Senior Threat Modeling Engineer (AWS)
United States of America
Full-time
1 week ago
H1B Sponsor Likely
Key skills
AWSThreat modeling methodologiesSecurity architecture principlesOWASP Top 10Infrastructure-as-code toolsCloud security frameworksREST APIsAnalytical skillsDocumentation skillsProblem-solving skillsCommunication skillsCollaboration skillsPythonSnowflakeDatabricksNode.jsTerraformKubernetesDockerServerlessHelmCloudFormationMongoDBGitHubGitOpsJiraSDLCCI/CDLeadershipCommunicationCollaborationOWASPPenetration TestingCloud Security
About this role
New York Technology Partners is seeking a Senior Threat Modeling Engineer to support secure cloud architecture initiatives with a focus on AWS environments. The role involves conducting security architecture reviews, proactive threat identification, and collaborating with various teams to embed security into system design and delivery.
Responsibilities:
- Perform structured threat modeling using recognized methodologies and frameworks
- Analyze AWS architectures and cloud services to identify vulnerabilities, attack paths, and security gaps
- Recommend mitigation strategies and compensating controls aligned to security best practices
- Conduct architecture and design reviews for applications, APIs, and infrastructure
- Track identified threats through their lifecycle and ensure remediation or risk acceptance is properly documented
- Produce clear documentation including threat models, data flow diagrams, and risk assessments
- Provide feedback to improve internal threat modeling standards, processes, and tooling
- Collaborate with engineering and DevOps teams to integrate security into the SDLC and CI/CD pipelines
- Present findings, risks, and remediation plans to technical stakeholders and leadership
- Research emerging threats, cloud service changes, and evolving attack techniques
Requirements:
- 8+ years of overall technology experience with at least 5+ years in cybersecurity or application/cloud security
- Strong hands-on experience securing AWS environments (required)
- Deep understanding of security architecture principles and secure design patterns
- Experience with threat modeling methodologies such as MITRE ATT&CK, STRIDE, or PASTA
- Knowledge of authentication, authorization, encryption, network segmentation, logging, and monitoring
- Familiarity with cloud security frameworks and best practices
- Experience reviewing technical architectures and system designs
- Ability to identify vulnerabilities using OWASP Top 10 and CWE classifications
- Understanding of SDLC, CI/CD pipelines, and DevOps practices
- Experience with REST APIs and API security concepts
- Familiarity with infrastructure-as-code tools (Terraform, CloudFormation)
- Working knowledge of scripting or automation
- Experience using ticketing or tracking tools (e.g., Jira)
- Strong documentation, analytical, and problem-solving skills
- Excellent communication and cross-functional collaboration skills
- AWS certifications (e.g., Security Specialty, Solutions Architect) strongly preferred
- Security certifications such as CISSP, CCSP, CISM, or CISA
- Knowledge of standards and frameworks (NIST, ISO 27001, Cloud Security Alliance)
- Experience in regulated or compliance-driven environments
- Familiarity with Docker, Kubernetes, serverless architectures, and Helm
- Exposure to GitOps workflows and Cloud Development Kit (CDK)
- Understanding of operating system hardening techniques
- Background in penetration testing or offensive security concepts
- Experience with platforms such as GitHub, Snowflake, MongoDB, Databricks, or Terraform Cloud
- Programming experience (Python or Node.js) is a plus