Threat Modeling Specialist

Threat Modeling Specialist

Location: Toronto, ON (Hybrid)

About Cognizant

Cognizant is one of the world’s leading professional services companies, helping clients transform their business, operating, and technology models for the digital era. Our unique, industry-based approach helps clients build more innovative and efficient businesses.

At Cognizant, we are committed to fostering a collaborative, inclusive, and high-performing environment where you can grow your career while making a meaningful impact.

Role Overview

We are seeking a Threat Modeling Specialist to strengthen our enterprise security posture by proactively identifying, assessing, and mitigating risks across applications and platforms.

In this role, you will partner closely with engineering teams, application owners, and security leadership to embed secure design principles, threat modeling practices, and DevSecOps capabilities into the software development lifecycle—all while enabling a positive and seamless developer experience.

Key Responsibilities

Threat Modeling & Risk Assessment

• Conduct threat modeling exercises to identify vulnerabilities, attack vectors, and control gaps
• Perform security risk assessments across application designs and implementations
• Develop creative attack scenarios to challenge existing architectures and controls
• Provide consultative guidance to application teams on secure design practices

Governance & Program Enablement

• Design, implement, and mature governance processes for threat modeling and application security
• Develop and maintain documentation, standards, and threat modeling methodologies
• Partner with security leadership to drive adoption of secure design practices across the enterprise
• Track remediation plans and ensure security controls are implemented effectively
• Support audit readiness through validation of controls and security scanning outputs

Engineering Enablement & Best Practices

• Develop and promote secure design patterns, coding standards, and threat libraries
• Collaborate with engineering teams to embed security into DevSecOps pipelines
• Provide training and awareness on emerging threats, vulnerabilities, and best practices
• Support exception management processes for security standards

Reporting & Continuous Improvement

• Create dashboards and reports on risk posture, compliance gaps, and remediation progress
• Define and track security metrics to measure program effectiveness
• Contribute to enterprise information security strategies and roadmap execution
• Recommend tools, skills, and capabilities to enhance the security program

Agile Delivery Support

• Facilitate Agile ceremonies and support Program Increment (PI) planning and execution
• Partner with Release Train Engineers (RTEs) and delivery teams to ensure security is integrated into development workflows
• Enable teams to meet both delivery and security objectives

Required Qualifications

• Bachelor’s degree in Computer Science, Information Systems, or related field
• 6–9 years of experience in information security or application security
• Hands-on experience with security risk management and process improvement
• Experience working with application teams to gather requirements and implement security controls
• Strong analytical, communication, and stakeholder management skills

Preferred Qualifications

• Experience with threat modeling frameworks (e.g., STRIDE, CAPEC, MITRE ATT&CK)
• Strong understanding of application security controls across Web, API, Mobile, and AI platforms
• Knowledge of security frameworks such as NIST CSF, NIST 800-53, OWASP ASVS
• Experience integrating security into DevSecOps pipelines
• Understanding of modern architectures, including:
  • Single Page Applications (SPAs)
  • REST/SOAP APIs
  • Mobile applications
• Familiarity with:
  • Programming languages: Java, JavaScript
  • Databases: Oracle, SQL Server, DB2, NoSQL
  • Cloud security architecture and operations
  • Identity and Access Management (OAuth 2.0, OIDC, JWT)
  • Cryptographic controls for data protection

Certifications (Preferred)

• CISSP, CISM, CSSLP, CISA, CRISC, OSCP

Why Cognizant?

• Opportunity to work on cutting-edge security challenges in a global environment
• Collaborative culture focused on innovation, learning, and growth
• Exposure to large-scale enterprise platforms and modern architectures

Benefits – Canada

Cognizant offers a comprehensive and competitive benefits package, including:

• Health, dental, and vision insurance
• Retirement savings plans (RRSP) with employer contributions
• Generous paid time off and statutory holidays
• Flexible hybrid work environment
• Employee wellness and assistance programs
• Learning and development opportunities, including certifications and upskilling
• Employee recognition and performance bonus programs

Equal Opportunity Statement

Cognizant is an equal opportunity employer. We are committed to fostering an inclusive, accessible environment where all employees feel valued, respected, and supported.