Cyber Threat Modeling - Senior Security Engineer

Basic Information







Date Published


Job ID


Travel Amount


Description and Requirements

Primary Roles and Responsibilities:
  • Broadly experienced Cybersecurity Engineer with depth of knowledge in two or more disciplines.
  • Responsible for identifying technology and process gaps relating to Threat Management and providing appropriate recommendations.
  • Perform as a technical lead on projects delivering Threat Management functions.
  • Ability to collaborate extensively with asset owners to help them understand their vulnerabilities and assist them to develop remediation and mitigation strategies.
  • Provide regular reports to management on the overall threat management program, and act as the point of contact for status updates regarding vulnerabilities across multiple platforms and multiple business groups.
  • Coordinate and monitor, management of vulnerabilities reported by third-party pen-tests, third-party monitoring tools, and internal audits.
  • Provide technical leadership and direction on initiatives relating to information security and the Threat Management Program. 
  • Develop, create, and drive current and new reporting methods of Intelligence analysis for the leadership team for purposes of situational awareness and making Intelligence actionable
  • Initiate, and lead a threat modeling program, and participate in a Red Teaming program within BMC

Experience/ Qualifications:
  • Bachelor’s/equivalent degree or higher in IT, CS, IS, with a focus in cybersecurity. Certifications a plus.
  • 5+ years of experience in cybersecurity or information technology security role, with specialization in cyber threat intelligence
  • Experience implementing OSINT technologies and threat intelligence processes.
  • Demonstrated analytical skills to determine what threat and intelligence requirements can be gathered from what sources, what inferences or assumptions can be determined and project threat scenarios.
  • Strong understanding of network services, vulnerabilities, and attacks. Knowledge of application exploits and vulnerabilities. Knowledge of ports and services typical in the configuration of web servers, file servers, and workstations
  • Previous experience leading small to medium sized projects to deliver Cybersecurity solutions.
  • Strong knowledge of web and application security, good working knowledge of cloud security as it applies to Threat Management.
  • Previous experience working with SIEM technologies, threat hunting, and pen-testing tools and technologies, and working with malware analysis
  • Strong written, communication, and presentation skills along with the ability to work in a highly collaborative environment
  • Good understanding of information security threat landscape, and prior experience with threat modeling, and use of relevant tools and technologies
  • Generic understanding of security tools and services that operate at different levels delivering defense-in-depth capabilities. Knowledge of IDS/IPS, DNS, DCHP, DMZ architecture, Active Directory, Proxies, Cloud architecture technologies, and VPNs to name a few. 
  • Demonstrated understanding of public cloud environments, vulnerability scanning, and configuration in such environments
  • Understanding of the OWASP Top 10 vulnerabilities. Familiarity with 3rd party libraries and remediations
  • Candidates must be familiar with vulnerability attributes like CVEs, CVSS, and threat detection and hunting frameworks like MITRE ATT&CK framework.

Nice to Have: 
  • Experience operating on Red and Purple Team exercises 
  • Experience with User Behavior Analytics
  • Experience implementing IT security compliance frameworks like ISO, PCI, HIPPA, SOX
  • Well developed scripting skills in Python or Powershell.
  • Identifies opportunities for process and technical security improvements in the environment.
  • Good deductive reasoning skills, creative thinker, curiosity.
  • Analytical and detail-oriented individuals must have a passion for information security, creativity to identify gaps, and initiative to find the solution
From core to cloud to edge, BMC delivers the software and services that enable over 10,000 global customers, including 84% of the Forbes Global 100, to thrive in their ongoing evolution to an Autonomous Digital Enterprise.
It is the policy of BMC Software to afford equal opportunity for employment to all individuals regardless of race, color, creed, sex, age, sexual orientation, national origin, disability, ancestry, citizenship status, political affiliation, religion, gender, transgender, gender identity, gender expression, marital status, status as a parent, disabled veteran or status as a protected veteran, genetic information or other factors prohibited by law, and to prohibit harassment or retaliation based on any of these factors.

If you need a reasonable accommodation for any part of the application and hiring process, visit the accommodation request page.