Lead threat modelling workshops for new and existing applications, APIs, platforms and integrations (using approaches such as STRIDE, LINDDUN, attack trees, misuse/abuse cases, etc.).
Translate threat models into concrete security requirements, patterns and control measures for engineering teams.
Maintain a library of standard threat models and reusable design patterns for common architectures (web apps, APIs, microservices, cloud-native, data platforms, OT/IoT, etc.).
Review high-risk designs (Tier-0/Tier-1 systems) and provide architectural sign-off from a security perspective.
Security Architecture & Standards
Develop and maintain security reference architectures for key domains (cloud, network, identity, endpoint, OT/IoT, data).
Define secure design patterns (e.g. zero trust, network segmentation, secure APIs, key management, secrets management, data protection).
Ensure alignment with relevant frameworks and standards (e.g. NIST CSF, ISO 27001, CIS Controls, OWASP ASVS, MITRE ATT&CK/ATLAS).
Contribute to and review security policies, standards and guidelines to keep them current and practical for engineering teams.
Engagement with Delivery & Engineering Teams
Embed with product and platform teams to ensure security is considered at ideation, design and sprint planning stages.
Provide architectural input into RFPs, solution evaluations and vendor selections, especially where third-party platforms/services are involved.
Work with DevOps / platform teams to integrate security-by-design and threat modelling into CI/CD pipelines and design reviews.
Mentor engineers, architects and product owners on secure design and threat modelling practices.
Risk Management & Assurance
Convert threat modelling outcomes into clear risk statements, with recommended mitigations and residual risk levels.
Support risk acceptance decisions by presenting threat and control options to business and technology stakeholders.
Partner with Red Team / Pen Testing teams to validate threat models and assumptions and feed lessons back into design standards.
Support audit, compliance and regulatory queries related to system and application security architecture.
Act as an ambassador for DP World at all times when working; promoting and demonstrating positive behaviours in harmony with DP World's Principles, values and culture; ensuring the highest level of safety is applied in all activities; understanding and following DP World's Code of Conduct and Ethics policies
Perform other related duties as assigned
Qualifications, Experience And Skills
Knowledge and Experience
12+ years of experience in information security or architecture roles, with 5+ years focused on security architecture and/or threat modelling.
Relevant certifications such as SABSA, TOGAF, CISSP, CCSP, CSSLP, GICSP, GREM, OSCP or similar.
Strong practical experience with threat modelling methodologies (e.g. STRIDE, LINDDUN, PASTA, attack trees, misuse/abuse cases) and tools (e.g. Microsoft Threat Modelling Tool, IriusRisk, Threat Dragon, or equivalent).
Solid understanding of modern application and infrastructure architectures, including:
Web / mobile / API-based applications, microservices
Public cloud (Azure / AWS / GCP), containers and Kubernetes
