Manager, Threat Modeling (GCP)

About This Role

This role primarily focuses on leading the design, execution, and improvement of the organization's threat modeling capabilities across cloud and application environments, particularly on GCP. The Manager will also mentor and develop threat modeling engineers, integrate security practices into the SDLC, and proactively identify and mitigate security risks.

Responsibilities

• Lead and scale the threat modeling program across applications, platforms, and cloud services
• Manage, mentor, and develop threat modeling engineers
• Oversee and conduct threat modeling exercises using established frameworks and methodologies
• Review system and application architectures to identify security gaps, exploitable threats, and design weaknesses
• Define, track, and manage the lifecycle of identified threats and mitigation controls
• Ensure timely delivery of threat models and associated remediation activities
• Establish standards, processes, and best practices to continuously improve the threat modeling discipline
• Partner with engineering and architecture teams to integrate threat modeling into Agile and DevOps workflows
• Provide strategic recommendations to reduce risk and improve security posture
• Present risk assessments, findings, and progress updates to senior leadership and technical stakeholders

Requirements

• 8+ years of experience across security engineering, architecture, or cybersecurity disciplines
• 5+ years of hands-on cybersecurity experience with a focus on application and cloud security
• Proven experience leading or mentoring security engineers or technical teams
• Strong expertise in threat modeling frameworks and methodologies (e.g., STRIDE, PASTA, MITRE ATT&CK)
• Deep knowledge of security architecture principles, patterns, and best practices
• Strong experience with Google Cloud Platform (GCP)
• Hands-on experience conducting technical architecture design reviews
• Solid understanding of authentication, authorization, encryption, logging/monitoring, infrastructure security, and network segmentation
• Experience identifying vulnerabilities using OWASP Top 10 and CWE
• Familiarity with REST APIs and modern application architectures
• Experience with Infrastructure as Code and scripting (Terraform, CloudFormation, or similar)
• Working knowledge of CI/CD pipelines, SDLC, and secure DevOps practices
• Familiarity with Jira or similar work management and ticketing tools
• Knowledge of containerized and cloud-native architectures (Docker, Kubernetes, serverless, Helm)
• Strong analytical skills with a demonstrated adversarial mindset
• Excellent written and verbal communication skills with the ability to influence technical and non-technical stakeholders

Qualifications

• 8+ years of experience across security engineering, architecture, or cybersecurity disciplines, with 5+ years hands-on experience focused on application and cloud security

Nice to Have

• Professional security certifications such as CISSP, CCSP, CISM, CISA, or ITIL
• GCP certifications (Professional Cloud Architect, Professional Cloud Security Engineer)
• Experience designing and securing solutions in regulated or highly governed environments
• Familiarity with industry standards and frameworks (NIST, ISO, CSA)
• Exposure to additional cloud platforms (AWS, Azure)
• Penetration testing knowledge or experience
• Development experience (Python, Node.js)
• Experience with GitOps, CDK, and modern cloud security tooling
• Exposure to data platforms and developer ecosystems (Snowflake, MongoDB, Databricks, GitHub, Terraform Cloud)
• Experience working within Agile, DevOps, SecOps, or Scrum-based teams

Skills

* Required skills