Platform Consultant - Threat Modeling
Allstate · United States · 1 wk ago
RemoteRemoteConsulting$91k–$196k/yrFull-time
About the role
The Platform Consultant – Threat Modeling is a senior security consultant responsible for driving the adoption of secure-by-design principles across enterprise technology platforms through the application of advanced threat modeling practices.
Responsibilities
- Serve as a trusted security consultant to engineering teams, providing guidance on secure architecture, platform design, and threat modeling practices
- Lead and facilitate threat modeling engagements across multiple applications, platforms, and business domains to identify and mitigate security risks early in the development lifecycle
- Embed secure-by-design principles into software delivery processes, ensuring security considerations are incorporated from discovery through production deployment
- Define, communicate, and influence platform security strategies and architectural decisions with both technical and non-technical stakeholders
- Partner with engineering, architecture, and security teams to develop risk-based security recommendations that balance security, business objectives, and developer experience
- Drive the adoption of modern engineering and security practices, including reusable security patterns, architectural standards, and secure development frameworks
- Collaborate with Security Operations and Product Security teams to improve threat detection capabilities, breach modeling initiatives, and security resilience
- Facilitate architectural reviews, discovery workshops, and threat modeling sessions that enable teams to make informed security decisions
- Mentor engineers and technical leaders on systems thinking, threat identification, security architecture principles, and secure design methodologies
- Champion emerging security capabilities including AI Security, API Security, SaaS Security, and threat modeling automation initiatives
Requirements
- 3+ years' experience in software engineering, security engineering, solution architecture, technical project management, or platform engineering roles within complex enterprise environments
- Experience acting as a technical advisor, consultant, architect, or security partner supporting engineering teams during design and implementation activities
- Deep understanding of threat modeling methodologies such as STRIDE, Attack Trees, Kill Chains, or equivalent risk assessment frameworks
- Demonstrated experience identifying, documenting, and mitigating security threats within cloud-native, distributed, API-driven, or enterprise applications
- Practical experience with modern software development practices including CI/CD, source control, automated testing, and Agile delivery methodologies
- Working knowledge of cloud platforms such as AWS, Azure, or GCP and associated security considerations
Qualifications
- Strong software engineering background with experience in Java, JavaScript, Python, Go, Rust, or other modern programming languages
- Experience supporting Security Operations, Incident Response, SOC, or breach modeling activities
- Experience designing and reviewing RESTful APIs and API-first architectures using specifications such as OpenAPI or Swagger
- Knowledge of Zero Trust architectures, Identity and Access Management (IAM), authentication, authorization, and privileged access management concepts
- Experience integrating security controls and automated security testing into CI/CD pipelines
- Practical understanding of modern cryptographic principles and secure data protection strategies
- Experience applying AI, automation, and modern engineering tools to enhance security effectiveness and productivity, with exposure to AI, SaaS, and API security
Skills
- Agile Methodology
- Application Programming Interface (API) Security
- CI/CD
- Cloud Platform
- Cybersecurity Risk Assessment
- Platform Management
- Platform Security
- Security Engineering
- Software Engineering
- Solution Architecture
- Technical Consulting
- Technical Project Management
- Threat Modeling
Benefits
- Competitive compensation with a base salary + uncapped performance-based incentives
- Flexible work arrangements, including remote work options
- Comprehensive technology setup, including a laptop, monitors, headset, keyboard, and mouse
- Monthly connectivity reimbursement to help offset internet costs
- Access to development programs to support career aspirations
- Opportunities to make a real impact in the community
Pay
Compensation offered for this role ranges from $90,700 – 195,700 annually and is based on experience and qualifications.
Schedule
Remote work is available for this role.