Job Description
About the Company
Are you a security strategist who can "think like an attacker" to protect complex systems before they are even built? We are looking for a Senior Threat Modeler to join our security team. You will serve as a critical bridge between architecture and defense, identifying vulnerabilities in the design phase and ensuring our applications, APIs, and cloud infrastructures are resilient by design.
About the Role
In this role, you won't just find bugs; you will analyze trust boundaries, map attack paths, and influence the security posture of next-generation AI and cloud-native applications for the Major Hospitality Brand.
Responsibilities
Architectural Analysis: Lead deep-dive threat modeling sessions for applications, APIs, microservices, and cloud-native environments.
Apply Frameworks: Utilize industry-standard methodologies including STRIDE, PASTA, ATLAS, and MITRE ATT&CK to identify sophisticated attack vectors.
Security Design & Mitigation: Review data flows and trust boundaries to identify weaknesses; provide actionable, prioritized security recommendations to mitigate risk.
Collaborative Security: Partner directly with architects and developers during the design and build phases to integrate security into the SDLC.
Communicate & Educate: Facilitate threat modeling demos, present findings to clients, and translate complex technical risks into business-relevant insights.
Qualifications
Experience: 7–10 years of dedicated experience in threat modeling or product security.
Technical Breadth: A deep understanding of software architecture, RESTful APIs, and major cloud platforms (AWS, Azure, or GCP).
Modern Threat Knowledge: Expertise in current attack vectors, including OWASP Top 10, API-specific threats, and emerging risks in AI/LLM-based applications.
Tooling Proficiency: Hands-on experience with threat modeling tools (e.g., Irius Risk, Threat Modeler, or SD Elements) and technical diagramming.
Clear Communication: The ability to influence both engineering teams and non-technical stakeholders through clear risk assessments.
Preferred Skills
Consulting Experience: Background in client-facing roles or professional services.
Industry Certifications: Relevant certifications such as CISSP, CSSLP, or OSCP.
Location: LATAM
Experience Level: 7–10 Years
Are you a security strategist who can "think like an attacker" to protect complex systems before they are even built? We are looking for a Senior Threat Modeler to join our security team. You will serve as a critical bridge between architecture and defense, identifying vulnerabilities in the design phase and ensuring our applications, APIs, and cloud infrastructures are resilient by design.
About the Role
In this role, you won't just find bugs; you will analyze trust boundaries, map attack paths, and influence the security posture of next-generation AI and cloud-native applications for the Major Hospitality Brand.
Responsibilities
Architectural Analysis: Lead deep-dive threat modeling sessions for applications, APIs, microservices, and cloud-native environments.
Apply Frameworks: Utilize industry-standard methodologies including STRIDE, PASTA, ATLAS, and MITRE ATT&CK to identify sophisticated attack vectors.
Security Design & Mitigation: Review data flows and trust boundaries to identify weaknesses; provide actionable, prioritized security recommendations to mitigate risk.
Collaborative Security: Partner directly with architects and developers during the design and build phases to integrate security into the SDLC.
Communicate & Educate: Facilitate threat modeling demos, present findings to clients, and translate complex technical risks into business-relevant insights.
Qualifications
Experience: 7–10 years of dedicated experience in threat modeling or product security.
Technical Breadth: A deep understanding of software architecture, RESTful APIs, and major cloud platforms (AWS, Azure, or GCP).
Modern Threat Knowledge: Expertise in current attack vectors, including OWASP Top 10, API-specific threats, and emerging risks in AI/LLM-based applications.
Tooling Proficiency: Hands-on experience with threat modeling tools (e.g., Irius Risk, Threat Modeler, or SD Elements) and technical diagramming.
Clear Communication: The ability to influence both engineering teams and non-technical stakeholders through clear risk assessments.
Preferred Skills
Consulting Experience: Background in client-facing roles or professional services.
Industry Certifications: Relevant certifications such as CISSP, CSSLP, or OSCP.
Location: LATAM
Experience Level: 7–10 Years
Apply for this Position
Ready to join ? Click the button below to submit your application.
Submit Application