Overview
Skills
Job Details
Role Title Threat Modeling Analyst
Required Skills Core Skills
Threat Modeling Expertise:
Strong knowledge of methodologies (STRIDE, PASTA, LINDDUN, VAST).
Ability to map application architecture and data flows to identify attack vectors.
Experience identifying and protecting "crown jewel" assets.
Application Security:
Understanding of web and enterprise application architectures (front-end, back-end, APIs, middleware).
Knowledge of common vulnerabilities (OWASP Top 10, CWE, CAPEC).
Familiarity with secure SDLC and how threat modeling integrates into release cycles.
Risk Assessment & Mitigation:
Ability to assess threats and assign likelihood/impact to prioritize risks.
Experience defining actionable security requirements from threat models.
Knowledge of compliance and regulatory requirements (NIST, PCI DSS, HIPAA depending on environment).
Preferred Skills
Responsibilities Role Description
Conduct threat modeling for the ABE and IES Worker Portal applications during major releases. This includes analyzing application architecture, data flows, and crown jewel assets to identify potential threats. The work is integrated into the continuous vulnerability assessment process to strengthen security posture and ensure proactive risk mitigation.
MUST HAVE concrete experience related to threat modeling methodologies or tools
must work as a w2 consultant
background check required