Эта вакансия уже завершена
Project Description:
The Threat Modeling team will be utilizing industry standard methodologies and tools to perform Threat Modeling on all the critical software products and report on the finding for further remediation.
Responsibilities:
- Identify, enumerate and prioritize structural system vulnerabilities
- Definine countermeasures to prevent or mitigate the effects of threats
Mandatory Skills:
- University degree, preferably in Computer Science
- Several years of experience in IT security space, preferably in Insurance or Financial industry
- Solid knowledge of IT Security concepts (i.e. OWASP top10 vulnerabilities, threats like spoofing, information disclosure etc.)
- Expertise in performing security tests of web applications
- Expertise in Threat Modeling
- Ability to follow STRIDE/VAST/PASTA methodology (manually or using a tool)
- Hands-on experience in Microsoft SDL tool or other threat modeling tool
- Good understanding of IT architecture diagrams
- Excellent analytical skills and systematic approach to problem solving - ability to ask relevant questions to understand product, user base and other factors important from the perspective of vulnerabilities assessment
- Experience in preparing reports and technical documentation
- Strong communication skills - ability to explain reports or complex technical issues to both Technical Product Architects as well as Executive Team
- Fluent English