Senior Threat Modeller (Global Security)
RBC
Job Description
What is the opportunity?
Are you passionate about secure by design? Are you an experienced cyber security professional with an interest in threat modelling? Or are you a developer with a strong cyber security background? If you would like to work with other diverse cyber security and development teams to perform threat modelling at the scale of the entire RBC enterprise, we’ve got the role for you!
We are looking for an experienced Senior Threat Modeller who has a strong grasp of threat modelling and secure by design principles to help us continue and evolve threat modelling programs across the entirety of RBC and our subsidiaries. In this role, you will have the opportunity to work with a broad variety of stakeholders, drive impact through your work, continuously improve our threat modelling practices, and materially improve the cyber resilience of our organization.
What will you do?
Design and implement threat modelling practices that are low-friction, high-value, and scalable across the organization
Define and analyze potential threat scenarios to identify security gaps and assess associated risks
Develop and provide recommendations on threat mitigation or remediation
Deliver threat models for applications, systems, and architecture patterns
Perform code and architectural design reviews for internal and external software products
Conduct and facilitate threat modelling workshops with technical and business stakeholders
Design, develop, and implement tooling and processes to support threat modeling activities
Design, develop, and deliver security training and education programs for application developers, project managers, architects, and similar roles
Prioritize and track application security issues across the organization
Lead implementation efforts for security initiatives and resolutions resulting from internal and external assessments
Ensure that issues identified are appropriately prioritized and addressed in future product releases
Work with development teams to guarantee timely resolution of issues
Identify and provide application security recommendations during requirement and design reviews
Track open issues and follow up with different teams to address open issues.
Communicates technical information to a non-technical audience and non-technical information to a technical audience in a cross-site and cross-functional setting.
Enable application owners and developers to understand threats and appropriately prioritize security issues and mitigations
Must Have’s:
Minimum of a B.S. in Computer Science, MIS or related degree and 5 years of related experience in information security, development, software engineering or a combination of education, training and experience.
Expertise in threat modelling methodologies (e.g., STRIDE, DREAD, PASTA, etc.) and modern threat modelling tooling
Strong written and verbal communication skills with the ability to translate technical findings into business-oriented insights
Ability to analyze decompose and analyze complex application architectures
Strong understanding of networking and operating systems (Windows, MacOS, Linux, Unix)
Experience working with waterfall, agile, agile variants, and hybrid methodologies of software development
Understanding of modern, cloud centric architectures and DevOps principles
A strong understanding of offensive security tactics, techniques, and procedures
Nice-to-Have’s:
Certifications in the Cyber Security domain
Experience with designing and delivering training programs for a technical audience
Previous Big 4 consulting experience
Prior experience in banking/ financial services industry
Computer Information Systems Security Professional (CISSP) certification or the ability to obtain within six (6) months
What’s in it for you?
We thrive on the challenge to be our best, progressive thinking to keep growing and working together to deliver trusted advice to help our clients thrive and communities prosper. We care about each other, reaching our potential, making a difference in our communities, and achieving mutual success
A comprehensive Total Rewards Program including bonuses and flexible benefits, competitive compensation, commissions, and stock where applicable.
Dedicated budget for annual training and conference attendance
Leaders who support your development through coaching, training, and managing opportunities.
Ability to make a difference and lasting impact.
Work in a dynamic, collaborative, progressive, and high-performing team.
Opportunities to do challenging work.
Opportunities to take on progressively greater accountabilities.
Opportunities to build close relationships with various cyber security teams.
#Ll-POST
#TECHPJ
Job Skills
Application Security, Application Security Architecture, Confidentiality, Cybersecurity, Cyber Security Management, Decision Making, Detail-Oriented, Encryption Software, Group Problem Solving, High Impact Communication, Information Security, Information Security Management, Information Technology Security, Security Architecture Design, Security Architecture Review, Software Development Life Cycle (SDLC), Strategic Thinking, Threat ModelingAdditional Job Details
Address:
City:
Country:
Work hours/week:
Employment Type:
Platform:
Job Type:
Pay Type:
Posted Date:
Application Deadline:
Note: Applications will be accepted until 11:59 PM on the day prior to the application deadline date above
Inclusion and Equal Opportunity Employment
At RBC, we believe an inclusive workplace that has diverse perspectives is core to our continued growth as one of the largest and most successful banks in the world. Maintaining a workplace where our employees feel supported to perform at their best, effectively collaborate, drive innovation, and grow professionally helps to bring our Purpose to life and create value for our clients and communities. RBC strives to deliver this through policies and programs intended to foster a workplace based on respect, belonging and opportunity for all.
Join our Talent Community
Stay in-the-know about great career opportunities at RBC. Sign up and get customized info on our latest jobs, career tips and Recruitment events that matter to you.
Expand your limits and create a new future together at RBC. Find out how we use our passion and drive to enhance the well-being of our clients and communities at jobs.rbc.com.
RBC is presently inviting candidates to apply for this existing vacancy. Applying to this posting allows you to express your interest in this current career opportunity at RBC. Qualified applicants may be contacted to review their resume in more detail.