BMO
Cyber Security Consultant – Application Security Threat Modeling
As a Cyber Security Consultant, you will be part of the Application Security Risk Assessments team within Cyber Security. The Application Security Risk Assessment team performs Threat Modelling of applications and technology designs to identify threats early in BMO Financial Group’s SDLC and risk management process. You will have an opportunity to take a collaborative approach in maturing threat modeling practices, identify relevant security threats and flaws, help colleagues continuously improve security practices, and enable business objectives.
What you will do:
- Be integral in continuously maturing the threat modeling practices and application security risk assessment program.
- Ensure security threats and countermeasures are identified in projects/initiatives as part of the SDLC process.
- Maintain an understanding of available security design patterns, their applicability to given initiatives, and identify gaps that require improvement opportunities.
- Produce high-quality threat modeling artifacts and track assessments and remediation activities in issue management platforms and/or designated repositories.
- Continuously keep apprised of business technology practices and relevant threats, both current and emerging, and work with the Security Architect to identify appropriate controls.
- Be an advocate for Cybersecurity company standards and industry best practices.
- Help build and improve threat libraries and controls, and standardize on threat modeling practices.
- Collaborate with the larger Security Assessment and Testing group in socializing threats identified in technology projects as part of overall risk analysis.
- Keep abreast of new technology trends and associated risks in application development practices, frameworks, cloud services, modern data store platforms, etc., and apply this knowledge during threat modeling exercises.
Skills and Experience we are looking for:
- Competent level working knowledge in Threat Modeling methodologies (e.g., Attack Trees, MSTM/STRIDE, PASTA) or performing Architecture Risk Analysis.
- Working experience in Agile methodologies.
- Knowledge of DevOps practices and ability to champion a security-first, DevSecOps culture.
- Ability to decompose applications and system designs in hybrid cloud architectures to identify potential threats.
- Proficient communication and negotiation skills, both verbal and written.
- Empathetic and eager to solve problems, driven to continuously learn new skills, and always maintains a high level of integrity.
- Prior experience in software development (e.g., Java, JS, Python) is preferred.
- Prior experience in 2 or more other security domains, e.g., ethical hacking, cloud security, network security, platform security, risk management is preferred.
- Typically, 2-3 years of relevant experience and a post-secondary degree in Computer Science, Engineering, or Information Systems or a related field of study or an equivalent combination of education.
Application Deadline: 04/29/2025
Address: 4100 Gordon Baker Road
Job Family Group: Technology
Salary: $65,400.00 – $121,800.00
Pay Type: Salaried
The above represents BMO Financial Group’s pay range and type. Salaries will vary based on factors such as location, skills, experience, education, and qualifications for the role, and may include a commission structure. BMO Financial Group’s total compensation package will vary based on the pay type of the position and may include performance-based incentives, discretionary bonuses, as well as other perks and rewards.
About Us: At BMO, we are driven by a shared Purpose: Boldly Grow the Good in business and life. It calls on us to create lasting, positive change for our customers, our communities, and our people.
BMO is committed to an inclusive, equitable, and accessible workplace. By learning from each other’s differences, we gain strength through our people and our perspectives. Accommodations are available on request for candidates taking part in all aspects of the selection process. To request accommodation, please contact your recruiter.
#J-18808-Ljbffr
