Senior Threat Modeller – Global Security
| Company | Royal Bank of Canada |
|---|---|
| Location | Vancouver, BC, Canada |
| Salary | $Not Provided – $Not Provided |
| Type | Full-Time |
| Degrees | Bachelor’s |
| Experience Level | Senior |
Requirements
- Minimum of a B.S. in Computer Science, MIS or related degree and five (5) years of related experience in information security, development, software engineering or a combination of education, training and experience.
- Expertise in threat modelling methodologies (e.g. STRIDE, DREAD, PASTA, etc.) and relevant tools
- Strong written and verbal communication skills with the ability to translate technical findings into business-oriented insights
- Ability to analyze decompose and analyze complex application architectures
- Strong understanding of networking and operating systems (Windows, MacOS, Linux, Unix)
- Understanding of modern, cloud centric architectures and DevOps principles
- A strong understanding of offensive security tactics, techniques, and procedures
Responsibilities
- Define and analyze potential threat scenarios to identify security gaps and assess associated risks
- Develop and provide recommendations on threat mitigation or remediation
- Deliver threat models for applications, systems, and architecture patterns
- Perform code and architectural design reviews for internal and external software products
- Develop and implement tooling and processes to support threat modeling activities
- Develop and deliver security training and education programs for application developers, project managers, architects, and similar roles
- Prioritize and track application security issues across the organization
- Lead implementation efforts for security initiatives and resolutions resulting from internal and external assessments
- Ensure that issues identified are appropriately prioritized and addressed in future product releases
- Work with development teams to guarantee timely resolution of issues
- Identify and provide application security recommendations during requirement and design reviews
- Track open issues and follow up with different teams to address open issues
- Communicates technical information to a non-technical audience and non-technical information to a technical audience in a cross-site and cross-functional setting
- Enable application owners and developers to understand threats and appropriately prioritize security issues and mitigations
Preferred Qualifications
- Certifications in the Cyber Security domain
- Above average performance. You are competitive and passionate. You thrive on challenge and have a proven ability to set ambitious but achievable goals and surpass them
- A team player. At RBC we work together. You will be the type of person that brings that approach to your work. You will have a proven ability to build, grow, and maintain relationships both internally and externally.
- Computer Information Systems Security Professional (CISSP) certification or the ability to obtain within six (6) months