Senior Threat Modeler - NJ, NC, OH, TX

Systems Architect 3 – Threat Modeler (Contingent)

Client: Financial Services

Location: Charlotte, NC, Irving, TX, Raleigh, NC, Columbus, OH, Iselin, NJ (Preferred)

Work Arrangement: Hybrid – 3 days onsite / 2 days remote. Preferred onsite days: Wednesday & Thursday. If located in DFW: 7:00 AM – 4:00 PM required. Standard shift: 8:00 AM – 5:00 PM (Mon–Fri). Fully remote not permitted.

Contract Length: 12mo

Contingent Assignment (Conversion Eligible)

Pay Rate: $61 - $65

Top Requirements:

• 6+ years of experience building, designing, or operating enterprise systems, including application development, platform engineering, or systems architecture.
• Demonstrated ability to decompose complex distributed systems and reason about behavior, dependencies, and trust boundaries.
• 2+ years of experience in security or threat modeling, including applying structured methodologies (STRIDE, PASTA, VAST).
• Experience using threat modeling tools (ThreatModeler, OWASP Threat Dragon, Microsoft Threat Modeling Tool).
• Strong ability to analyze risk, prioritize threats, and recommend practical mitigations at the architectural level.
• Excellent communication and facilitation skills with the ability to engage senior engineers and architects.
• Strong attention to detail and ability to manage multiple concurrent threat models.

Plusses:

• Experience leading architecture risk reviews or enterprise threat modeling initiatives.
• Experience with cloud-native, distributed, or event-driven architectures.
• Exposure to emerging technologies such as GenAI systems.
• Experience with Threat Modeling as Code (TaaC) or automation-driven modeling approaches.
• Security or cloud certifications (CISSP, CCSP, AWS/Azure/GCP certifications).
• Scripting experience (e.g., Python) to support analysis and tooling integration.

Job Summary: The Systems Architect 3 – Threat Modeler performs deep, architecture-driven threat modeling for enterprise applications, services, and platforms. This role focuses on decomposing complex systems, identifying realistic attack paths, and driving risk-informed mitigation strategies. The position blends strong systems architecture expertise with applied security knowledge, emphasizing human judgment, prioritization, and adversarial thinking while leveraging enterprise threat modeling tools and methodologies.

Day-to-Day Responsibilities:

• Engage directly with engineering teams to understand real-world system architectures, dependencies, and trust boundaries.
• Decompose complex systems into components, data flows, and trust boundaries for analysis.
• Develop and maintain threat models using enterprise-standard tooling (ThreatModeler).
• Identify, assess, and prioritize risks using structured threat modeling methodologies and expert judgment.
• Evaluate threats for realistic exploitability vs. theoretical exposure.
• Review architecture, configurations, and code to validate mitigation controls.
• Recommend pragmatic, risk-based mitigations, prioritizing architectural improvements.
• Produce clear, audit-defensible documentation and reports.
• Present findings to engineering teams, leadership, and audit stakeholders.
• Collaborate with cybersecurity and platform teams to evolve control patterns and standards.
• Manage multiple concurrent threat modeling engagements within delivery timelines.