Senior Threat Modeler

DNV • Full-time • Espoo • 1d ago

Description

In this role you will have two main responsibilities:

Threat Model Delivery: Lead technical threat modeling workshops with customers and build reports that document the vulnerabilities found. Present the findings to the customers in close out sessions and be available to discuss impact and probability to define the risk of the identified vulnerabilities.
Threat Model Service Ownership: You will also be expected to own the technical threat modeling service from a cybersecurity perspective within the team, deciding what services to offer, the best delivery approaches to follow, what frameworks to use based on different scenarios, keep documentation up to date or train junior threat modelers, among other duties.

Responsibilities

At DNV Cyber, we are passionate about cybersecurity and take pride in the way we are impacting the society we live in. We encourage you to excel professionally through knowledge sharing and demanding cases. At DNV Cyber, you'll have 500 colleagues who share an interest in cyber security with you. With us, you will be surrounded by the most talented people in the cybersecurity field

Join us on an exciting adventure of growth, meaningful work, and shaping the future through cybersecurity!

Visit our website to get to know more about us!

DNV is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without regard to gender, religion, race, national or ethnic origin, cultural background, social group, disability, sexual orientation, gender identity, marital status, age or political opinion. Diversity is fundamental to our culture and we invite you to be part of this diversity.

Qualifications

The hard skills required to be successful in this position include:

Familiarity and experience with threat modeling in practice.
Knowledge of methods or frameworks e.g.: STRIDE, PASTA, Linddun or Attack trees.
General understanding of cybersecurity landscape in the context of application security. Not just product implementation, but also e.g.:
- infrastructure, ecosystem, development pipelines, access control management, recovery and backup management, data protection / sensitivity understanding, cloud environment security, AI security, human weaknesses or behavior and manual processes.
Understanding of contemporary regulations and their implications is a plus.
Fluency in Finnish in addition to English is a plus

On the soft skills side we are expecting the following:

Capability to work with different customer personalities and create a safe environment where information flows comfortably.
Able to actively listen to understand what is being said and what is not.
Detective mentality and attack path understanding.
Interest to adapt and develop our threat modeling services.

Security and compliance with statutory requirements in the countries in which we operate is essential for DNV. Background checks will be conducted on all final candidates as part of the offer process, in accordance with applicable country-specific laws and practices

Posting Deadline: 15.02.2026