Security Content Developers/Researcher - Threat Modeling (Contract)
Toronto, REMOTE
Applications have closed
Security Compass
Security Compass is a cybersecurity company that offers professional advisory services, training, and balanced development through SD Elements. We help to eliminate security vulnerabilities in mission-critical applications so that regulatory...Are you looking to make a real, meaningful impact on the global state of information security?
Join us as a Security Content Developer to help address security issues at the source—insecure
software.
You will have the opportunity to positively impact nearly every part of the world's digital
infrastructure by helping shape secure software development for our clients who include the
world's largest financial services, software, healthcare, telecom, technology, media, and
industrial control system companies.
We are looking for experts in various domains of IT security, with extensive knowledge of
software security issues such as those outlined in CVEs, CWEs and the OWASP Top 10 and its
corresponding counter-measures. Along with expertise, we are looking for a passionate
candidate to develop clear security training courses, security requirements, procedures, and
guidelines for developers and practitioners.
Specific responsibilities include:
● Identifying and specifying the most commonly used frameworks and technologies within
a specific domain
● Researching and defining broad threats and vulnerabilities for the identified
technologies, frameworks, and programming languages
● Identify security requirements, pinpoint security threats and potential vulnerabilities,
quantify threat and vulnerability criticality, and prioritize remediation methods
● Writing content on how to implement defensive controls/requirements to address
those problems
● Writing detailed procedures and code samples to demonstrate vulnerabilities and how
counter-measures are implemented for that framework or technology
● Updating existing content based on the newer versions of frameworks and technologies
● Be aware of the recent breaches and security news for adding them into the course
script if needed.
Required Skills & Experience
● Familiarity with the specified domains of IT , and ability to identify the most common
practices and important frameworks.
●Familiarity with security requirements, pinpoint security threats and potential
vulnerabilities within most commonly used frameworks and technologies.
● Good knowledge of Threat modelling methodologies such as STRIDE, PASTA and
familiarity with common attack patterns databases such as CAPEC and ATT&CK.
● Understanding threat severity and, and prioritizing remediation methods.
● Hands-on experience with some threat modeling tools .
● Able to write the steps for providing the secure configuration, implementation and
deployment for Developers, DevOps and Ops Engineers audiences.
● Strong written communication skills and desire to write crisply and in an easy to
understand way.
● The candidate should be able to write clear how-to’s and guidelines.
Why Security Compass?
- Meaningful Work. We contribute towards making technology in the world more secure and our vision is one of a world where we can trust technology.
- Trust. It’s important to us that you trust those you work with and are empowered to be yourself. To build this trust and transparency, we encourage open, respectful communication.
- Innovation. We encourage you to explore ideas and test new theories, both in your work and your passion projects. We encourage disruptive thinking. You’ll be able to spend 10% of your time working on a side-project of your choosing.
- Growth. We make your growth and learning a priority by allocating all our employees with a dedicated learning & growth budget. We give our team members tools and support to be the drivers of their careers and encourage knowledge sharing.
- Life-Work Integration. We create an environment where you can integrate your work with life in a way that makes sense for you with our hybrid or remote working model, flexible work hours, and unlimited vacation!
- Fun. We could not have good culture without good fun, and we don’t underestimate its importance. Our casual atmosphere promotes camaraderie, fun and helps bring people together.
- Embracing Diversity, Inclusion and Equity. We speak up for inclusion and celebrate diversity in thought. Our goal is to create a safe, equitable workplace where everyone feels like they belong.
Click here to start imagining your future at Security Compass!
Security Compass is proud to be an Equal Opportunity employer. Diversity is our differentiator and all qualified applicants will be considered without regard to race, ethnicity, color, religion, creed, gender, pregnancy, sex, sexual orientation, gender identity, national origin, age, genetic information, military and veteran status, marital status, medical condition, disability, or any other legally protected basis, in a manner consistent with the requirements of applicable state and Federal law. Should you require accommodation for a disability, special need and/or religious reason, please inform hr@securitycompass.com so that an inclusive and barrier free process can be provided to all applicants throughout the application process. All information provided will be addressed confidentially. Learn more about your equal employment opportunity rights here.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: DevOps Industrial OWASP Vulnerabilities
Perks/benefits: Career development Equity Flex hours Flex vacation Startup environment Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Senior Cyber Security Specialist jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs