FREE ACCESS
5,000–10,000 jobs/day

See all jobs on JobTailor
Search thousands of fresh jobs every day.
Discover
- Fresh listings
- Fast filters
- No subscription required
Create a free account and start exploring right away.

Information Security Review, Threat Modelling Engineer
DeloitteInformation Security Review & Threat Modelling Engineer at global financial institution. Conducting security reviews and collaborating with engineering teams for compliance and risk mitigation.
Tech Stack
Tools & technologiesAWSCloudCyber SecurityGoogle Cloud PlatformPythonSDLCTerraform
About the role
Key responsibilities & impact- Perform end-to-end security reviews of infrastructure products and validate compliance with enterprise information security standards.
- Work closely with engineering teams and third-party vendors to obtain information required for security assessments.
- Review technical documentation and perform hands-on security testing of infrastructure products.
- Identify security vulnerabilities, compliance gaps and non-conformities.
- Produce detailed security findings and recommend remediation or risk mitigation strategies.
- Support Information Security teams throughout remediation activities.
- Design and review secure technical architectures.
- Embed quality control measures across security review processes.
- Produce high-quality technical documentation and maintain audit-ready evidence.
- Manage stakeholder expectations and communicate findings effectively.
- Escalate risks and issues appropriately.
- Support internal and external security audits.
Requirements
What you’ll need- Minimum 6 years’ IT experience, including at least 4 years in Cyber Security/Information Security across cloud and on-premises environments.
- 3-5 years’ experience within Information Security or Information Technology.
- Strong experience reviewing infrastructure security.
- Hands-on cloud security experience across AWS and/or GCP.
- Demonstrated expertise in Threat Modelling methodologies such as STRIDE, PASTA or MITRE ATT&CK/ATLAS.
- Strong understanding of authentication, authorisation, encryption, logging & monitoring, infrastructure security and network segmentation.
- Ability to design and review secure technical architectures.
- Strong understanding of Infrastructure as Code (Terraform and/or CloudFormation).
- Experience with Software Development Lifecycle (SDLC) and CI/CD pipelines.
- Hands-on Python scripting skills with the ability to read, write and analyse scripts.
- Experience across multiple technology domains.
- Security testing experience is advantageous.
- Associate or Professional AWS or GCP Cloud Certification (mandatory).
- Associate or Professional Cyber Security Certification (mandatory).
- Excellent analytical and problem-solving skills.
- Strong written and verbal communication.
- Excellent stakeholder and project management skills.
- Degree in Computer Science, Cyber Security or related discipline preferred.
Benefits
Comp & perks- Holiday pay
- Potential extensions of contract
ATS Keywords
✓ Tailor your resumeApplicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
Cyber SecurityInfrastructure Security ReviewCloud SecurityThreat ModellingInfrastructure as CodePython ScriptingSecurity TestingCompliance ValidationTechnical DocumentationRisk Mitigation Strategies
Soft Skills
Analytical SkillsProblem-Solving SkillsWritten CommunicationVerbal CommunicationStakeholder Management
Certifications
AWS Cloud CertificationGCP Cloud CertificationCyber Security Certification