Cybersecurity Specialist - Threat Modeling & Security Testing

Threat Modeling & Security Testing Specialist

Contract

Role Overview

We are seeking a Threat Modeling & Security Testing Specialist to provide advisory and execution support for proactive threat identification, structured threat modeling, and security testing. This role helps clients identify attack paths, validate control effectiveness, document security weaknesses, and provide actionable recommendations to reduce risk across applications, platforms, infrastructure, and enterprise technology environments.

Key Responsibilities

• Conduct structured threat modeling exercises for applications, platforms, infrastructure environments, and related systems.
• Apply threat modeling methods such as STRIDE, MITRE ATT&CK, or similar frameworks to identify likely threats, weaknesses, and attack paths.
• Execute and support security testing activities to validate security control effectiveness.
• Simulate attacker scenarios to identify exploitation paths, control gaps, and potential risk exposures.
• Assess application and infrastructure security controls for design weaknesses, implementation gaps, and exploitable conditions.
• Document threat scenarios, findings, testing results, security weaknesses, and recommended mitigation actions.
• Collaborate with engineering, infrastructure, application, and security teams to advise on remediation strategies.
• Support continuous improvement of threat modeling methods, testing procedures, security testing playbooks, and advisory deliverables.
• Communicate findings and recommendations clearly to technical and non-technical stakeholders.

Required Qualifications

• 5+ years of experience in threat modeling, security testing, application security, infrastructure security, security engineering, or related disciplines.
• Knowledge of STRIDE, MITRE ATT&CK, or similar threat modeling frameworks.
• Experience conducting structured threat modeling exercises for applications, platforms, or infrastructure environments.
• Experience with application and infrastructure security testing.
• Ability to simulate attacker scenarios and identify weaknesses, exploitation paths, or control gaps.
• Ability to document findings and provide actionable recommendations for risk mitigation.
• Experience supporting large, complex enterprise environments.
• Client-facing advisory experience.
• Ability to operate across multiple industries and technology stacks.
• Experience supporting continuous improvement of threat modeling or security testing methodologies.
• Experience translating technical findings into practical remediation guidance.
• Strong analytical, documentation, presentation, advisory, and stakeholder communication skills.

Job Types: Full-time, Contract

Base Pay: From $55.00 per hour

Application Question(s):

• Are you eligible to work as a direct 1099 contractor (no W2 or C2C arrangements)? Please indicate your eligibility by typing 'Yes' or 'No'. Note – This question is required. Failure to answer may result in disqualification

Experience:

• Applications and Infrastructure Security Testing: 5 years (Required)
• Structured Threat Modeling: 3 years (Required)
• Big 4 Consulting: 1 year (Preferred)
• Attacker Simulation or Exploitation Analysis: 3 years (Required)

Work Location: Remote