Security Content Developers/Researcher - Threat Modeling (Contract)

Are you looking to make a real, meaningful impact on the global state of information security?
Join us as a Security Content Developer to help address security issues at the source—insecure
software.

You will have the opportunity to positively impact nearly every part of the world's digital
infrastructure by helping shape secure software development for our clients who include the
world's largest financial services, software, healthcare, telecom, technology, media, and
industrial control system companies.

We are looking for experts in various domains of IT security, with extensive knowledge of
software security issues such as those outlined in CVEs, CWEs and the OWASP Top 10 and its
corresponding counter-measures. Along with expertise, we are looking for a passionate
candidate to develop clear security training courses, security requirements, procedures, and
guidelines for developers and practitioners.

Specific responsibilities include:
● Identifying and specifying the most commonly used frameworks and technologies within
a specific domain
● Researching and defining broad threats and vulnerabilities for the identified
technologies, frameworks, and programming languages
● Identify security requirements, pinpoint security threats and potential vulnerabilities,
quantify threat and vulnerability criticality, and prioritize remediation methods
● Writing content on how to implement defensive controls/requirements to address
those problems
● Writing detailed procedures and code samples to demonstrate vulnerabilities and how
counter-measures are implemented for that framework or technology
● Updating existing content based on the newer versions of frameworks and technologies
● Be aware of the recent breaches and security news for adding them into the course
script if needed.

Required Skills & Experience

● Familiarity with the specified domains of IT , and ability to identify the most common
practices and important frameworks.
●Familiarity with security requirements, pinpoint security threats and potential
vulnerabilities within most commonly used frameworks and technologies.
● Good knowledge of Threat modelling methodologies such as STRIDE, PASTA and
familiarity with common attack patterns databases such as CAPEC and ATT&CK.
● Understanding threat severity and, and prioritizing remediation methods.
● Hands-on experience with some threat modeling tools .
● Able to write the steps for providing the secure configuration, implementation and
deployment for Developers, DevOps and Ops Engineers audiences.
● Strong written communication skills and desire to write crisply and in an easy to
understand way.
● The candidate should be able to write clear how-to’s and guidelines.

Why Security Compass? 

• Meaningful Work.  We contribute towards making technology in the world more secure and our vision is one of a world where we can trust technology.
• Trust.  It’s important to us that you trust those you work with and are empowered to be yourself. To build this trust and transparency, we encourage open, respectful communication. 
• Innovation.  We encourage you to explore ideas and test new theories, both in your work and your passion projects. We encourage disruptive thinking. You’ll be able to spend 10% of your time working on a side-project of your choosing. 
• Growth.  We make your growth and learning a priority by allocating all our employees with a dedicated learning & growth budget. We give our team members tools and support to be the drivers of their careers and encourage knowledge sharing.
• Life-Work Integration.  We create an environment where you can integrate your work with life in a way that makes sense for you with our hybrid or remote working model, flexible work hours, and unlimited vacation!
• Fun.  We could not have good culture without good fun, and we don’t underestimate its importance. Our casual atmosphere promotes camaraderie, fun and helps bring people together. 
• Embracing Diversity, Inclusion and Equity.  We speak up for inclusion and celebrate diversity in thought. Our goal is to create a safe, equitable workplace where everyone feels like they belong.

Click here to start imagining your future at Security Compass!

Security Compass is proud to be an Equal Opportunity employer. Diversity is our differentiator and all qualified applicants will be considered without regard to race, ethnicity, color, religion, creed, gender, pregnancy, sex, sexual orientation, gender identity, national origin, age, genetic information, military and veteran status, marital status, medical condition, disability, or any other legally protected basis, in a manner consistent with the requirements of applicable state and Federal law. Should you require accommodation for a disability, special need and/or religious reason, please inform hr@securitycompass.com so that an inclusive and barrier free process can be provided to all applicants throughout the application process. All information provided will be addressed confidentially. Learn more about your equal employment opportunity rights here.