Cyber Security Consultant – Application Security Threat Modeling

at  BMO Financial Group

4100 Gordon Baker Road Toronto Ontario,M1W 3E8
As a Cyber Security Consultant, you will be part of Application Security Risk Assessments team within Cyber Security. The Application Security Risk Assessment team performs Threat Modelling of applications and technology designs to identify threats early in BMO Financial Group’s SDLC and risk management process. The Application Security Risk Assessment team is part of highly collaborative Cybersecurity and Technology organization. As a Cyber Security Consultant, you will have an opportunity to take collaborative approach in maturing threat modeling practices, identify relevant security threats and flaws, help colleagues continuously improve security practices and enable business objectives.

What you will do:

• Be integral in continuously maturing the threat modeling practices and application security risk assessment program.
• Be integral in ensuring security threats and countermeasures are identified in projects/initiatives as part of SDLC process.
• Maintain an understanding of available security design patterns, their applicability to given initiative and identify gaps that require improvement opportunities.
• Produce high quality threat modeling artifacts and follow through in tracking of assessments and remediation activities in issue management platform and/or designated repository.
• Continuously keep apprised of business technology practices and relevant threats, both current and emerging and work with Security Architect to identify appropriate controls.
• Be an advocate for Cybersecurity company standards and industry best practices.
• Help build, improve threat libraries and controls and standardize on threat modeling practices.
• Collaborate with larger Security Assessment and Testing group in socializing threats identified in technology projects as part of overall risk analysis.
• Keep abreast of new technology trends and associated risks in application development practices, frameworks, cloud services, modern data store platforms etc. and ability apply this knowledge and skills during threat modeling exercises.

Skills and Experience we are looking for:

• Competent level working knowledge in Threat Modeling methodologies (e.g., Attack Trees, MSTM/STRIDE, PASTA) or performing Architecture Risk Analysis.
• Working experience in Agile methodologies.
• Knowledge of DevOps practices and ability to champion security first, DevSecOps culture and practices.
• Ability to decompose applications and system designs in hybrid cloud architectures to identify potential threats.
• Proficient communication and negotiations skills, both verbal and written.
• Is empathetic and eager to solve problems, driven to continuously learn new skills, and always maintains high level of integrity.
• Prior experience in software development (e.g., Java, JS, Python) is preferred.
• Prior experience in 2 or more other security domains, e.g., ethical hacking, cloud security, network security, platform security, risk management is preferred.
• Typically, 2-3 years of relevant experience and a post-secondary degree in Computer Science, Engineering, or Information Systems or a related field of study or an equivalent combination of education

ABOUT US

At BMO we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities and our people. By working together, innovating and pushing boundaries, we transform lives and businesses, and power economic growth around the world.
As a member of the BMO team you are valued, respected and heard, and you have more ways to grow and make an impact. We strive to help you make an impact from day one – for yourself and our customers. We’ll support you with the tools and resources you need to reach new milestones, as you help our customers reach theirs. From in-depth training and coaching, to manager support and network-building opportunities, we’ll help you gain valuable experience, and broaden your skillset.
To find out more visit us at https://jobs.bmo.com/ca/en
BMO is committed to an inclusive, equitable and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.
Note to Recruiters: BMO does not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to BMO, directly or indirectly, will be considered BMO property. BMO will not pay a fee for any placement resulting from the receipt of an unsolicited resume. A recruiting agency must first have a valid, written and fully executed agency agreement contract for service to submit resumes

• Be integral in continuously maturing the threat modeling practices and application security risk assessment program.
• Be integral in ensuring security threats and countermeasures are identified in projects/initiatives as part of SDLC process.
• Maintain an understanding of available security design patterns, their applicability to given initiative and identify gaps that require improvement opportunities.
• Produce high quality threat modeling artifacts and follow through in tracking of assessments and remediation activities in issue management platform and/or designated repository.
• Continuously keep apprised of business technology practices and relevant threats, both current and emerging and work with Security Architect to identify appropriate controls.
• Be an advocate for Cybersecurity company standards and industry best practices.
• Help build, improve threat libraries and controls and standardize on threat modeling practices.
• Collaborate with larger Security Assessment and Testing group in socializing threats identified in technology projects as part of overall risk analysis.
• Keep abreast of new technology trends and associated risks in application development practices, frameworks, cloud services, modern data store platforms etc. and ability apply this knowledge and skills during threat modeling exercises