Share this Job

Senior Threat Modeler

Apply now »

Date Posted: Jul 18, 2022

Location(s): Cary, NC, US, 27513

Company: MetLife

Job Location: Cary, NC (hybrid)

 

Role Value Proposition: 

The mission of MetLife’s Global Application Security team is to protect application assets and business reputation while fostering a culture of secure-by-design in partnership with global stakeholders to safeguard MetLife and customer sensitive data.​ This is a hands-on technical opportunity within our core application security testing and engineering team. You will champion our established threat modeling practices across all lines of business and consult directly with software developers, systems architects, and program managers to create threat models for Cloud-native applications, mobile applications, API services, and legacy systems.

 

Essential Knowledge and Skills:

Required:

  • Bachelor’s degree in Computer Science, Cybersecurity, or Systems Security Engineering.
  • 8-10 years’ experience leading application threat modeling activities.
  • Exceptional performance record in delivering application centric threat models.
  • Applied knowledge of modern threat modeling concepts, tools, and techniques.
  • Ability to apply the MITRE CAPEC and ATT&CK to threat modeling.
  • In-depth practical understanding and application of IETF, OASIS, and NIST standards.
  • Experience analyzing software architecture internals and component integrations.
  • Applied understanding of INCOSE and NIST system security engineering principles.
  • Practical experience in the review of Cloud infrastructure-as-code deployments.
  • Working knowledge of cryptographic algorithms and opportunities for modernization.
  • Strong technical acumen, writing and communication skills.
  • Self-motivated with a strong propensity to constantly learn and impart knowledge.
  • Ability to maintain awareness of emerging application security threats, especially those targeting the financial services industry.

 

Preferred:

  • CSSLP professional certification or CSP certification from AWS, Microsoft, or Google.
  • Ability to perform secure code reviews for Java, .NET, COBOL, Python, and/or JavaScript.
  • Experience with Open-Source threat modeling tools and defect tracking systems.
  • Experience with DevSecOps, Agile, and the ability to code security test automation.

 

Business Category

Information Security, Application Security

 

At MetLife, we’re leading the global transformation of an industry we’ve long defined. United in purpose, diverse in perspective, we’re dedicated to making a difference in the lives of our customers.”

 

#LI-WRAPJOB

 

MetLife:

MetLife, through its subsidiaries and affiliates, is one of the world’s leading financial services companies, providing insurance, annuities, employee benefits and asset management to help its individual and institutional customers navigate their changing world. Founded in 1868, MetLife has operations in more than 40 countries and holds leading market positions in the United States, Japan, Latin America, Asia, Europe and the Middle East.

 

We are one of the largest institutional investors in the U.S. with $642.4 billion of total assets under management as of March 31, 2021. We are ranked #46 on the Fortune 500 list for 2021. In 2020, we were named to the Dow Jones Sustainability Index (DJSI) for the fifth year in a row. DJSI is a global index to track the leading sustainability-driven companies. We are proud to have been named to Fortune magazine's 2021 list of the "World's Most Admired Companies." 

       

MetLife is committed to building a purpose-driven and inclusive culture that energizes our people. Our employees work every day to help build a more confident future for people around the world.

 

We want to make it simple for all interested and qualified candidates to apply for employment opportunities with MetLife.  For further information about how to request a reasonable accommodation, please click on the Disability Accommodations link below.

 

MetLife is a proud Equal Employment Opportunity and Affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at MetLife without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.

 

MetLife maintains a drug-free workplace.

 

Requisition #: 127120

 


Nearest Major Market: Raleigh