Group Senior Specialist – Cybersecurity (Threat Modelling)

KEY ACCOUNTABILITIES

1. Threat Modelling & Secure Design

• Lead threat modelling workshops for new and existing applications, APIs, platforms and integrations (using approaches such as STRIDE, LINDDUN, attack trees, misuse/abuse cases, etc.).
• Translate threat models into concrete security requirements, patterns and control measures for engineering teams.
• Maintain a library of standard threat models and reusable design patterns for common architectures (web apps, APIs, microservices, cloud-native, data platforms, OT/IoT, etc.).
• Review high-risk designs (Tier-0/Tier-1 systems) and provide architectural sign-off from a security perspective.

2. Security Architecture & Standards

• Develop and maintain security reference architectures for key domains (cloud, network, identity, endpoint, OT/IoT, data).
• Define secure design patterns (e.g. zero trust, network segmentation, secure APIs, key management, secrets management, data protection).
• Ensure alignment with relevant frameworks and standards (e.g. NIST CSF, ISO 27001, CIS Controls, OWASP ASVS, MITRE ATT&CK/ATLAS).
• Contribute to and review security policies, standards and guidelines to keep them current and practical for engineering teams.

3. Engagement with Delivery & Engineering Teams

• Embed with product and platform teams to ensure security is considered at ideation, design and sprint planning stages.
• Provide architectural input into RFPs, solution evaluations and vendor selections, especially where third-party platforms/services are involved.
• Work with DevOps / platform teams to integrate security-by-design and threat modelling into CI/CD pipelines and design reviews.
• Mentor engineers, architects and product owners on secure design and threat modelling practices.

4. Risk Management & Assurance

• Convert threat modelling outcomes into clear risk statements, with recommended mitigations and residual risk levels.
• Support risk acceptance decisions by presenting threat and control options to business and technology stakeholders.
• Partner with Red Team / Pen Testing teams to validate threat models and assumptions and feed lessons back into design standards.
• Support audit, compliance and regulatory queries related to system and application security architecture.

• Act as an ambassador for DP World at all times when working promoting and demonstrating positive behaviours in harmony with DP World's Principles, values and culture ensuring the highest level of safety is applied in all activities understanding and following DP World's Code of Conduct and Ethics policies

• Perform other related duties as assigned

QUALIFICATIONS, EXPERIENCE AND SKILLS

Knowledge and Experience

• 12+ years of experience in information security or architecture roles, with 5+ years focused on security architecture and/or threat modelling.
• Relevant certifications such as SABSA, TOGAF, CISSP, CCSP, CSSLP, GICSP, GREM, OSCP or similar.
• Strong practical experience with threat modelling methodologies (e.g. STRIDE, LINDDUN, PASTA, attack trees, misuse/abuse cases) and tools (e.g. Microsoft Threat Modelling Tool, IriusRisk, Threat Dragon, or equivalent).
• Solid understanding of modern application and infrastructure architectures, including:
  • Web / mobile / API-based applications, microservices
  • Public cloud (Azure / AWS / GCP), containers and Kubernetes
  • Identity & access management (SSO, OAuth/OIDC, SAML, PAM, IGA)
  • Network and security zones, zero trust principles
• Good familiarity with secure coding practices and common vulnerabilities (e.g. OWASP Top 10, SANS/CWE Top 25).
• Proven ability to read and challenge architecture diagrams and translate them into threat models and security designs.
• Experience working with cross-functional teams (engineering, product, operations, compliance, vendors).
• Strong communication skills - able to clearly articulate threats, risks and design options to both technical and non-technical stakeholders.

Soft Skills

• Excellent communication & analytical skills

• Program and Project management skills

• Time management skills

• Team player and conflict management skills

• Coaching / guiding skills

• Ability to adapt in a complex environment, loves challenges, with the will and drive to learn new things on his/her own

• Cultural awareness