1,984 Threat Modeling jobs in India
Security Lead (Threat Modeling)
Posted today
Job Viewed
Job Description
Lead Threat Modeling Efforts:
- Own and lead the threat modeling process, including identifying threats, vulnerabilities, and mitigations for cloud-based applications and systems hosted on GCP.
- Collaborate with architects, engineers, and product teams to design secure, resilient systems by incorporating threat modeling early in the design phase.
- Conduct threat assessments for new and existing GCP services and applications, identifying risk areas and recommending controls to mitigate identified threats.
Security Frameworks & Best Practices:
- Develop and implement security frameworks and threat modeling methodologies (eg, STRIDE, PASTA) specific to cloud-based systems.
- Establish and promote best practices for applying threat modeling across all stages of the software development lifecycle (SDLC).
- Drive the adoption of threat modeling tools and automation, integrating them with existing CI/CD pipelines and security workflows.
Cross-Functional Collaboration:
- Work closely with the Cloud Security, DevOps, and Engineering teams to ensure that threat modeling is integrated into the architecture review and deployment processes.
- Support incident response and vulnerability management teams by conducting post-mortem threat assessments following security incidents and breaches.
Security Risk Assessment & Mitigation:
- Identify potential attack vectors, misconfigurations, and design flaws in GCP resources and cloud-native architectures.
- Recommend actionable security improvements based on threat analysis and provide guidance on implementing mitigation strategies.
- Conduct risk assessments for third-party integrations, APIs, and other cloud service components that could expose security vulnerabilities.
Security Training & Awareness:
- Lead training sessions to educate internal teams on threat modeling techniques, security design principles, and secure cloud development practices.
- Mentor junior security team members and foster a culture of security-first thinking across the organization.
Continuous Improvement & Innovation:
- Stay current with emerging threats, vulnerabilities, and attack techniques targeting cloud environments, particularly on GCP.
- Continuously refine and improve threat modeling processes, tools, and methodologies to stay ahead of evolving security challenges.
Skills & Qualifications:
Required:
Threat Modeling Expertise:
- Extensive experience in threat modeling, risk assessment, and vulnerability analysis, with a deep understanding of common threat modeling methodologies (eg, STRIDE, PASTA, ATT&CK).
- Proven ability to conduct threat assessments on complex cloud architectures and applications, identifying threats and developing mitigation strategies.
In-Depth Knowledge of GCP:
- Strong experience with Google Cloud Platform (GCP) , including core GCP services such as Compute Engine, Kubernetes Engine (GKE), Cloud Storage, BigQuery, IAM, VPC, Cloud Functions, and others.
- Understanding of GCP-specific security risks, controls, and compliance frameworks (eg, CIS benchmarks, SOC 2, HIPAA, etc).
Cloud Security Best Practices:
- In-depth knowledge of cloud-native security principles, including least privilege access, defense-in-depth, secure configurations, and infrastructure-as-code security.
- Familiarity with cloud security tools and frameworks for vulnerability management, identity and access management (IAM), and threat detection in GCP.
Collaboration & Communication Skills:
- Excellent communication skills with the ability to explain complex security concepts to both technical and non-technical stakeholders.
- Strong leadership and collaboration skills, with a track record of working across functional teams to influence and drive security initiatives.
Security Certifications:
- Relevant certifications such as Google Cloud Professional Cloud Security Engineer , CISSP , CCSP , or similar are strongly preferred.
Preferred:
Application Security Experience:
- Experience with application security practices, such as static analysis (SAST), dynamic analysis (DAST), and secure code reviews.
Security Tools & Automation:
- Familiarity with threat modeling tools (eg, Microsoft Threat Modeling Tool, Threat Dragon), security testing tools (eg, Burp Suite, Checkmarx), and cloud security posture management tools (eg, Prisma Cloud, Aqua Security).
Incident Response & Forensics:
- Experience in supporting security incident response and conducting forensic investigations in cloud environments.
Programming / Scripting Skills:
- Proficiency in at least one programming or scripting language (eg, Python, Go, Shell) for security automation and tooling is a plus.
Skills Required
Application Security, security tools , Go Programming Language, Python, Shell Programming
Security Lead (Threat Modeling)
Posted today
Job Viewed
Job Description
Lead Threat Modeling Efforts:
- Own and lead the threat modeling process, including identifying threats, vulnerabilities, and mitigations for cloud-based applications and systems hosted on GCP.
- Collaborate with architects, engineers, and product teams to design secure, resilient systems by incorporating threat modeling early in the design phase.
- Conduct threat assessments for new and existing GCP services and applications, identifying risk areas and recommending controls to mitigate identified threats.
Security Frameworks & Best Practices:
- Develop and implement security frameworks and threat modeling methodologies (eg, STRIDE, PASTA) specific to cloud-based systems.
- Establish and promote best practices for applying threat modeling across all stages of the software development lifecycle (SDLC).
- Drive the adoption of threat modeling tools and automation, integrating them with existing CI/CD pipelines and security workflows.
Cross-Functional Collaboration:
- Work closely with the Cloud Security, DevOps, and Engineering teams to ensure that threat modeling is integrated into the architecture review and deployment processes.
- Support incident response and vulnerability management teams by conducting post-mortem threat assessments following security incidents and breaches.
Security Risk Assessment & Mitigation:
- Identify potential attack vectors, misconfigurations, and design flaws in GCP resources and cloud-native architectures.
- Recommend actionable security improvements based on threat analysis and provide guidance on implementing mitigation strategies.
- Conduct risk assessments for third-party integrations, APIs, and other cloud service components that could expose security vulnerabilities.
Security Training & Awareness:
- Lead training sessions to educate internal teams on threat modeling techniques, security design principles, and secure cloud development practices.
- Mentor junior security team members and foster a culture of security-first thinking across the organization.
Continuous Improvement & Innovation:
- Stay current with emerging threats, vulnerabilities, and attack techniques targeting cloud environments, particularly on GCP.
- Continuously refine and improve threat modeling processes, tools, and methodologies to stay ahead of evolving security challenges.
Skills & Qualifications:
Required:
Threat Modeling Expertise:
- Extensive experience in threat modeling, risk assessment, and vulnerability analysis, with a deep understanding of common threat modeling methodologies (eg, STRIDE, PASTA, ATT&CK).
- Proven ability to conduct threat assessments on complex cloud architectures and applications, identifying threats and developing mitigation strategies.
In-Depth Knowledge of GCP:
- Strong experience with Google Cloud Platform (GCP) , including core GCP services such as Compute Engine, Kubernetes Engine (GKE), Cloud Storage, BigQuery, IAM, VPC, Cloud Functions, and others.
- Understanding of GCP-specific security risks, controls, and compliance frameworks (eg, CIS benchmarks, SOC 2, HIPAA, etc).
Cloud Security Best Practices:
- In-depth knowledge of cloud-native security principles, including least privilege access, defense-in-depth, secure configurations, and infrastructure-as-code security.
- Familiarity with cloud security tools and frameworks for vulnerability management, identity and access management (IAM), and threat detection in GCP.
Collaboration & Communication Skills:
- Excellent communication skills with the ability to explain complex security concepts to both technical and non-technical stakeholders.
- Strong leadership and collaboration skills, with a track record of working across functional teams to influence and drive security initiatives.
Security Certifications:
- Relevant certifications such as Google Cloud Professional Cloud Security Engineer , CISSP , CCSP , or similar are strongly preferred.
Preferred:
Application Security Experience:
- Experience with application security practices, such as static analysis (SAST), dynamic analysis (DAST), and secure code reviews.
Security Tools & Automation:
- Familiarity with threat modeling tools (eg, Microsoft Threat Modeling Tool, Threat Dragon), security testing tools (eg, Burp Suite, Checkmarx), and cloud security posture management tools (eg, Prisma Cloud, Aqua Security).
Incident Response & Forensics:
- Experience in supporting security incident response and conducting forensic investigations in cloud environments.
Programming / Scripting Skills:
- Proficiency in at least one programming or scripting language (eg, Python, Go, Shell) for security automation and tooling is a plus.
Skills Required
Application Security, security tools , threat modeling , Go Programming Language, Shell Programming, Python
Security Lead (Threat Modeling)
Posted today
Job Viewed
Job Description
Lead Threat Modeling Efforts:
- Own and lead the threat modeling process, including identifying threats, vulnerabilities, and mitigations for cloud-based applications and systems hosted on GCP.
- Collaborate with architects, engineers, and product teams to design secure, resilient systems by incorporating threat modeling early in the design phase.
- Conduct threat assessments for new and existing GCP services and applications, identifying risk areas and recommending controls to mitigate identified threats.
Security Frameworks & Best Practices:
- Develop and implement security frameworks and threat modeling methodologies (eg, STRIDE, PASTA) specific to cloud-based systems.
- Establish and promote best practices for applying threat modeling across all stages of the software development lifecycle (SDLC).
- Drive the adoption of threat modeling tools and automation, integrating them with existing CI/CD pipelines and security workflows.
Cross-Functional Collaboration:
- Work closely with the Cloud Security, DevOps, and Engineering teams to ensure that threat modeling is integrated into the architecture review and deployment processes.
- Support incident response and vulnerability management teams by conducting post-mortem threat assessments following security incidents and breaches.
Security Risk Assessment & Mitigation:
- Identify potential attack vectors, misconfigurations, and design flaws in GCP resources and cloud-native architectures.
- Recommend actionable security improvements based on threat analysis and provide guidance on implementing mitigation strategies.
- Conduct risk assessments for third-party integrations, APIs, and other cloud service components that could expose security vulnerabilities.
Security Training & Awareness:
- Lead training sessions to educate internal teams on threat modeling techniques, security design principles, and secure cloud development practices.
- Mentor junior security team members and foster a culture of security-first thinking across the organization.
Continuous Improvement & Innovation:
- Stay current with emerging threats, vulnerabilities, and attack techniques targeting cloud environments, particularly on GCP.
- Continuously refine and improve threat modeling processes, tools, and methodologies to stay ahead of evolving security challenges.
Skills & Qualifications:
Required:
Threat Modeling Expertise:
- Extensive experience in threat modeling, risk assessment, and vulnerability analysis, with a deep understanding of common threat modeling methodologies (eg, STRIDE, PASTA, ATT&CK).
- Proven ability to conduct threat assessments on complex cloud architectures and applications, identifying threats and developing mitigation strategies.
In-Depth Knowledge of GCP:
- Strong experience with Google Cloud Platform (GCP) , including core GCP services such as Compute Engine, Kubernetes Engine (GKE), Cloud Storage, BigQuery, IAM, VPC, Cloud Functions, and others.
- Understanding of GCP-specific security risks, controls, and compliance frameworks (eg, CIS benchmarks, SOC 2, HIPAA, etc).
Cloud Security Best Practices:
- In-depth knowledge of cloud-native security principles, including least privilege access, defense-in-depth, secure configurations, and infrastructure-as-code security.
- Familiarity with cloud security tools and frameworks for vulnerability management, identity and access management (IAM), and threat detection in GCP.
Collaboration & Communication Skills:
- Excellent communication skills with the ability to explain complex security concepts to both technical and non-technical stakeholders.
- Strong leadership and collaboration skills, with a track record of working across functional teams to influence and drive security initiatives.
Security Certifications:
- Relevant certifications such as Google Cloud Professional Cloud Security Engineer , CISSP , CCSP , or similar are strongly preferred.
Preferred:
Application Security Experience:
- Experience with application security practices, such as static analysis (SAST), dynamic analysis (DAST), and secure code reviews.
Security Tools & Automation:
- Familiarity with threat modeling tools (eg, Microsoft Threat Modeling Tool, Threat Dragon), security testing tools (eg, Burp Suite, Checkmarx), and cloud security posture management tools (eg, Prisma Cloud, Aqua Security).
Incident Response & Forensics:
- Experience in supporting security incident response and conducting forensic investigations in cloud environments.
Programming / Scripting Skills:
- Proficiency in at least one programming or scripting language (eg, Python, Go, Shell) for security automation and tooling is a plus.
Skills Required
Application Security, security tools , Go, Python, Shell Programming, threat modeling
Cyber Security Analyst - Threat Modeling
Posted 2 days ago
Job Viewed
Job Description
**Position responsibilities include:**
+ Perform threat modeling for Enterprise and SaaS IT assets.
+ Gain understanding of the business process, application architecture, IT infrastructure and interaction with external entities.
+ Work with business, application, and supplier teams to perform in-depth threat assessments by leveraging methods such as STRIDE, VAST, Attack Tree etc.
+ Provide subject matter expertise in assessing potential security threats in the application architecture and evaluate security controls to mitigate threats.
+ Assess the risk of identified threats by evaluating likelihood and impact, determine countermeasures and remediation.
+ Apply Information Security Policy and industry security standards (E.g.: OWASP, NIST, CIS etc.,) and guide application teams to help build secure products.
+ Follow security governance process for issue tracking and closure. Ensure that security improvement actions are evaluated, validated, and implemented as required.
+ Provide feedback for improving Threat Modeling tools and processes.
+ Leverage industry best practices to continually improve process maturity.
+ Promote awareness of security issues among application teams and business teams through training and awareness programs.
+ Stay updated through continuous learning of emerging technologies like LLM, ZTNA, LCNC etc.
**Skillset required:**
+ Experience in handling web application security risks - OWASP Top-10 E.g.: Injection attacks, buffer overflow, cross-site scripting etc.
+ Skill to provide security controls guidance related to data usage, processing, storage, and transmission.
+ Knowledge of different Threat Modeling methodologies (E.g.: STRIDE, VAST, Attack Tree etc.).
+ Knowledge of security assessment, risk management processes, cyber security threats, vulnerabilities, attack methods and techniques.
+ Knowledge of organization's information security policies, standards, and procedures.
+ Ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
+ Knowledge of network access, cryptography, cryptographic key management concepts, identity and access management (e.g.: OAuth, OpenID, SAML).
+ Knowledge of cloud security and API security.
+ Knowledge of security assessment for Microservices architecture, Databases (SQL/NoSQL), Google Cloud Platform resources like cloud storage, Redis Pub/Sub and Cloud Run.
+ Knowledge of computer networking and network security architecture concepts including topology, protocols, components, and principles.
+ Knowledge of laws, regulations, policies, and ethics related to cybersecurity and privacy.
+ Ability to evaluate information for reliability, validity, and relevance.
+ Excellent analytical, communication, documentation, and presentation skills.
+ Knowledge of emerging technologies like AI/ML, Zero Trust, LCNC etc. and willingness to learn new technologies and concepts.
+ Knowledge of Agile practices and SDLC
+ Self-Starter who can work in ambiguous situations and drive to a solution.
+ Strong interpersonal skills, including ability to educate and influence.
**Qualifications required:**
+ Bachelor's degree in computer science, Cyber Security, or related field of study
+ 2+ years of experience in Cyber Security or related fields of IT.
+ Knowledge on Security Framework such as NIST CSF, ISO27001, OWASP Top-10 etc.
+ Cyber security certifications like CISSP, OSCP, CEH, Pentest+ are highly desirable.
**Requisition ID** : 49911
Cyber Security Analyst – Threat Modeling
Posted today
Job Viewed
Job Description
Cyber Security Analyst – Threat Modeling is responsible for performing security assessments for applications, infrastructure and emerging technologies and guiding product / service teams in secure design of IT systems.
Skillset required:
Qualifications required:
undefined
Lead Security Engineer - Threat Modeling, Terraform, AWS
Posted today
Job Viewed
Job Description
Take on a crucial role where you'll be a key part of a high-performing team delivering secure software solutions. Make a real impact as you help shape the future of software security at one of the world's largest and most influential companies.
As a Lead Security Engineer at JPMorgan Chase within the Cybersecurity & Tech Controls team, you are an integral part of team that works to deliver software solutions that satisfy pre-defined functional and user requirements with the added dimension of preventing misuse, circumvention, and malicious behavior. As a core technical contributor, you are responsible for carrying out critical technology solutions with tamper-proof, audit defensible methods across multiple technical areas within various business functions.
Job responsibilities
Required qualifications, capabilities, and skills
Preferred qualifications, capabilities, and skills
Information Security Manager - Risk Assessment
Posted 1 day ago
Job Viewed
Job Description
Be The First To Know
About the latest Threat modeling Jobs in India !
Information Security
Posted today
Job Viewed
Job Description
About Snapmint
Snapmint is a leading fintech company redefining access to consumer credit in India. With over 10
million customers across 2,200+ cities, our zero-cost EMI platform enables responsible purchases
without the need for a credit card across categories like fashion, electronics, and lifestyle.
India has over 300 million credit-eligible consumers, yet fewer than 35 million actively use credit
cards. Snapmint addresses this gap by offering a trusted, transparent alternative grounded in
financial inclusion and ethical lending practices.
Founded in 2017, Snapmint is a profitable, high-growth company doubling year-on-year. Our
founding team, alumni of IIT Bombay and ISB, brings deep experience from companies like Oyo, Ola, Maruti Suzuki, and has successfully built and exited ventures in ad-tech, patent analytics, and
bank-tech. We are building the future of responsible consumer finance, simple, transparent, and customer-first.
Role Overview
We are looking for a senior Information Security leader to join our rapidly growing fintech company. Prior experience in a regulated financial environment such as an NBFC, payment aggregator, PPI, or bank is essential. In this strategic role, you will define and drive our cybersecurity vision, ensure compliance with evolving regulations, protect critical digital assets, and strengthen our overall security posture. This is a key leadership position, working closely with executive teams to build a secure and scalable future.
Key Objectives
● Lead the company's information security and risk management strategy.
● Safeguard data, intellectual property, and technology assets from internal and external threats.
● Ensure compliance with data privacy and cybersecurity regulations (e.g., DPDP, GDPR).
● Develop, implement, and enforce security policies, procedures, and incident response plans.
● Partner with business and IT leaders to embed security across operations and ensure resilience.
Key Responsibilities
● Design and manage a comprehensive security program spanning cyber defense, data protection, and threat detection.
● Conduct risk assessments, oversee mitigation strategies, and manage security controls across
on-prem and cloud infrastructure.
● Lead incident detection, response, recovery, and continuous improvement of the security posture.
● Ensure compliance through regular audits, regulatory reporting, and vulnerability assessments.
● Promote a culture of security through awareness training and cross-functional engagement.
● Monitor the evolving threat landscape and advise leadership on emerging risks and technologies.
Required Qualifications
● Bachelor's degree in Information Security, Computer Science, or related field.
● 6+ years in a senior information security role (e.g., CISO, Security Lead), with direct experience in a fintech, NBFC, banking, or regulated financial services environment.
● Strong grasp of cybersecurity frameworks (e.g., ISO 27001), threat modeling, and risk governance.
● Hands-on experience with firewalls, IDS/IPS, encryption, and other core security technologies.
● In-depth understanding of data protection laws and regulatory standards.
● Proven track record of leading and developing high-performing security teams.
Preferred Qualifications
● Certifications such as CISSP, CISM, CISA, or equivalent.
● Experience securing cloud platforms (AWS, Azure, GCP).
● Familiarity with DevSecOps, secure SDLC, and application security.
● Background in penetration testing, ethical hacking, or incident forensics.
● Proficiency with SIEM and security analytics tools.
● Exposure to AI/ML applications in cybersecurity is a plus
Location: Mumbai
Skills Required
Ethical Hacking, Ips, regulatory standards , secure sdlc , Firewalls, Encryption, DevSecOps, Application Security, Ids, Siem, Penetration Testing
Information security
Posted today
Job Viewed
Job Description
Common accountabilities:
- Works autonomously within defined processes and procedures or methodologies, takes standard decisions and may support the development of solutions to complex problems of a recurring nature.
- Receives instruction, guidance and direction from more senior level roles or manager, with regular monitoring on the status of the assignments.
- May have specialized formal education or the equivalent work experience and has the required technical and functional skills and basic knowledge of the business.
Specific accountabilities:
Test strategy
* Attend to specification/architecture reviews (also on customer specification reviews when applicable), and provide feedback along with any potential impact, risk, issue or missed gap based on experience,
* Define test strategy and test plan containing test cases (functional and non-functional), ensure traceability with specifications and customer requirements,
* Ensure compliance of test strategy with CI/CD guidelines, Green IT guidelines and all quality guidelines (SDL, STDL), QA best practices/standards from the industry (ISTQB.),
Test expertise
* Design test cases and write test case scripts
* Prepare test environment, test data, and execute test cases
* Provide sign-off (go/no-go) on tested features based on defined exit criteria
Test automation
* Assess necessity to automate subset of (or all) test scripts
* Use test automation framework and contribute to its improvement
Defect management
* Open defects for software or documentation, assign relevant level of severity based on the importance of the issue, provide relevant investigation and information in order to fix defects
* Check defect fix, and give go/no-go for the load of production defects
Reporting
* Report and communicate on test activities to the line organization, software developers and product definitions analysts
* Provide visibility on testing campaign/milestones to all stakeholders
Quality assurance ambassador
* Show accountability for the project, product or release quality control
Technicity
* Efficiently use QA tooling stack and frameworks
* Be proactive about any issue/change that is likely to affect QA peers daily job
Continuous and sustainable improvement
* Participate to the understanding, measurement and reduction of the environmental impact of the tested applications and associated QA activities
Information Security
Posted today
Job Viewed
Job Description
Incedo is a US-based consulting, data science and technology services firm with over 2,500 people helping clients from our six offices across US and India. We help our clients achieve competitive advantage through end-to-end digital transformation. Our uniqueness lies in bringing together strong engineering, data science, and design capabilities coupled with deep domain understanding. We combine services and products to maximize business impact for our clients in telecom, financial services, product engineering and life science & healthcare industries.
Working at Incedo will provide you an opportunity to work with industry leading client organizations, deep technology and domain experts, and global teams. Incedo University, our learning platform, provides ample learning opportunities starting with a structured onboarding program and carrying throughout various stages of your career. A variety of fun activities are also an integral part of our friendly work environment. Our flexible career paths allow you to grow into a program manager, a technical architect or a domain expert based on your skills and interests.
Role Description
Should be Certified Lead Auditor/implementor ISO 27001:2013.
**Detailed knowledge of ISO 27001**: 2013 implementation and Assessment
Expertise in planning, creation and implementation of company security policies.
Should have good experience in performing Internal audit and External audit security audits.
"Good Understanding and implementation experience on
Risk Management (Asset & Context Based)
Incident Management
Business Continuity Management"
Should able to work closely with IT Application and Infrastructure team to understand business needs and assist with security architecture, secure coding, and design of Information Technology systems
Should have understating of statutory and regulatory requirements across IT, HR and Facilities.
Should able to drive security aware training programs.
Should be well versed with Physical Security requirements
Should be well versed with Logical Security requirements
Should be well versed with HR Security requirements
Should have worked on implentation of certifcations like - PCI DSS, HIPAA & SOC 2
Should have worked on providing responses towards clients RFPs covering GRC
Company Value Company Value
We are an Equal Opportunity Employer. We value diversity at Incedo. We do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.