Talent.com
This job offer is not available in your country.
Security Lead (Threat Modeling)

Security Lead (Threat Modeling)

ConfidentialMumbai, Kolkata, Delhi
30+ days ago
Job description

Job description

Lead Threat Modeling Efforts :

  • Own and lead the threat modeling process, including identifying threats, vulnerabilities, and mitigations for cloud-based applications and systems hosted on GCP.
  • Collaborate with architects, engineers, and product teams to design secure, resilient systems by incorporating threat modeling early in the design phase.
  • Conduct threat assessments for new and existing GCP services and applications, identifying risk areas and recommending controls to mitigate identified threats.

Security Frameworks & Best Practices :

  • Develop and implement security frameworks and threat modeling methodologies (eg, STRIDE, PASTA) specific to cloud-based systems.
  • Establish and promote best practices for applying threat modeling across all stages of the software development lifecycle (SDLC).
  • Drive the adoption of threat modeling tools and automation, integrating them with existing CI / CD pipelines and security workflows.

    • Cross-Functional Collaboration :

  • Work closely with the Cloud Security, DevOps, and Engineering teams to ensure that threat modeling is integrated into the architecture review and deployment processes.
  • Support incident response and vulnerability management teams by conducting post-mortem threat assessments following security incidents and breaches.

    • Security Risk Assessment & Mitigation :

  • Identify potential attack vectors, misconfigurations, and design flaws in GCP resources and cloud-native architectures.
  • Recommend actionable security improvements based on threat analysis and provide guidance on implementing mitigation strategies.
  • Conduct risk assessments for third-party integrations, APIs, and other cloud service components that could expose security vulnerabilities.

    • Security Training & Awareness :

  • Lead training sessions to educate internal teams on threat modeling techniques, security design principles, and secure cloud development practices.
  • Mentor junior security team members and foster a culture of security-first thinking across the organization.

    • Continuous Improvement & Innovation :

  • Stay current with emerging threats, vulnerabilities, and attack techniques targeting cloud environments, particularly on GCP.
  • Continuously refine and improve threat modeling processes, tools, and methodologies to stay ahead of evolving security challenges.

    • Skills & Qualifications :

    Required :

    Threat Modeling Expertise :

  • Extensive experience in threat modeling, risk assessment, and vulnerability analysis, with a deep understanding of common threat modeling methodologies (eg, STRIDE, PASTA, ATT&CK).
  • Proven ability to conduct threat assessments on complex cloud architectures and applications, identifying threats and developing mitigation strategies.

    • In-Depth Knowledge of GCP :

  • Strong experience with  Google Cloud Platform (GCP)  , including core GCP services such as Compute Engine, Kubernetes Engine (GKE), Cloud Storage, BigQuery, IAM, VPC, Cloud Functions, and others.
  • Understanding of GCP-specific security risks, controls, and compliance frameworks (eg, CIS benchmarks, SOC 2, HIPAA, etc).

    • Cloud Security Best Practices :

  • In-depth knowledge of cloud-native security principles, including least privilege access, defense-in-depth, secure configurations, and infrastructure-as-code security.
  • Familiarity with cloud security tools and frameworks for vulnerability management, identity and access management (IAM), and threat detection in GCP.

    • Collaboration & Communication Skills :

  • Excellent communication skills with the ability to explain complex security concepts to both technical and non-technical stakeholders.
  • Strong leadership and collaboration skills, with a track record of working across functional teams to influence and drive security initiatives.

    • Security Certifications :

  • Relevant certifications such as  Google Cloud Professional Cloud Security Engineer  ,  CISSP  ,  CCSP  , or similar are strongly preferred.

    • Preferred :

    Application Security Experience :

  • Experience with application security practices, such as static analysis (SAST), dynamic analysis (DAST), and secure code reviews.

    • Security Tools & Automation :

  • Familiarity with threat modeling tools (eg, Microsoft Threat Modeling Tool, Threat Dragon), security testing tools (eg, Burp Suite, Checkmarx), and cloud security posture management tools (eg, Prisma Cloud, Aqua Security).

    • Incident Response & Forensics :

  • Experience in supporting security incident response and conducting forensic investigations in cloud environments.

    • Programming / Scripting Skills :

  • Proficiency in at least one programming or scripting language (eg, Python, Go, Shell) for security automation and tooling is a plus.

    • Role :   Security Architect / Consultant

    Industry Type :   IT Services & Consulting

    Department :   IT & Information Security

    Employment Type :   Full Time, Permanent

    Role Category :   IT Security

    Skills Required

    Risk Assessment, Testing Tools, Gcp, Cloud, Soc, Microsoft, Python, Continuous Improvement, Sdlc

    Create a job alert for this search

    Security Lead • Mumbai, Kolkata, Delhi

    Related jobs
    • Promoted
    Lead Security Engineer

    Lead Security Engineer

    interface.aikolkata, west bengal, in
    Our cutting-edge Generative AI-powered platform serves over 100 banks and credit unions, delivering hyper-personalized customer interactions across voice, chat, and employee-assisting solutions.To ...Show moreLast updated: 30+ days ago
    • Promoted
    SAP Security Consultant (GRC)

    SAP Security Consultant (GRC)

    Avensys ConsultingKolkata, IN
    Avensys is a reputed global IT professional services company headquartered in Singapore.Our service spectrum includes enterprise solution consulting, business intelligence, business process automat...Show moreLast updated: 2 days ago
    • Promoted
    Security Engineer (Detection and Response)

    Security Engineer (Detection and Response)

    FoodsmartKolkata, IN
    Foodsmart is the leading telenutrition and foodcare solution, backed by a robust network of Registered Dietitians.Our platform is designed to foster healthier food choices, drive lasting behavior c...Show moreLast updated: 2 days ago
    • Promoted
    Security Consultant

    Security Consultant

    World Wide TechnologyKolkata, IN
    Be the primary lead in cybersecurity delivery engagements for a wide variety of clients in different industry verticals.Evaluate and recommend security strategies for networks, systems, operations,...Show moreLast updated: 14 days ago
    • Promoted
    Cyber Security Engineer

    Cyber Security Engineer

    Paramount Computer SystemsKolkata, IN
    Identity Governance and Administration (IGA).The role involves designing, implementing, and supporting enterprise-grade IGA solutions to ensure secure, efficient, and compliant identity lifecycle m...Show moreLast updated: 14 days ago
    • Promoted
    Lead Security Engineer

    Lead Security Engineer

    ArcanaKolkata, IN
    As our Lead Security Engineer, you'll own and elevate Arcana's overall security posture - cloud, on-prem, and everything in between. You'll design and enforce policies, automate controls, and harden...Show moreLast updated: 30+ days ago
    • Promoted
    Senior Detection Engineer - MITRE ATT&CK framework - XDR - EDR - AI - Cyber Security Startup - Remot

    Senior Detection Engineer - MITRE ATT&CK framework - XDR - EDR - AI - Cyber Security Startup - Remot

    CareerXperts ConsultingKolkata, West Bengal, India
    We’re seeking a Senior Detection Engineer to lead the next evolution of AI-augmented threat detection.This role goes beyond traditional detection engineering : you’ll help improve and build our ...Show moreLast updated: 4 days ago
    • Promoted
    Workday Security System Analyst

    Workday Security System Analyst

    AvalaraKolkata, IN
    Avalara is an AI-first company.We expect every engineer, manager, and to actively leverage AI to enhance productivity, quality, innovation, and customer value. AI is embedded in our workflows, and p...Show moreLast updated: 4 days ago
    • Promoted
    Vice President - Model Developer (Wholesale Risk)

    Vice President - Model Developer (Wholesale Risk)

    MashreqKolkata, IN
    The main purpose of the role is to lead the wholesale Risk model development team and assist the Head of Risk Analytics and Capital Management in execution of risk governance and practices around q...Show moreLast updated: 30+ days ago
    • Promoted
    Oracle Fusion SECURITY HCM Functional Lead

    Oracle Fusion SECURITY HCM Functional Lead

    Hiresquad ResourcesKolkata, IN
    Hiring for Oracle HCM Cloud Security Lead.Candidates with lesser notice period are preferred.The Oracle HCM Cloud Security Lead is responsible for independently designing, implementing, and managin...Show moreLast updated: 3 days ago
    • Promoted
    ARM Design Verification Lead

    ARM Design Verification Lead

    L&T Technology ServicesKolkata, IN
    You should be a verification engineer with a knowledge of SoC integration verification, SoC scenario verification, SoC performance verification, CHI / PCIe / CXL, DDRx / LPDDRx integration verification i...Show moreLast updated: 30+ days ago
    • Promoted
    Anaplan Developer with Level 3 Model Builder certification

    Anaplan Developer with Level 3 Model Builder certification

    TechBliss Digital Solution Pvt. Ltd.Kolkata, IN
    Level 3 Model Builder certification is mandatory.An Anaplan Model Builder designs, builds, and maintains Anaplan models to support business planning and forecasting. They work with various teams to ...Show moreLast updated: 19 days ago
    • Promoted
    Senior Detection Engineer - MITRE ATT&CK framework - XDR - EDR - AI - Cyber Security Startup - Remote - CTC INR 50 L

    Senior Detection Engineer - MITRE ATT&CK framework - XDR - EDR - AI - Cyber Security Startup - Remote - CTC INR 50 L

    CareerXperts Consultingkolkata, west bengal, in
    Remote
    This role goes beyond traditional detection engineering : you’ll help improve and build our.AI feedback, and quantify detection efficacy at enterprise scale. Design and maintain modular, high-fideli...Show moreLast updated: 4 days ago
    • Promoted
    Lead Consultant - SAP Security

    Lead Consultant - SAP Security

    ConfidentialKolkata, Mumbai
    Must have 6+ years of SAP Security and / or GRC support and implementation experience.Hands-on experience on SAP Security and Authorizations for ECC, S4HANA, BW4HANA, Fiori, BOBJ and SAP GRC AC 10.Ex...Show moreLast updated: 28 days ago
    • Promoted
    Security Consultant (Partnership program)

    Security Consultant (Partnership program)

    BugsTraceKolkata, IN
    Security Consultation Partners and Ethical Hackers.Our core service aids subscription-based clients in identifying and fixing security risks through trusted hacker partnerships.In addition, we offe...Show moreLast updated: 4 days ago
    • Promoted
    Oracle HCM Cloud - Security Functional Consultant

    Oracle HCM Cloud - Security Functional Consultant

    Affintrix TechnologiesKolkata, IN
    Candidates should have a minimum of 8-10 years of experience in Oracle HCM Cloud and must be able to join us immediately or within 15days. Extensive knowledge of Security configuration using Securit...Show moreLast updated: 1 day ago
    • Promoted
    Senior Security Consultant

    Senior Security Consultant

    Claranet IndiaKolkata, IN
    Founded at the beginning of the dot.CEO Charles Nasser had a light bulb moment to develop a truly customer-focused IT business. Since then, Claranet has grown from an Internet Service Provider (ISP)...Show moreLast updated: 30+ days ago
    • Promoted
    CAT MODELLING

    CAT MODELLING

    EliteRecruitmentsKolkata, IN
    Catastrophe Modelling professionals.The ideal candidate will have strong hands-on experience in.If you're looking to make a tangible impact in the insurance analytics domain, apply now!.Analyze exp...Show moreLast updated: 24 days ago