RBC

Senior Threat Modeller – Global Security

RBC

full-time

Posted on:

Location Type: Office

Location: VancouverCanada

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

CloudCyber SecurityLinuxMacOSUnix

About the role

  • Design and implement threat modelling practices that are low-friction, high-value, and scalable across the organization
  • Define and analyze potential threat scenarios to identify security gaps and assess associated risks
  • Develop and provide recommendations on threat mitigation or remediation
  • Deliver threat models for applications, systems, and architecture patterns
  • Perform code and architectural design reviews for internal and external software products
  • Conduct and facilitate threat modelling workshops with technical and business stakeholders
  • Design, develop, and implement tooling and processes to support threat modeling activities
  • Design, develop, and deliver security training and education programs for application developers, project managers, architects, and similar roles
  • Prioritize and track application security issues across the organization
  • Lead implementation efforts for security initiatives and resolutions resulting from internal and external assessments
  • Ensure that issues identified are appropriately prioritized and addressed in future product releases
  • Work with development teams to guarantee timely resolution of issues
  • Identify and provide application security recommendations during requirement and design reviews
  • Track open issues and follow up with different teams to address open issues.
  • Communicates technical information to a non-technical audience and non-technical information to a technical audience in a cross-site and cross-functional setting.
  • Enable application owners and developers to understand threats and appropriately prioritize security issues and mitigations.

Requirements

  • Minimum of a B.S. in Computer Science, MIS or related degree and 5 years of related experience in information security, development, software engineering or a combination of education, training and experience.
  • Expertise in threat modelling methodologies (e.g., STRIDE, DREAD, PASTA, etc.) and modern threat modelling tooling
  • Strong written and verbal communication skills with the ability to translate technical findings into business-oriented insights
  • Ability to analyze decompose and analyze complex application architectures
  • Strong understanding of networking and operating systems (Windows, MacOS, Linux, Unix)
  • Experience working with waterfall, agile, agile variants, and hybrid methodologies of software development
  • Understanding of modern, cloud centric architectures and DevOps principles
  • A strong understanding of offensive security tactics, techniques, and procedures.
  • Certifications in the Cyber Security domain (Nice to have)
  • Experience with designing and delivering training programs for a technical audience (Nice to have)
  • Previous Big 4 consulting experience (Nice to have)
  • Prior experience in banking/ financial services industry (Nice to have)
  • Computer Information Systems Security Professional (CISSP) certification or the ability to obtain within six (6) months (Nice to have).
Benefits
  • A comprehensive Total Rewards Program including bonuses and flexible benefits
  • Competitive compensation
  • Commissions and stock where applicable
  • Dedicated budget for annual training and conference attendance
  • Leaders who support your development through coaching, training, and managing opportunities.
  • Ability to make a difference and lasting impact.
  • Work in a dynamic, collaborative, progressive, and high-performing team. Opportunities to do challenging work.
  • Opportunities to take on progressively greater accountabilities.
  • Opportunities to build close relationships with various cyber security teams.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
threat modelling methodologiesSTRIDEDREADPASTAapplication securitynetworkingoperating systemscloud centric architecturesDevOps principlesoffensive security tactics
Soft Skills
strong written communicationstrong verbal communicationability to translate technical findingsanalyze complex application architecturesleadershipfacilitationcross-functional communicationprioritizationproblem-solvingtraining delivery
Certifications
B.S. in Computer ScienceCISSP certification