Senior Threat Modeling Engineer; AWS

We are seeking a Senior Threat Modeling Engineer to support secure cloud architecture initiatives, with a strong emphasis on AWS environments. This is a hands‑on individual contributor role centered on security architecture reviews, proactive threat identification, and risk mitigation across modern cloud‑native platforms. You will partner closely with engineering, Dev Ops, program management, and information security teams to embed security into system design and delivery.

The position focuses on analyzing architectures, identifying exploitable risks, and recommending practical controls that align with business and technical objectives.

• Perform structured threat modeling using recognized methodologies and frameworks.
• Analyze AWS architectures and cloud services to identify vulnerabilities, attack paths, and security gaps.
• Recommend mitigation strategies and compensating controls aligned to security best practices.
• Conduct architecture and design reviews for applications, APIs, and infrastructure.
• Track identified threats through their lifecycle and ensure remediation or risk acceptance is properly documented.
• Produce clear documentation including threat models, data flow diagrams, and risk assessments.
• Provide feedback to improve internal threat modeling standards, processes, and tooling.
• Collaborate with engineering and Dev Ops teams to integrate security into the SDLC and CI/CD pipelines.
• Present findings, risks, and remediation plans to technical stakeholders and leadership.
• Research emerging threats, cloud service changes, and evolving attack techniques.

• 8+ years of overall technology experience with at least 5+ years in cybersecurity or application/cloud security.
• Strong hands‑on experience securing AWS environments (required).
• Deep understanding of security architecture principles and secure design patterns.
• Experience with threat modeling methodologies such as MITRE ATT&CK, STRIDE, or PASTA
  .
• Knowledge of authentication, authorization, encryption, network segmentation, logging, and monitoring.
• Familiarity with cloud security frameworks and best practices.
• Experience reviewing technical architectures and system designs.
• Ability to identify vulnerabilities using OWASP Top 10 and CWE classifications.
• Understanding of SDLC, CI/CD pipelines, and Dev Ops practices.
• Experience with REST APIs and API security concepts.
• Familiarity with infrastructure-as-code tools (Terraform, Cloud Formation).
• Working knowledge of scripting or automation.
• Experience using ticketing or tracking tools (e.g., Jira).
• Strong documentation, analytical, and problem‑solving skills.
• Excellent communication and cross‑functional collaboration skills.

• AWS certifications (e.g., Security Specialty, Solutions Architect) strongly preferred.
• Security certifications such as CISSP, CCSP, CISM, or CISA
  .
• Knowledge of standards and frameworks (NIST, ISO 27001, Cloud Security Alliance).
• Experience in regulated or compliance‑driven environments.
• Familiarity with Docker, Kubernetes, serverless architectures, and Helm.
• Exposure to Git Ops workflows and Cloud Development Kit (CDK).
• Understanding of operating system hardening techniques.
• Background in penetration testing or offensive security concepts.
• Experience with platforms such as Git Hub, Snowflake, Mongo
  
  DB, Databricks, or Terraform Cloud.
• Programming experience (Python or Node.js) is a plus.