Job Description
Title : Systems Architect 3 (AppSec Threat Modeling) Location : Remote Interview : 2 steps Teams video What they need (in short) Looking for a developer who moved into security (NOT a security-only profile). Someone who can : β’ Deconstruct enterprise application architectures (app server DB middleware networking dependencies) β’ Build application threat models and publish results β’ Automate AppSec work (tooling, APIs, CI / CD integration, security logic in pipelines / microservices) β’ Use Python (write), and read Java + C# β’ Leverage Copilot / AI agents for analysis and code review Responsibilities β’ Partner with app / service / platform teams to capture accurate architecture details β’ Create threat models using tooling (ThreatModeler / MS Threat Modeling Tool / OWASP Threat Dragon) β’ Apply methodology (STRIDE / PASTA / OCTAVE / LINDDUN / VAST) to identify & prioritize threats β’ Validate mitigations via designs / configs / source code evidence β’ Recommend mitigations and present / publish results β’ Collaborate with Cybersecurity Architecture on new controls where gaps exist Required Qualifications β’ 4+ years Systems Architecture and / or Systems Development β’ 3+ years Cybersecurity experience (work / training / education / certs) β’ 1+ year AWS / Azure / GCP β’ 1+ year Python programming β’ Proficient in at least one Threat Modeling methodology (STRIDE / PASTA / etc.) β’ Familiar with OWASP Top 10, CAPEC, MITRE ATT&CK , secure design principles β’ Ability to run multiple threat models in parallel with short cycle times Desired β’ CISSP / CCSP and / or cloud certs β’ 3+ years leading architecture risk reviews / threat models β’ Threat Modeling GenAI / Threat Modeling-as-Code (TaaC) Apply tot his job