Senior Threat Modeler
Who We Are Looking For
We are looking for a Senior Threat Modeler. You will be responsible for performing threat modeling activities across enterprise applications, cloud platforms, APIs, and emerging technologies to identify security risks early in the development lifecycle and drive secure-by-design outcomes. You will partner with architects, engineers, developers, and cybersecurity teams to strengthen the security posture of critical business systems and technology platforms.
Why This Role Is Important To Us
The team you will be joining is part of the Security Architecture organization, a function that is critical to protecting the firm's applications, data, cloud environments, and technology services. Threat modeling enables the organization to proactively identify security weaknesses, reduce cyber risk, improve architectural resiliency, and ensure security requirements are incorporated into technology solutions from inception through deployment.
What You Will Be Responsible For
As a Senior Threat Modeler, you will:
- Conduct threat modeling activities for business applications, cloud-native platforms, APIs, and strategic technology initiatives.
- Analyze application architectures, data flows, trust boundaries, and cloud deployments to identify security threats and design weaknesses.
- Partner with application development, cloud engineering, and security teams to recommend practical risk mitigation strategies and secure design improvements.
- Perform security assessments using established methodologies such as STRIDE, MITRE ATT&CK, attack trees, and risk-based analysis techniques.
- Contribute to the development of threat modeling standards, reusable patterns, training materials, and secure-by-design practices across the enterprise.
- Strong knowledge of cloud-native architectures and security controls across AWS, Azure, and Google Cloud, with the ability to identify and mitigate risks in distributed, containerized, and platform-based environments.
What We Value
These skills will help you succeed in this role:
- Strong analytical, problem-solving, and risk assessment skills with the ability to identify complex security threats and vulnerabilities.
- Deep understanding of application security, cloud security, secure software development, and modern technology architectures.
- Strong communication and stakeholder management skills, with the ability to influence engineering and architecture teams.
- Experience working in large-scale, complex environments with diverse technology stacks and distributed teams.
- Ability to translate technical security findings into actionable recommendations that reduce business risk.
Education & Preferred Qualifications
- Degree in Computer Science, Cybersecurity, Information Technology, Engineering, or a related discipline.
- 12 years or more of experience in application security, cloud security, cybersecurity architecture, threat modeling, or related technology disciplines, with at least 7 years of hands-on cybersecurity experience preferred.
- Demonstrated experience conducting threat modeling exercises for enterprise applications, APIs, cloud platforms, and distributed systems.
- Strong expertise in application security principles, secure software development lifecycles, OWASP Top 10, API security, and secure coding practices.
- Experience assessing and securing cloud environments across AWS, Azure, and/or Google Cloud Platform.
- Knowledge of microservices, containers, Kubernetes, CI/CD pipelines, DevSecOps practices, and modern software architectures.
- Experience with threat modeling methodologies such as STRIDE, MITRE ATT&CK, attack trees, and adversary-based risk analysis.
- Professional certifications such as CISSP, CCSP, CSSLP, GWAPT, GWEB, AWS Security Specialty, Azure Security Engineer, or equivalent security certifications are highly desirable.
- Experience within financial services or other highly regulated industries is preferred.
Additional Requirements
- Ability to effectively collaborate with development, engineering, architecture, and cybersecurity teams.
- Strong written and verbal communication skills with the ability to present technical findings to both technical and non-technical audiences.
- Limited travel may be required based on business needs.
Work Requirement
Hybrid: Expected to work in accordance with State Street's hybrid work model.
Shift: Standard business hours with flexibility to support global stakeholders across multiple time zones.
Salary Range:
$120,000 - $202,500 AnnualThe range quoted above applies to the role in the primary location specified. If the candidate would ultimately work outside of the primary location above, the applicable range could differ.
Employees are eligible to participate in State Street’s comprehensive benefits program, which includes: our retirement savings plan (401K) with company match; insurance coverage including basic life, medical, dental, vision, long-term disability, and other optional additional coverages; paid-time off including vacation, sick leave, short term disability, and family care responsibilities; access to our Employee Assistance Program; incentive compensation including eligibility for annual performance-based awards (excluding certain sales roles subject to sales incentive plans); and, eligibility for certain tax advantaged savings plans.
For a full overview, visit https://hrportal.ehr.com/statestreet/Home.
About State Street
Across the globe, institutional investors rely on us to help them manage risk, respond to challenges, and drive performance and profitability. We keep our clients at the heart of everything we do, and smart, engaged employees are essential to our continued success.
We are committed to fostering an environment where every employee feels valued and empowered to reach their full potential. As an essential partner in our shared success, you’ll benefit from inclusive development opportunities, flexible work-life support, paid volunteer days, and vibrant employee networks that keep you connected to what matters most. Join us in shaping the future.
As an Equal Opportunity Employer, we consider all qualified applicants for all positions without regard to race, creed, color, religion, national origin, ancestry, ethnicity, age, disability, genetic information, sex, sexual orientation, gender identity or expression, citizenship, marital status, domestic partnership or civil union status, familial status, military and veteran status, and other characteristics protected by applicable law.
Discover more information on jobs at StateStreet.com/careers
Read our CEO Statement
Job Application Disclosure:
It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.
More jobs at Statestreet
- Alternative Investments Business Transformation Business Analyst, Officer — Princeton, New Jersey
- Alternatives Business Transformation Business Analyst, Assistant Vice President — Quincy, Massachusetts
- Implementation Functional Test Lead, Assistant Vice President — Quincy, Massachusetts
- Senior Cloud Security Architect — Quincy, Massachusetts