Randstad Technologies, a global and national leader in the IT Staffing and Services industry has an immediate need for a Threat Modeling SME to sit onsite in Rockville, MD to join a highly talented and growing cyber security team.
This is a long term contract paying up to $70/hr. Applicants must be authorized to work in the United States without sponsorship.
If you pride yourself in your threat modeling and vulnerability testing, and enjoy showing others your point of view on all things security, we may have the job for you!
You will be able to establish yourself as a subject matter expert (SME) in Application Security, while working collaboratively with application and testing teams early in the SDLC to establish security requirements through threat modeling and research activities.
location: Rockville, Maryland
job type: Contract
salary: $65 - 70 per hour
work hours: 9 to 6
- Help educate application stakeholders to understand relevant security issues, including practical strategies for fully mitigating or partially compensating the associated risks
- Provide an embedded security SME experience to the application community
- Lead the identification and prioritization of security requirement deficiencies, and the architecture and design of security controls
- Develop and implement strategies to promote the consistent use of security controls across the enterprise
- Take appropriate action to resolve security discrepancies
- Participate in the identification, evaluation, and recommendation of new security technologies, techniques, and tools
- Participate in defining, reviewing, and promoting information security policies, standards, guidelines, and procedures
- Participate in internal process improvement initiatives. Provide feedback on processes by offering suggestions.
- Mentor junior staff
- Provide backup coverage for next level management, as appropriate
- Assist with adherence to relevant technology policies, standards, and guidelines
- In depth knowledge of threat modeling (1-3 years)
- Understand Application Security weaknesses
- Ability to explain concepts/ work well with others (train/mentor)
- Experience creating Data Flow Diagrams (DFD)
- Familiar with existing Application Security Risk & Threat Modeling (ASRTM) solutions:
- Security Compass SD Elements (SDE)
- OWASP Top 10
- Knowledgeable in how to identify and test common AppSec issues and countermeasures
- Hands on experience with and an understanding of the pros/cons of common industry threat modeling methodologies; e.g. freeform diagrammatic approaches such as Data and/or Process Flow Diagrams vs. questionnaire-based approaches such as Practical Threat Analysis (PTA)
- Experience with existing Application Security Risk & Threat Modeling (ASRTM) solutions, such as Security Compass SD Elements (SDE), MyAppSecurity ThreatModeler, or IriusRisk.
- Understanding of common industry security categorization schemes, such as STRIDE
- Understanding of common industry risk ranking models, such as DREAD, CVSS, OWASP Risk Rating Methodology, ...; and how each is most effectively used
- Building and delivering training content (Brown Bags, ...) to Developers, Testers and other security professionals.
- Knowledge and experience with AWS security models and configuration
- Development experience is a plus
Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.