Simplify Logo

Full-Time

Security Lead

Threat Modeling, India (removed)

Photon

Photon

Global AI and digital solutions provider

No salary listed

India

In Person

Category
IT & Security (1)
Required Skills
BigQuery
Threat modeling
Vulnerability Analysis
SOC 2
Google Cloud Platform
Requirements
  • Threat Modeling Expertise: Extensive experience in threat modeling, risk assessment, and vulnerability analysis, with a deep understanding of common threat modeling methodologies (e.g., STRIDE, PASTA, ATT&CK).
  • In-Depth Knowledge of Google Cloud Platform (GCP): Strong experience with Google Cloud Platform, including core GCP services such as Compute Engine, Kubernetes Engine (GKE), Cloud Storage, BigQuery, IAM, VPC, Cloud Functions, and others.
  • Understanding of GCP-specific security risks, controls, and compliance frameworks (e.g., CIS benchmarks, SOC 2, HIPAA, etc.).
  • Cloud Security Best Practices: In-depth knowledge of cloud-native security principles, including least privilege access, defense-in-depth, secure configurations, and infrastructure-as-code security.
  • Familiarity with cloud security tools and frameworks for vulnerability management, identity and access management (IAM), and threat detection in GCP.
  • Collaboration & Communication Skills: Excellent communication skills with the ability to explain complex security concepts to both technical and non-technical stakeholders.
  • Strong leadership and collaboration skills, with a track record of working across functional teams to influence and drive security initiatives.
  • Security Certifications: Relevant certifications such as Google Cloud Professional Cloud Security Engineer, CISSP, CCSP, or similar are strongly preferred.
Responsibilities
  • Own and lead the threat modeling process, including identifying threats, vulnerabilities, and mitigations for cloud-based applications and systems hosted on GCP.
  • Collaborate with architects, engineers, and product teams to design secure, resilient systems by incorporating threat modeling early in the design phase.
  • Conduct threat assessments for new and existing GCP services and applications, identifying risk areas and recommending controls to mitigate identified threats.
  • Develop and implement security frameworks and threat modeling methodologies (e.g., STRIDE, PASTA) specific to cloud-based systems.
  • Establish and promote best practices for applying threat modeling across all stages of the software development lifecycle (SDLC).
  • Drive the adoption of threat modeling tools and automation, integrating them with existing CI/CD pipelines and security workflows.
  • Work closely with the Cloud Security, DevOps, and Engineering teams to ensure that threat modeling is integrated into the architecture review and deployment processes.
  • Support incident response and vulnerability management teams by conducting post-mortem threat assessments following security incidents and breaches.
  • Identify potential attack vectors, misconfigurations, and design flaws in GCP resources and cloud-native architectures.
  • Recommend actionable security improvements based on threat analysis and provide guidance on implementing mitigation strategies.
  • Conduct risk assessments for third-party integrations, APIs, and other cloud service components that could expose security vulnerabilities.
  • Lead training sessions to educate internal teams on threat modeling techniques, security design principles, and secure cloud development practices.
  • Mentor junior security team members and foster a culture of security-first thinking across the organization.
  • Stay current with emerging threats, vulnerabilities, and attack techniques targeting cloud environments, particularly on GCP.
  • Continuously refine and improve threat modeling processes, tools, and methodologies to stay ahead of evolving security challenges.
Desired Qualifications
  • Application Security Experience: Experience with application security practices, such as static analysis (SAST), dynamic analysis (DAST), and secure code reviews.
  • Security Tools & Automation: Familiarity with threat modeling tools (e.g., Microsoft Threat Modeling Tool, Threat Dragon), security testing tools (e.g., Burp Suite, Checkmarx), and cloud security posture management tools (e.g., Prisma Cloud, Aqua Security).
  • Incident Response & Forensics: Experience in supporting security incident response and conducting forensic investigations in cloud environments.
  • Programming / Scripting Skills: Proficiency in at least one programming or scripting language (e.g., Python, Go, Shell) for security automation and tooling is a plus.
Photon

Photon

View
Website

Photon helps large enterprises accelerate AI adoption and digital growth. It delivers AI management, digital innovation, product design thinking, and engineering to implement and run AI solutions, scale products and experiences, and improve operations. By serving thousands of employees across many countries and working with a sizable portion of the Fortune 100, Photon combines global delivery with a broad skill set to handle billions of daily touchpoints. Its goal is to keep clients agile and future-ready by expanding AI capabilities and digital initiatives across industries.

Company Size

N/A

Company Stage

N/A

Total Funding

N/A

Headquarters

London, United Kingdom

Founded

N/A

Simplify Jobs

Simplify's Take

What believers are saying

  • Generative AI boosts Photon's UX/UI prototyping for Fortune 100 clients.
  • Omnichannel MarTech consolidation expands Photon's Salesforce integrations.
  • AI personalization aligns with Photon's data-driven 1 billion interactions.

What critics are saying

  • Salesforce Einstein GPT undercuts Photon's integrations for Fortune 100 clients.
  • Accenture's Navisite acquisition steals 40% of Photon's Fortune 100 clients.
  • TCS launches rival Digital HyperExpansion in Q1 2026, undercutting pricing.

What makes Photon unique

  • Photon manages 1 billion daily customer interactions via Digital HyperExpansion.
  • Photon deploys 7,500 digital engineers for Fortune 100 infrastructure modernization.
  • Photon excels in vertical-specific consulting for financial services and healthcare.

Help us improve and share your feedback! Did you find this helpful?

Benefits

Health Insurance

Dental Insurance

Vision Insurance

401(k) Retirement Plan

Paid Vacation

Paid Holidays

Performance Bonus

Company News

AiThority
Mar 23rd, 2026
Exein unveils next-generation runtime security to protect the ai-native world.

Exein unveils next-generation runtime security to protect the ai-native world. * Photon blocks cyberattacks before execution across physical AI and IoT, autonomous AI agents and cloud and edge infrastructure * Kernel-level prevention sets a new standard beyond traditional user-space detection * Builds on Exein's position as the world's largest runtime security provider, protecting over two billion devices Mar 23, 2026 Prev Next 1 of 42,872 Exein, the global leader in runtime cybersecurity, unveiled Photon, a preemptive breakthrough solution that blocks cyberattacks at the point of execution. Designed for the AI-native world - where digital and physical systems are now inseparable - Photon marks a fundamental shift in how critical infrastructure protects itself. Unlike traditional cybersecurity solutions that detect threats after compromise - typically operating in user space and relying on a cloud network - Exein's Photon operates directly inside the kernel, preventing malicious execution paths before they can run. By blocking attacks before the point of execution, the technology dramatically reduces latency and eliminates entire classes of threats before damage occurs. If malicious instructions cannot execute, the attack itself cannot take place. This advancement establishes a new category of runtime security designed for systems that cannot be disconnected: physical AI and IoT environments, autonomous AI agents, and local hybrid cloud and edge infrastructure. In these environments, from industrial robotics and critical infrastructure to AI-driven platforms, downtime is not an option, and protection must be more precise and granular, blocking malicious threats without shutting down the entire process. The announcement at the RSA Conference (RSAC) comes as cyber threats increasingly target physical systems. Last month, the Munich Security Report 2026 warned that cyber operations are now engineered to cause real-world disruption, accelerating regulatory intervention after voluntary measures failed to address systemic vulnerabilities. At the same time, the speed of attacks is accelerating dramatically: recent threat intelligence shows average attacker 'breakout times' fell to just 29 minutes in 2025, 65% faster than the previous year, driven in part by AI-assisted automation. Protecting the digital and physical in the AI era Artificial intelligence is already capable of identifying vulnerabilities in software and infrastructure. In the near future, these models will not only detect weaknesses but exploit them autonomously to launch attacks at machine speed. As the scale and sophistication of these attacks grow, traditional runtime security systems that rely on detection alone will no longer be sufficient. Photon introduces a new model of preemptive runtime security designed for this AI-driven environment. Rather than detecting attacks after they begin, it prevents malicious execution paths from running in the first place, blocking threats in real time before they can impact the system. Unlike conventional security tools that operate in user space alongside the applications they protect, Photon operates directly within the kernel, the core of the operating system. By enforcing protection at this foundational layer, rather than merely detecting and stopping attacks, it prevents them from executing in the first place - all in real time. This marks a major milestone as physical and digital systems converge, positioning Photon as a new reference architecture for securing physical AI, agent AI and cloud and hybrid infrastructure. Gianni Cuozzo, Founder and CEO of Exein, said: "In a future where the world is infinitely connected with humanoid robots walking among Aithority, local LLMs powering intelligent edges, autonomous drones reshaping mobility, and billions of new autonomous systems bridging the digital and physical realms, preemptive runtime security represents the new generation of protection, built into the very DNA of every device from the ground up. "Exein was born to make this vision a reality: transforming every connected device into a fortress of security, forging the largest decentralised immune system for digital life - cross-vendor, cross-platform, and cross-system. We stand as the first line of defence between the boundless digital world and the physical one we live in, empowering manufacturers to build inherently safe innovations and already safeguarding over 2 billion devices worldwide."