REQUIRED SKILLS AND EXPERIENCE
- 7-10+ years of experience working within Information Security with a focus on building processes and frameworks within Threat Modeling/TRA's at large enterprises - Assist with implementing the strategy on how STRIDE methodology will integrate with SDLC and have developers work-in this methodology when they're developing - Experience with creating the framework on how to build out TRA's appropriately You can demonstrate experience in Application Security, Vulnerability Management, and data security standards and best practices. You bring senior-level experience in application security or similar security services. It is considered an asset if you have threat modeling knowledge and experience. You can demonstrate experience in dynamic and static application security testing, penetration testing, web application firewalls, runtime protection, mobile application security, and broader threat and vulnerability management capabilities.
JOB DESCRIPTION
- Strategic Leadership and Governance – You will drive the creation and ongoing refinement of the Application Security strategy, with a particular emphasis on advancing threat modeling and security testing methodologies and tools. This role requires strong cross-functional collaboration to gather requirements, develop business cases and lead projects, including proof of concepts, in the capacity of a product owner. Having a continuous improvement mindset is essential, as you will be responsible for identifying and implementing opportunities to enhance both security testing processes and operational efficiency within the domain. Security Testing and Assessment – You will oversee the implementation, management, and continuous improvement of threat modeling services, security testing services such as Enterprise SaaS Application Security, and supporting our risk advisory partners during threat risk assessments. You will measure and report on the effectiveness of these activities to ensure comprehensive coverage and timely remediation of identified vulnerabilities. Additionally, you will conduct regular reviews and analysis of testing results, trends, and emerging threats, using these insights to inform and strengthen risk mitigation strategies. Communication and Advocacy – You will prepare and delivery clear, compelling documentation and presentations to executive leadership, effectively articulating the value and necessity of threat modeling and security testing initiatives. You will also drive awareness and provide training to application development teams, ensuring they understand the importance and effective use of threat modeling and security testing tools and processes. Your role will include evaluating business needs against current and emerging risks and providing actionable recommendations to strengthen the organization’s security posture. Advisory and Relationship Management – You will act as a trusted advisor to development teams, operations, infrastructure and risk advisory teams, guiding them to integrate threat modeling and security testing into their workflows and prioritize remediation efforts based on risk. You will oversee the identification, assessment and management of security risks and design flaws in key applications, offering practical and prioritized solutions. Staying current with the evolving threat landscape and cultivating partnerships with industry peers and vendors will be essential to ensuring the bank remains at the forefront of application security.
Pay: From $68.00 per hour
Work Location: Hybrid remote in Toronto, ON (Toronto District)