Senior Threat Modeling Analyst
Join a ChallengerBeing a traditional bank just isn’t our thing. We are big believers in innovating the banking experience because we believe Canadians deserve better options, and we challenge ourselves and our teams to creatively transform what’s possible in banking. Our team is made up of inquisitive and agile minds that find smarter ways of doing things. If you’re not afraid of taking on big challenges and redefining the future, you belong with us. You’ll get to work with people who will encourage you to reach new heights. We like to keep things fun, ask questions and learn together. We are a big (and growing!) family. Overall we serve more than 370,000 people across Canada through Equitable Bank, Canada's Challenger Bank™, and have been around for more than 50 years. Equitable Bank's wholly-owned subsidiary, Concentra Bank, supports credit unions across Canada that serve more than 5 million members. Together we have over $100 billion in combined assets under management and administration, with a clear mandate to drive change in Canadian banking to enrich people's lives. Our EQ Bank platform (eqbank.ca) has been named the top Schedule I Bank in Canada on the Forbes World's Best Banks 2023, 2022, and 2021 lists. The Work:The Senior Threat Modeling Analyst will work closely with the technology teams and line of business teams to develop secure technology solution designs. The Senior Threat Modeling Analyst will lead the identification of Cyber security risks to the bank’s technologies and ensure sufficient controls are in place to mitigate these risks which could otherwise result in Cyber Security attacks, while enabling the business to grow the bank and serve our customers efficiently and securely.
Job Duties:
- Provide security advisory services to technology and business teams.
- Perform security assessments for technical solution designs.
- Identify threat scenarios and evaluate risk rating based on a thorough review of the solution design by working closely with SMEs.
- Track and remediate design flaws identified by the Threat Model process.
- Ensure onboarding of appropriate security services by the project; e.g. Automated security scanning, MFA, SIEM onboarding etc.
- Manage design security flaws tracking and escalate outstanding risks as required.
- Manage security risks for assigned portfolio to ensure that action/mitigation plans are defined and actioned in-time.
- Support Threat modeling and solution design security process improvements.
Let's Talk About You!
- A college diploma or university degree is required. Higher accreditation (e.g. Bachelor of Computer Science) is preferred.
- At least five (5) years of information security and information risk experience.
- Experience in performing Threat modeling is required.
- Experience in supporting application security programs is required.
- Experience and deep understanding of hybrid cloud technologies is required.
- Experience in performing IT security risk assessments is required.
- Experience in developing risk mitigation recommendations is required.
- Experience and ability to document security architecture views and threat modeling analysis (i.e. attack trees, sequence flow diagrams, Data Flow Diagrams etc.) for various technology designs.
- Understanding and experience in Application Security frameworks is required e.g. OWASP.
- Understanding of CI/CD pipeline and approaches to automate security testing is an asset
- Understanding of API security is an asset.
- Having coding experience is an asset.
- The following certifications are preferred: CCSP, SABSA, CCSK, CISM, CISSP, or CRISC.
- Understanding and experience with TOGAF, OWASP, SAMM, MITRE ATT&CK, BSIMM, NIST, ISO 27K series is an asset.
- Experience working in a banking or financial services environment is an asset.