Senior Analyst – Cyber Threat Modeling and Risk
Canada
Full Time
1 hour ago
No Sponsorship
Key skills
CloudCyber SecurityCI/CDCommunicationCollaborationOWASP
About this role
Role Overview
- Provide security advisory support to technology and business teams under supervision.
- Help conduct threat modeling and security assessments for applications and infrastructure.
- Review solution designs with senior analysts and SMEs to identify threats, attack paths, and risks.
- Document outputs like data flow and architecture diagrams, along with basic threat scenarios.
- Assist in tracking and addressing design flaws and security findings from threat modeling.
- Support onboarding of security services (e.g., MFA, logging, vulnerability scanning) guided by senior team members.
- Keep accurate records in risk tracking repositories.
- Aid continuous improvement of threat modeling processes, templates, and documentation.
- Build foundational knowledge of the organization’s enterprise security frameworks, policies, and standards.
- Review solution designs for risk and threat assessment.
- Record risks, threat scenarios, and control gaps in tracking tools.
- Track remediation actions and assist risk discussions with stakeholders.
- Build knowledge of cyber security controls and their technology applications.
Requirements
- A college diploma or university degree in Computer Science, Information Technology, Cyber Security, or a related discipline is required.
- 2–3 years of experience in information security, IT risk, or technology roles is preferred.
- Foundational understanding of threat modeling concepts or methodologies; practical experience is an asset.
- Basic understanding of application security principles and common vulnerabilities (e.g., OWASP Top 10).
- Exposure to cloud and hybrid environments is an asset.
- Ability to support IT security risk assessments and document findings clearly.
- Familiarity with security diagrams and documentation such as data flow diagrams and architecture diagrams.
- Understanding of APIs, CI/CD pipelines, or secure software development practices is an asset.
- Strong communication, documentation, and collaboration skills.
- Interest in pursuing security certifications (e.g., Security+, CCSP, CISSP in future) is an asset.
Tech Stack
- Cloud
- Cyber Security
Benefits
- Competitive discretionary bonus
- Market leading RRSP match program
- Medical, dental, vision, life, and disability benefits
- Employee Share Purchase Plan
- Maternity/Parental top-up while you care for your little one
- Generous vacation policy and personal days
- Virtual events to connect with your fellow colleagues
- Professional development and comprehensive Career Development program
- A fulfilling opportunity to join one of the top FinTechs and help create a new kind of banking experience