Senior Security Advisor at Intact, performing threat modelling and collaborating with cross-functional teams on security solutions. Requires extensive IT experience and security expertise.
Responsibilities
Perform structured threat modelling (e.g., STRIDE, MITRE ATT&CK, kill chain, attack trees, misuse/abuse cases) for applications, systems, and architecture patterns.
Work with data flow diagrams (DFDs), and architecture diagrams for new and existing systems.
Identify assets, trust boundaries, entry points, and potential attack paths.
Assess the likelihood and impact of identified threats, and assign inherent and residual risk ratings.
Translate threat modelling outcomes into clear security requirements and recommended controls.
Document control gaps and track remediation activities through to closure.
Collaborate with product, architect, developers, and engineers to support solution design by reviewing proposed architectures, patterns, and design decisions for security implications and providing recommendations.
Work with stakeholders to integrate threat modelling into product development workflows (e.g., SDLC, Agile, project delivery) across the organization.
Participate in secure code reviews to support security requirements and threat mitigations.
Plan and facilitate threat modelling workshops.
Communicate complex technical risks in clear, business-relevant language to both technical and non-technical stakeholders.
Contribute to the development and continuous improvement of threat modelling methodologies, templates, and tooling.
Support incident response and post-incident reviews by mapping exploited paths back to threat models and identifying improvements.
Maintain an up-to-date understanding of the threat landscape, including tactics, techniques, and procedures (TTPs), including those relevant to AI-related technologies.
Apply the Maestro framework (or similar) to structure and standardize threat modelling activities for use cases involving AI agents.
Requirements
Bachelor’s degree in computer science, or any combination of equivalent education and experience
Minimum ten (10) years of experience in information technology, including at least five (5) years in information security, with demonstrated experience in one or more of the following areas: application/cloud security, security architecture, threat modelling or risk assessment, threat intel, incident response, SOC, SIEM, vulnerability management, and red teaming or penetration testing
Strong knowledge of information security management principles and practices
Strong ethical principles and understanding of business and information security ethics
Good knowledge of common security vulnerabilities of web and cloud applications and operating techniques from sources such as SANS, OWASP Top 10 and Cloud Security Alliance (CSA)
Relevant certifications include (but are not limited to): CISSP, CISA, CISM, CGEIT, CRISC, GSEC, GISP, CCSP, SSCP, CSSLP, OSCP, SABSA, CEH, GCIH, GCTI, GCFE
Excellent oral and written communication skills – Need to interact on a regular basis with colleagues across the country
Positive attitude, team spirit and eagerness to learn
Critical mind
Experience working in a Security Operations Centre
Master the digital investigation concepts such as the chain of custody and the digital evidence
Demonstrated commitment to training, self-learning and maintaining proficiency in the technical cybersecurity domain
Experience with threat modelling tools is an asset (e.g., Microsoft Threat Modeling Tool, IriusRisk, Threat Dragon, in-house tools)
Experience working with diagramming tools is an asset (e.g., draw.io , Lucidchart, Visio) or code-based diagrams (e.g., PlantUML)
Proficiency in English is required; fluency in French is a plus.
No Canadian work experience required however must be eligible to work in Canada.
Benefits
Flexible work arrangements and a hybrid work model
Possibility to purchase up to 5 extra days off per year
Multiple benefits offered to support physical and mental wellbeing, including telemedicine, Wellness account and much more
Share plan & other savings: up to 12% of salary or even more (ask how you could earn guaranteed income for life)
Head of Infrastructure & Security responsible for cloud infrastructure on GCP and security programs. Leading SaaS development and technical teams at Rebus and Longbow Advantage.
Information Security Lead responsible for managing security programs at Dentons Canada. Overseeing security architecture, operations, incident response, and data protection initiatives.
Cybersecurity expert overseeing information defense, threat detection, and incident response at Investissement Québec. Leading security operations and leveraging AI for effective asset protection.
Lead cybersecurity initiatives and develop strategy for public broadcaster CBC/Radio - Canada. Shape technology road map, collaborate on enterprise architecture, and ensure policy compliance.
Senior Product Security Consultant at CENSUS LABS evaluating software security and threats. Responsible for validating security compliance and reporting on risks in complex systems.
Container Security Consultant needed for 12 - month contract with enterprise bank in Toronto. Must have strong container security experience with OpenShift, Docker, Kubernetes.
Technical Program Manager managing security programs aligned with security strategy at Guidewire. Collaborating with various stakeholders to enhance security maturity and efficiency.
Senior IT Architect specialized in Security & Networking infrastructure technologies leading architecture development for technology projects. Collaborating with multiple teams to ensure alignment with strategic objectives.
Director of IT Security leading the cybersecurity strategy for a remote workforce at Directive Consulting. Responsible for risk management, incident response, and compliance initiatives.