Application Security with Thread Modelling experience
Job Description:
Ready to join Accenture’s team of empowered people? We’re looking for candidates with the following skills and experience for this role. Do you fit the profile? If you do, we’d love to hear from you!
In adherence to Accenture’s process of Identity Verification, your resume or CV must include your photo to ensure the accuracy of your application.
Who we are:
Accenture in the Philippines is a pioneer in Accenture’s global delivery network. Over the past 30 years, we have expanded our capabilities to become a powerhouse company providing end-to-end technology and business services. As part of Accenture’s global footprint in over 120 countries, covering 40-plus industries, we have been working with the biggest companies in the country and around the globe.
Innovation, a constant at Accenture, enables us to find new ways to stay ahead of our clients’ challenges. Our inclusive, diverse, and strong culture of equality helps us constantly drive innovation in the workplace. By combining our industry expertise and the deep skills of our people with the latest technologies and our uncompromising high-performance standards, we help organizations grow their business and succeed in the digital age.
What’s in it for you?
At Accenture you will work on meaningful and innovative projects, powered by the latest technologies. You’ll be immersed in industry best practices such as event-driven architectures and domain-driven designs. Accenture will continually invest in your learning and growth.You'll work with Accenture’s certified practitioners, and Accenture will support you in growing your own tech stack and certifications.
What You’ll Do
Threat Modeling & Secure Design (Primary – ~70%)- Conduct application and architecture-level Threat Modeling for new applications, major enhancements, and high-risk changes.
- Apply structured threat modeling methodologies (e.g., STRIDE, OWASP Threat Modeling, attack trees) to identify abuse cases, trust boundaries, and threat scenarios.
- Partner with architects, product owners, and development teams during design and planning phases to embed secure-by-design principles.
- Review architecture diagrams, data flow diagrams (DFDs), API contracts, and deployment models (cloud, hybrid, containerized).
- Translate identified threats into clear, actionable security requirements and mitigation recommendations aligned to enterprise standards.
- Ensure Threat Modeling outputs are documented, tracked, and integrated into SDLC gates, design sign-offs, and risk registers.
- Provide risk-based guidance to help teams prioritize design fixes over downstream vulnerability remediation where appropriate.
- Support uplift of Threat Modeling maturity by defining templates, playbooks, and reusable threat libraries for common platforms and patterns.
- Support SNYK Open Source (SCA) risk triage and remediation by providing contextual, design-aware prioritization guidance.
- Assist development teams with secrets detection and remediation, including root cause analysis and secure secrets management patterns.
- Partner with development teams to integrate security expectations into CI/CD pipelines and DevSecOps workflows.
- Provide targeted developer enablement and training on secure design patterns, common architectural risks, and prevention strategies.
- Validate and contextualize findings from automated tools, penetration tests, and external assessments where design-level issues are identified.