Senior Threat Modeler

State StreetBoston, MA
$120,000 - $202,500Hybrid

About The Position

We are looking for a Senior Threat Modeler. You will be responsible for performing threat modeling activities across enterprise applications, cloud platforms, APIs, and emerging technologies to identify security risks early in the development lifecycle and drive secure-by-design outcomes. You will partner with architects, engineers, developers, and cybersecurity teams to strengthen the security posture of critical business systems and technology platforms. The team you will be joining is part of the Security Architecture organization, a function that is critical to protecting the firm's applications, data, cloud environments, and technology services. Threat modeling enables the organization to proactively identify security weaknesses, reduce cyber risk, improve architectural resiliency, and ensure security requirements are incorporated into technology solutions from inception through deployment.

Requirements

  • Strong analytical, problem-solving, and risk assessment skills with the ability to identify complex security threats and vulnerabilities.
  • Deep understanding of application security, cloud security, secure software development, and modern technology architectures.
  • Strong communication and stakeholder management skills, with the ability to influence engineering and architecture teams.
  • Experience working in large-scale, complex environments with diverse technology stacks and distributed teams.
  • Ability to translate technical security findings into actionable recommendations that reduce business risk.
  • Degree in Computer Science, Cybersecurity, Information Technology, Engineering, or a related discipline.
  • 12 years or more of experience in application security, cloud security, cybersecurity architecture, threat modeling, or related technology disciplines, with at least 7 years of hands-on cybersecurity experience preferred.
  • Demonstrated experience conducting threat modeling exercises for enterprise applications, APIs, cloud platforms, and distributed systems.
  • Strong expertise in application security principles, secure software development lifecycles, OWASP Top 10, API security, and secure coding practices.
  • Experience assessing and securing cloud environments across AWS, Azure, and/or Google Cloud Platform.
  • Knowledge of microservices, containers, Kubernetes, CI/CD pipelines, DevSecOps practices, and modern software architectures.
  • Experience with threat modeling methodologies such as STRIDE, MITRE ATT&CK, attack trees, and adversary-based risk analysis.
  • Ability to effectively collaborate with development, engineering, architecture, and cybersecurity teams.
  • Strong written and verbal communication skills with the ability to present technical findings to both technical and non-technical audiences.

Nice To Haves

  • Professional certifications such as CISSP, CCSP, CSSLP, GWAPT, GWEB, AWS Security Specialty, Azure Security Engineer, or equivalent security certifications are highly desirable.
  • Experience within financial services or other highly regulated industries is preferred.

Responsibilities

  • Conduct threat modeling activities for business applications, cloud-native platforms, APIs, and strategic technology initiatives.
  • Analyze application architectures, data flows, trust boundaries, and cloud deployments to identify security threats and design weaknesses.
  • Partner with application development, cloud engineering, and security teams to recommend practical risk mitigation strategies and secure design improvements.
  • Perform security assessments using established methodologies such as STRIDE, MITRE ATT&CK, attack trees, and risk-based analysis techniques.
  • Contribute to the development of threat modeling standards, reusable patterns, training materials, and secure-by-design practices across the enterprise.
  • Strong knowledge of cloud-native architectures and security controls across AWS, Azure, and Google Cloud, with the ability to identify and mitigate risks in distributed, containerized, and platform-based environments.

Benefits

  • our retirement savings plan (401K) with company match
  • insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages
  • paid-time off including vacation, sick leave, short term disability, and family care responsibilities
  • access to our Employee Assistance Program
  • incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans)
  • eligibility for certain tax advantaged savings plans
  • inclusive development opportunities
  • flexible work-life support
  • paid volunteer days
  • vibrant employee networks
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service