprise and SaaS IT assets. Gain understanding of the business process, application architecture, IT infrastructure and interaction with external entities.  Work with business, application, and supplier teams to perform in-depth threat assessments by leveraging methods such as STRIDE, VAST, Attack Tree etc. Provide subject matter expertise in assessing potential security threats in the application architecture and evaluate security controls to mitigate threats. Assess the risk of identified threats by evaluating likelihood and impact, determine countermeasures and remediation. Apply Information Security Policy and industry security standards (E.g.: OWASP, NIST, CIS etc.,) and guide application teams to help build secure products. Follow security governance process for issue tracking and closure. Ensure that security improvement actions are evaluated, validated, and implemented as required. Provide feedback for improving Threat Modeling tools and processes. Develop and maintain Threat library for custom application/infrastructure components. Leverage industry best practices to continually improve process maturity. Provide input to the Risk Management Framework and related documentation. Promote awareness of security issues among application teams and business teams through training and awareness programs. Provide training and guidance to junior team members in Threat Modeling processes and tools. Report threats and associated risk metrics to management Stay updated through continuous learning of emerging technologies like LLM, ZTNA, LCNC etc.