Threat Modelling

Threat Modelling (Toronto, ON, M5A 3N7) | 04/07/26

Job Description Job Title:

Threat Modelling

Location:

Toronto, ON (Hybrid)

Job Description:

Conducts security risk assessments of applications with respect to design and implementation of system and application code. Develop and manage security governance processes and procedures for the threat modeling program and application security design & DevSecOps programs. Assist in the development of threat modeling governance documentation. Works with information security leadership to develop strategies and plans to enforce threat modeling and address identified control gaps. Develops reports for management concerning residual risk and non-compliance. Monitor and track compliance with application owners to ensure implementation of security controls as planned. Review issued security controls with application owners to ensure identified requirements are implemented. Validate implementation of security controls against outputs of scanning tools to enable auditability and verifiability. Assist application owners in filing appropriate security standard exceptions as identified through threat modeling. Develop, Maintain, update and enhance secure design patterns and secure coding standards. Develop, Maintain, update and enhance threat libraries. Socialize secure design patterns and secure coding standards with engineering teams. Assist application teams with threat modeling consultancy questions. Consistently enable strong developer and customer experience when liaising with application teams. Uphold Blue Box values when liaising with application teams. Develop innovative attack techniques to foil protective design and in-place mitigations. Participate in the development of strategies for information security processes and programs. Support the investment decision process by developing business cases and cost benefit analysis Create reports and other materials to assist in prioritizing activities related to various threats to applications. Recommend resource types and skillsets required to resolve project and process issues. Document current and desired future state capabilities, incorporating industry leading technologies that enhance AXP's ability to manage IT risk and protect data Provide ongoing awareness and education of industry efforts and statistics relevant to information security. Develop and define IT and information security standardized metrics and criteria. Facilitates improvement solutions by working with all levels across Technology to determine security technology solutions that align with business strategies, IT strategic directions and compliance obligations. Facilitates Agile events that help the team deliver value incrementally and iteratively Supports the Program Increment (PI) execution through facilitating team level events and partners with the RTE. Supports the team in achieving the PI objectives. Provides consultation and advice to assess information security risks and mitigate controls to protect corporate intellectual capital, and other sensitive data.

Required Qualifications:

Experience with threat modeling frameworks, attack vectors and vulnerability analysis:

CAPEC, ATT&CK, STRIDE.

Experience with application security controls (Web, API, Mobile, AI). Experience with common information security management and application frameworks:

NIST 800-53, CSF, OWASP ASVS.

Experience with Application Security design and DevSecOps Full stack knowledge of application architectures including Single Page Applications, REST APIs, SOAP APIs, Mobile Applications. Experience with Java, JavaScript and mobile application development. Knowledge or familiarity with database architectures including Oracle, SQL, DB2 and NoSQL Databases Experience with Cloud security, architecture, design, implementation, and operations Exposure to IAM Controls (OAuth 2.0, OIDC, JWT) Strong familiarity with Cryptography Controls (Data at rest, in motion).

CISSP, CISM, CSSLP, CISA, CRISC, OSCP

Regards, Ajay Tanwar E-Solutions Inc. | 2 North Market Street | Suite #400 | San Jose, CA - 95113

US Direct:

669-250-0966 |

Fax:

408-521-0167

Email:

ajay.t@e-solutionsinc.com |

Web:

www.e-solutionsinc.com USA | CANADA | UK |

SINGAPORE

|

MALAYSIA

|

INDIA Disclaimer:

 E-Solutions provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a covered veteran in accordance with applicable federal, state and local laws. We especially invite women, minorities, veterans, and individuals with disabilities to apply. EEO/AA/M/F/Vet/Disability. Threat Modelling1Cloud, SQL, Oracle, api, javascript, security, OWASP, DevSecops, OAuth 2.0 Canada