Experience in Information technology in Cyber security and in threat modelling.
Familiarity with one or more threat modelling methodologies (e.g. MITRE, STRIDE, PASTA, LINDDUN, CVSS, Attack Trees, Security Cards, hTMM, Qunatitative Threat Modelling Method, VAST Modelling, OCTAVE);
Knowledge and practice of network attack simulation by means of tools such as: AttackIQ, Cymulate, Penterra, Safe Breach, Verodin (Mandiant Security Validation)
Knowledge of cybersecurity processes with reference to NIST CSF
Knowledge and practice about writing professional documents.
Critical thinking and problem-solving skills .
Certified on Microsoft Azure Security Technologies, AWS security speciality and ATT&CK for Cyber Threat Intelligence are preferred.
CISSP and CCSP certifications will be an added advantage.
Partner with stakeholders to learn and understand a wide variety of threat model subjects.
Responsible for building cyber threat models following the defined standards.
Responsible for writing and maintaining the documentation relating threat models and technical architecture of analyzed systems.
Responsible to execute cyber-attack simulations applying the defined methodologies and practices.
Advise and enable informed decisions using clear language, purpose, and fact.
Deliver learning opportunities relevant to stakeholders.
Define the scope of depth of analysis for threat modelling.
Gain a visual understanding of what you are threat modelling.
Creating a component diagram with a control flow graph (which shows all possible execution paths in a program).