Senior Threat Modeller (Global Security)

Job Description

Job Description What is the opportunity? Are you passionate about secure by design? Are you an experienced cyber security professional with an interest in threat modelling? Or are you a developer with a strong cyber security background? If you would like to work with other diverse cyber security and development teams to perform threat modelling at the scale of the entire RBC enterprise, we’ve got the role for you! We are looking for an experienced Senior Threat Modeller who has a strong grasp of threat modelling and secure by design principles to help us continue and evolve threat modelling programs across the entirety of RBC and our subsidiaries. In this role, you will have the opportunity to work with a broad variety of stakeholders, drive impact through your work, continuously improve our threat modelling practices, and materially improve the cyber resilience of our organization. What will you do? Design and implement threat modelling practices that are low-friction, high-value, and scalable across the organization Define and analyze potential threat scenarios to identify security gaps and assess associated risks Develop and provide recommendations on threat mitigation or remediation Deliver threat models for applications, systems, and architecture patterns Perform code and architectural design reviews for internal and external software products Conduct and facilitate threat modelling workshops with technical and business stakeholders Design, develop, and implement tooling and processes to support threat modeling activities Design, develop, and deliver security training and education programs for application developers, project managers, architects, and similar roles Prioritize and track application security issues across the organization Lead implementation efforts for security initiatives and resolutions resulting from internal and external assessments Ensure that issues identified are appropriately prioritized and addressed in future product releases Work with development teams to guarantee timely resolution of issues Identify and provide application security recommendations during requirement and design reviews Track open issues and follow up with different teams to address open issues. Communicates technical information to a non-technical audience and non-technical information to a technical audience in a cross-site and cross-functional setting. Enable application owners and developers to understand threats and appropriately prioritize security issues and mitigations Must Have’s: Minimum of a B.S. in Computer Science, MIS or related degree and 5 years of related experience in information security, development, software engineering or a combination of education, training and experience. Expertise in threat modelling methodologies (e.g., STRIDE, DREAD, PASTA, etc.) and modern threat modelling tooling Strong written and verbal communication skills with the ability to translate technical findings into business-oriented insights Ability to ana

Required Skills