Cyber Security Consultant

About The Position

Requirements

• Proficient level working knowledge of Threat Modeling methodologies (e.g. Attack Trees, MSTM/STRIDE, PASTA) or performing Architecture Risk Analysis.
• Expert ability to decompose applications and system designs in hybrid cloud architectures to identify potential threats.
• Proficient level working experience in application security and security risk management practices.
• Working experience in Agile methodologies.
• Knowledge of DevOps practices and ability to champion security first, DevSecOps culture and practices.
• Advanced analytical skills
• Proficient communication and negotiations skills, both verbal and written.
• Is empathetic and loves to solve problems and always maintains high integrity.
• 5+ years of relevant experience and a post-secondary degree in Computer Science, Engineering, or Information Systems or a related field of study or an equivalent combination of education
• Industry certifications such as CISM, CISSP, GIAC, CEH

Nice To Haves

• Prior experience in software development (e.g. Java, JS, Python) is preferred.
• Prior experience in 2 or more other security domains, e.g., ethical hacking, cloud security, network security, platform security, IAM is preferred.

Responsibilities

• Be integral in continuously maturing the threat modeling practices and application security risk assessment program.
• Be integral in ensuring security threats and countermeasures are identified in projects/initiatives as part of SDLC process.
• Maintain an understanding of available security design patterns, their applicability to given initiative and identify gaps that require improvement opportunities.
• Produce high quality threat modeling artifacts and follow through in tracking of assessments and remediation activities in issue management platform and/or designated repository.
• Continuously keep apprised of business technology practices and relevant threats, both current and emerging and work with Security Architect to identify appropriate controls.
• Be an advocate for Cybersecurity company standards and industry best practices.
• Help build, improve threat libraries and controls and standardize on threat modeling practices.
• Collaborate with larger Security Assessment and Testing group in socializing threats identified in technology projects as part of overall risk analysis.
• Keep abreast of new technology trends and associated risks in application development practices, frameworks, cloud services (PaaS, IaaS, SaaS), modern data store platforms etc. and ability apply this knowledge and skills during threat modeling exercises.
• Broader work or accountabilities may be assigned as needed.

Benefits

• BMO also offers health insurance, tuition reimbursement, accident and life insurance, and retirement savings plans.
• To view more details of our benefits, please visit: https://jobs.bmo.com/global/en/Total-Rewards