We are looking for a Threat Modeler. You will be responsible for supporting threat modeling activities across enterprise applications, cloud platforms, APIs, and emerging technologies. Working closely with architects, engineers, developers, and cybersecurity teams, you will help identify security risks early in the technology lifecycle and contribute to secure-by-design initiatives across the organization.
Why This Role Is Important To Us
The team you will be joining is part of the Security Architecture organization, a function that is critical to safeguarding the firm's applications, cloud environments, data, and technology services. Threat modeling enables the organization to proactively identify security weaknesses, reduce cyber risk, and incorporate security requirements into technology solutions before they are deployed.
What You Will Be Responsible For
As a Threat Modeler, you will:
Participate in threat modeling assessments for applications, APIs, cloud platforms, and technology initiatives.
Analyze application architectures, data flows, trust boundaries, and cloud deployments to identify potential threats and security weaknesses.
Contribute to threat modeling standards, reusable patterns, documentation, and security awareness initiatives.
These skills will help you succeed in this role:
Understanding of modern architectures including APIs, microservices, containers, and cloud-native technologies.
Education & Preferred Qualifications
Degree in Computer Science, Cybersecurity, Information Technology, Engineering, or a related discipline.
12 years or more of experience in application security, cloud security, cybersecurity architecture, threat modeling, or related technology disciplines, with at least 5 years of hands-on cybersecurity experience preferred.
Familiarity with threat modeling methodologies such as STRIDE, MITRE ATT&CK, attack trees, or similar security assessment techniques.
Understanding of secure software development practices, OWASP Top 10, API security, and cloud security fundamentals.
Experience with AWS, Azure, and/or Google Cloud platforms is preferred.
Knowledge of AI security is an added advantage
Knowledge of DevSecOps, CI/CD pipelines, containers, Kubernetes, or modern application architectures is desirable.
Security certifications such as Security+, SSCP, CCSK, AWS Cloud Practitioner, Azure Fundamentals, or equivalent certifications are a plus.
Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.
We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.
As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.
Discover more information on jobs at StateStreet.com/careers
Read our CEO Statement