Senior Threat Modeler - NJ, NC, OH, TX
Description:
Systems Architect 3 – Threat Modeler (Contingent)
Client: Financial Services
Location: Charlotte, NC, Irving, TX, Raleigh, NC, Columbus, OH, Iselin, NJ (Preferred)
Work Arrangement: Hybrid – 3 days onsite / 2 days remote. Preferred onsite days: Wednesday & Thursday. If located in DFW: 7:00 AM – 4:00 PM required. Standard shift: 8:00 AM – 5:00 PM (Mon–Fri). Fully remote not permitted.
Contract Length: 12mo
Contingent Assignment (Conversion Eligible)
Pay Rate: $61 - $65
Top Requirements:
6+ years of experience building, designing, or operating enterprise systems, including application development, platform engineering, or systems architecture.
Demonstrated ability to decompose complex distributed systems and reason about behavior, dependencies, and trust boundaries.
2+ years of experience in security or threat modeling, including applying structured methodologies (STRIDE, PASTA, VAST).
Experience using threat modeling tools (ThreatModeler, OWASP Threat Dragon, Microsoft Threat Modeling Tool).
Strong ability to analyze risk, prioritize threats, and recommend practical mitigations at the architectural level.
Excellent communication and facilitation skills with the ability to engage senior engineers and architects.
Strong attention to detail and ability to manage multiple concurrent threat models.
Plusses:
Experience leading architecture risk reviews or enterprise threat modeling initiatives.
Experience with cloud-native, distributed, or event-driven architectures.
Exposure to emerging technologies such as GenAI systems.
Experience with Threat Modeling as Code (TaaC) or automation-driven modeling approaches.
Security or cloud certifications (CISSP, CCSP, AWS/Azure/GCP certifications).
Scripting experience (e.g., Python) to support analysis and tooling integration.
Job Summary: The Systems Architect 3 – Threat Modeler performs deep, architecture-driven threat modeling for enterprise applications, services, and platforms. This role focuses on decomposing complex systems, identifying realistic attack paths, and driving risk-informed mitigation strategies. The position blends strong systems architecture expertise with applied security knowledge, emphasizing human judgment, prioritization, and adversarial thinking while leveraging enterprise threat modeling tools and methodologies.
Day-to-Day Responsibilities:
Engage directly with engineering teams to understand real-world system architectures, dependencies, and trust boundaries.
Decompose complex systems into components, data flows, and trust boundaries for analysis.
Develop and maintain threat models using enterprise-standard tooling (ThreatModeler).
Identify, assess, and prioritize risks using structured threat modeling methodologies and expert judgment.
Evaluate threats for realistic exploitability vs. theoretical exposure.
Review architecture, configurations, and code to validate mitigation controls.
Recommend pragmatic, risk-based mitigations, prioritizing architectural improvements.
Produce clear, audit-defensible documentation and reports.
Present findings to engineering teams, leadership, and audit stakeholders.
Collaborate with cybersecurity and platform teams to evolve control patterns and standards.
Manage multiple concurrent threat modeling engagements within delivery timelines.