Cyber Security Analyst – Threat Modeling is responsible for performing security assessments for applications, infrastructure and emerging technologies and guiding product / service teams in secure design of IT systems. **Position responsibilities include:** + Perform threat modeling for Enterprise and SaaS IT assets. + Gain understanding of the business process, application architecture, IT infrastructure and interaction with external entities. + Work with business, application, and supplier teams to perform in-depth threat assessments by leveraging methods such as STRIDE, VAST, Attack Tree etc. + Provide subject matter expertise in assessing potential security threats in the application architecture and evaluate security controls to mitigate threats. + Assess the risk of identified threats by evaluating likelihood and impact, determine countermeasures and remediation. + Apply Information Security Policy and industry security standards (E.g.: OWASP, NIST, CIS etc.,) and guide application teams to help build secure products. + Follow security governance process for issue tracking and closure. Ensure that security improvement actions are evaluated, validated, and implemented as required. + Provide feedback for improving Threat Modeling tools and processes. + Leverage industry best practices to continually improve process maturity. + Promote awareness of security issues among application teams and business teams through training and awareness programs. + Stay updated through continuous learning of emerging technologies like LLM, ZTNA, LCNC etc. **Skillset required:** + Experience in handling web application security risks - OWASP Top-10 E.g.: Injection attacks, buffer overflow, cross-site scripting etc. + Skill to provide security controls guidance related to data usage, processing, storage, and transmission. + Knowledge of different Threat Modeling methodologies (E.g.: STRIDE, VAST, Attack Tree etc.). + Knowledge of security assessment, risk management processes, cyber security threats, vulnerabilities, attack methods and techniques. + Knowledge of organization's information security policies, standards, and procedures. + Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). + Knowledge of network access, cryptography, cryptographic key management concepts, identity and access management (e.g.: OAuth, OpenID, SAML). + Knowledge of cloud security and API security. + Knowledge of security assessment for Microservices architecture, Databases (SQL/NoSQL), Google Cloud Platform resources like cloud storage, Redis Pub/Sub and Cloud Run. + Knowledge of computer networking and network security architecture concepts including topology, protocols, components, and principles. + Knowledge of laws, regulations, policies, and ethics related to cybersecurity and privacy. + Ability to evaluate information for reliability, validity, and relevance. + Excellent analytical, communication, documentation, and presentation skills. + Knowledge of emerging technologies like AI/ML, Zero Trust, LCNC etc. and willingness to learn new technologies and concepts. + Knowledge of Agile practices and SDLC + Self-Starter who can work in ambiguous situations and drive to a solution. + Strong interpersonal skills, including ability to educate and influence. **Qualifications required:** + Bachelor’s degree in computer science, Cyber Security, or related field of study + 2+ years of experience in Cyber Security or related fields of IT. + Knowledge on Security Framework such as NIST CSF, ISO27001, OWASP Top-10 etc. + Cyber security certifications like CISSP, OSCP, CEH, Pentest+ are highly desirable. **Requisition ID** : 49911