Threat Modelling - Security Engineer

Experience: 2-8 years

What You’ll Do:

As a Threat Modelling Security Engineer, you will be responsible for identifying potential security threats and vulnerabilities in software applications and systems. Your primary focus will be on analyzing these threats, assessing their potential impact, and devising strategies to mitigate or eliminate them. You will collaborate closely with cross-functional teams including developers, architects, and system administrators to ensure that security measures are integrated throughout the development lifecycle.

• Conduct comprehensive analysis to identify potential security threats and vulnerabilities in software applications, networks, and systems.
• Evaluate the potential impact of identified threats and vulnerabilities on the confidentiality, integrity, and availability of systems and data.
• Develop threat models that outline potential attack vectors and scenarios, considering both internal and external threats.
• Collaborate with development teams to devise effective strategies for mitigating identified threats and vulnerabilities, including the implementation of security controls and best practices.
• Conduct security reviews of software designs, architectures, and implementations to ensure compliance with security requirements and industry standards.
• Document threat models, risk assessments, and mitigation strategies to facilitate communication and knowledge sharing across teams.
• Provide guidance and training to development teams on security best practices, secure coding techniques, and threat mitigation strategies.
• Assist in incident response activities, including analyzing security incidents, identifying root causes, and recommending remediation measures.
• Stay updated on emerging security threats, vulnerabilities, and technologies, and proactively research and recommend innovative solutions to enhance security posture.

What you need to have?

• Good Experience in Security of Threat Modelling Framework like STRIDE, PASTA,TRIKE
• Good Experience in Privacy of Threat Modelling Framework like LINDDUN
• A strong understanding of threat modelling, threat monitoring, threat remediation, threat mitigation:
  • Known threats
  • Emergent threats (0-Days)
  • Threats against development processes/lifecycles/people/infrastructure
  • Threats against supply chains
  • Threats targeting technology stacks
• Proactively report on progress, risks, and issues
• A strong understanding of existing and emerging Security, Compliance and Threat information and automation standards, and how they are related/ may work together.
  • MITRE ATT and CK, ATLAS, System of Trust, RiskMap.
  • NIST Security Content Automation Protocol (SCAP), InSpec.
  • CISA Guidance (Kubernetes Hardening).
  • CIS Benchmarks.
  • UCF Compliance Mappings.
• In-depth knowledge of security architecture design and best practices, including secure design patterns, access control, and data protection
• Knowledge of cloud security frameworks (e.g., AWS Well-Architected Framework, Azure Security Benchmark) to assess and improve security measures.
• Ability to conduct risk assessments to evaluate the potential impact and likelihood of security risks and provide risk mitigation strategies.
• Familiarity with security testing tools like vulnerability scanners, penetration testing tools, and code analysis tools.
• Understanding of network and system architecture, protocols, and configurations to assess security at the infrastructure level.
• Experience and expertise in confidential computing technologies, employed as controls in operational security architectures and existing compliance attestations.

Who We Are: Home(m2pfintech.com)

Founded in the year 2014 and headquartered in Chennai, M2P Fintech is Asia’s largest API infrastructure company offering a wide gamut of services that enable businesses of any scale to embed financial services.

M2P Fintech is an omni-channel platform that operates in over 20 markets across the Asia Pacific, MENA, and Oceania regions. M2P works with over 100+ banks, 100+ NBFCs, and has clocked over 600+ Fintech engagements across various industries serving over 35 million end users.

M2P pioneers in next-gen fintech through innovative offerings across the payments, lending, and banking ecosystem. Our comprehensive tech-stack powers the core banking system, core lending suite, BNPL, customized credit cards, prepaid cards, and much more.

M2P is backed by reputed investors – fintech industry veterans (such as Amrish Rau – PayU, Kunal Shah – CRED, Jitendra Gupta – Jupiter, etc) as well as reputed international venture capital funds (such as Insight Partners, MUFG, Tiger Global, Beenext, Flourish Ventures and Omidyar Network).

Why Join Us:

We are a Fun bunch to be with..!

1. People First Culture
2. People Friendly Guidelines
3. Equal Opportunity Organization
4. Better Half Program
5. Buddy Referral Program
6. Health & Wellness Programs
7. Comprehensive Medical Insurance for dependents including parents
8. Tax Saving Structure
9. ESOPs
10. Sports Clubs & Fun Committees
11. Office Libraries
12. Snack Pantries