Information Security Engineer 4

Location: Charlotte, NC
Salary: $70.00 USD Hourly - $72.00 USD Hourly
Description: Our client is currently seeking a Information Security Engineer 4

MUST HAVES -
Need a strong person - extremely organized - a go getter - to get stuff done
Strong program operations, service delivery, or platform governance experience.
Demonstrated ability to run a productized internal service at scale.
Working knowledge of threat modeling concepts and SDLC integration.
High proficiency with Jira, dashboards, and operational reporting tools.
Excellent written and verbal communication skills, including executive-level reporting.
Proven ability to enforce process discipline under pressure and competing demands.

Preferred Experience
Background in application security, AppSec operations, or security service delivery.
Experience launching or operating "X as a Service" models (Security, Platform, DevEx).
Familiarity with cloud, identity, and API centric architectures.
Experience supporting globally distributed delivery teams.
Prior ownership of metrics, SLAs, or internal service health reporting.

Threat Modeling Program Operations Lead (TMaaS)
Position Summary
The Threat Modeling Program Operations Lead is a high judgment operator responsible for running Threat Modeling as a Service (TMaaS) as a scalable, repeatable, and defensible delivery model. This role orchestrates end to end workflows, governs intake and readiness, enforces service boundaries, and eliminates process inefficiencies to achieve step function productivity gains.
The Operations Lead owns the operational backbone of the threat modeling factory: intake triage, readiness enforcement, scheduling, WCA management, and executive reporting. This role also coordinates TMaaS enablement across business units by standardizing service tiers, delivery expectations, communication cadences, and metrics.
The ideal candidate excels at building executive ready dashboards, managing cross cultural delivery across U.S. and India teams, and protecting architect capacity by ensuring only ready, in scope work enters the system.
________________________________________
Core Responsibilities
1. TMaaS Intake Governance & Service Enforcement
Own and manage all incoming threat modeling requests across the enterprise.
Enforce TMaaS intake standards, eligibility criteria, and service scope.
Validate intake submissions for completeness, accuracy, and service alignment.
Map requests to the correct business unit, application team, and security champion.
Categorize requests by TMaaS service tier (e.g., standard, expedited, exception-based).
Assign Internal Work Deadlines (IWD) and record External Commitment Deadlines (ECD).
Insert approved requests into engineering Jira boards and track lifecycle status.
Classify threat model type (cloud, identity-heavy, API-heavy, legacy).
Segment requests by complexity (low, medium, high) to support capacity planning.
Initiate and govern the standard 6 week TMaaS delivery clock.
________________________________________
2. Readiness Management & Client Enablement
Enforce the TMaaS readiness gate before analysis begins.
Validate completion of the 10 point readiness checklist.
Score readiness and identify missing or inadequate artifacts.
Proactively engage application teams, champions, and engineers to close readiness gaps.
Issue standardized readiness communications at defined milestones (T-6, T-4, T-3, T-2, T-1).
Send formal "risk to ECD" notices when readiness threatens delivery.
Facilitate working sessions focused on artifact completion, not analysis.
Document all readiness outreach, delays, and non responsiveness for auditability.
________________________________________
3. Scheduling, Capacity & Demand Management
Maintain the architect capacity model and enforce WIP limits (maximum three concurrent models per architect).
Schedule TMaaS delivery around PTO, holidays, and sprint cycles.
Dynamically adjust start dates based on readiness and customer responsiveness.
Drive formal go / no go decisions at internal deadlines.
Surface demand vs. capacity mismatches early with data-backed recommendations.
________________________________________
4. Waiting on Customer Action (WCA) Tracking & Escalation
Track all WCA delays and classify by missing artifact or decision type.
Log WCA hours and days with timestamps for service-level analytics.
Execute structured escalation paths (Champion ? Manager ? Director ? CIO).
Produce weekly WCA summaries by business unit and application.
Supply WCA analytics to executive dashboards to highlight systemic bottlenecks.
________________________________________
5. TMaaS Communication & Jira Operations
Own Jira workflow hygiene, task insertion, and status accuracy.
Maintain standardized communication templates for reminders, escalations, and status updates.
Enforce a predictable TMaaS communication cadence (weekly, milestone-based, executive).
Coordinate clarifying calls only when readiness artifacts are available.
Maintain shared milestone calendars and delivery timelines.

By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.

Contact:

This job and many more are available through The Judge Group. Please apply with us today!