25 of 25 Threat Modelling Jobs in Central London

technical expertise, strategic vision, and hands-on experience in building secure, AI-driven systems. As Director of Cybersecurity, you will oversee all aspects of our security architecture, operations, and threat intelligence functions—ensuring Nothreat’s platforms and clients remain resilient in an evolving threat landscape. You will also be expected to drive cross-functional collaboration across product, engineering … teams, and lead the execution of complex, high-impact security initiatives. Key Responsibilities Define and drive Nothreat’s cybersecurity strategy across product, infrastructure, and operations. Lead security architecture reviews, threat modeling, and secure development practices across engineering teams. Oversee the implementation and operation of security controls, incident response plans, and risk management frameworks. Work closely with the AI engineering …/ML systems, securing data pipelines, models, and associated infrastructure. Strong technical background in areas such as application security, cloud security (AWS/Azure), identity and access management, and threat detection. Proficiency with SIEM, SOAR, EDR, vulnerability management, and DevSecOps practices. Deep understanding of modern attack vectors, threat intelligence, and incident response processes. Experience with security frameworks and More ❯

and trade renewable-generation data Embed security & privacy requirements into solution designs, CI/CD pipelines and infrastructure as code, working closely with product squads and the DPO Drive threat-modelling, technical risk assessments, and STRIDE/PASTA analyses for new solar-plant builds, grid integration projects and SaaS platforms Act as lead architect on secure network topologies More ❯

lifecycle (SDLC) and ensure products are built securely Oversee vulnerability management and remediation efforts, including leading responses to pen test findings and security assessments Experience conducting risk assessments and threat modelling for software development and advise where necessary Experience in software security design review Strong knowledge of Agile, DevSecOps, System Engineer and or equivalent Knowledge of security standards More ❯

pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development teams. Security certifications such as CISSP, OSCP, GWAPT, CEH or CSSLP More ❯

adjacent fields (e.g. Data, DevOps, Cloud) on the fundamentals and best practices of cyber security. Be part of updating training content to reflect current cyber industry trends, tools and threat landscapes. Work closely with the curriculum team to improve and tailor course content and delivery methods. Some weeks will require travel into the London HQ for in-person sessions … security engineering, consulting, or operations Ability to teach and explain key cyber domains, and at least one of the below: Network and infrastructure security Security operations and incident response Threat intelligence and threat modelling Governance, risk & compliance (GRC) Cloud security Penetration testing and vulnerability management Excellent communication & presentation skills. Desirable: Certifications such as CISSP, CISM, CEH, CPENT More ❯

IR35: Inside Work structure: Remote 🔐 Key Responsibilities: Partner with engineering and architecture to define secure technical solutions Manage end-to-end project security across multiple applications Perform vulnerability testing, threat modelling, and risk assessments Maintain up-to-date security policies, standards, and best practices Communicate risks and mitigation strategies to senior stakeholders Translate business needs into effective security … years in security architecture or consulting in regulated environments Deep knowledge of secure SDLC, DevSecOps, cloud (Azure/AWS), and frameworks (OWASP, MITRE) Hands-on experience with vulnerability tools, threat modelling, and compliance (GDPR, HIPAA, PCI) Strong communication and stakeholder engagement skills Technical knowledge across .NET, Java, scripting (Python, PowerShell), APIs, and cryptography Nice to have: Certifications (CISSP More ❯

applications and cloud-native services within AWS. Develop and enforce DevSecOps principles by integrating security into CI/CD pipelines. Lead efforts in application security, including secure coding practices, threat modelling, and vulnerability assessments. Architect and manage IAM policies, roles, and permissions across AWS resources. Guide development teams on security best practices related to AWS security services such … in AWS security services, including IAM, KMS, GuardDuty, Security Hub, and AWS WAF. Strong understanding of Terraform, AWS CloudFormation, or similar. Hands-on experience with cloud security monitoring and threat detection. Familiarity with Kubernetes, AWS EKS, Docker. More ❯

Threat Modelling Engineer - GCP (Senior Associate, Technology) Job Description As a Senior Engineer - Threat Modelling you will be a part of a smart cross-functional team delivering digital business transformation solutions to our clients. This position entails an individual contributor role focused on Security Architecture and Threat Modelling, encompassing governance, evaluation of public cloud … Program Management, and Development teams are essential. The candidate will conduct technical architecture reviews to pinpoint security opportunities, identify exploitable threats, and propose mitigation strategies. Your Impact •Conduct thorough threat modeling exercises utilizing established methodologies and frameworks •Maintain a rigorous standard of excellence in identifying potential threats and specifying effective mitigation controls. •Manage the lifecycle of identified threats and … associated controls, ensuring timely updates and adjustments as necessary. •Deliver comprehensive threat models and related tasks within specified timeframes. •Offer constructive feedback, support, and suggestions for enhancing the existing threat modeling process. •Present findings and progress updates to senior leadership, team members, and relevant technical stakeholders. Qualifications We are seeking an ideal candidate with 8+ years of experience More ❯

days per week onsite in their Central London office), offering the chance to work at the forefront of AI innovation while owning key areas of security architecture, detection, and threat response. 🔐 The Opportunity: This is not your average Cyber Security role. My client operates in a highly complex, high-volume AI environment – think machine learning at scale, proprietary models … role ✔ Strong understanding of securing AI/ML environments – from data pipelines and training environments to model deployment ✔ Experience with cloud security (AWS/GCP preferred), IAM , SIEM , and threat modelling ✔ Knowledge of secure coding practices , container security (Docker/Kubernetes), and infrastructure as code ✔ Ability to collaborate cross-functionally with software engineers, ML researchers, and product teams More ❯

design by setting security needs and requirements to ensure alignment to L&G Security Policies and Standards, participating in Technology or Supplier selection as a security SME and applying threat and initial risk assessment approaches to select appropriate controls. Work with the Group wide Security Improvement Programme to ensure Group Functions services align with current Security requirements. 2. Security … Information Security broadly, knowledge of Access Control security, transportation security, secure architecture principles, cryptography and operational controls (such as back-ups, resilient design, anti-virus) are essential * Knowledge of Threat modelling, control frameworks and Risk assessment techniques (such as ISO2700x, COBIT, COSO, ITIL and NIST Cyber Security Framework) is desirable * Knowledge of Cloud Security practices is desirable Experience More ❯

a fast-growing FinTech that is reshaping the payments landscape. You will collaborate with engineering teams to build security into products from day one, focusing on secure cloud architecture, threat modelling, and risk management. This is not a hands-off role. You will be the go-to advisor for product teams, helping them understand risk, make informed security … assessments and drive a secure-by-design culture Collaborate with engineering teams on cloud-native architecture (GCP, AWS, Azure) Analyse vulnerabilities, prioritise risks, and manage remediation through Jira Lead threat modelling and architecture reviews Shape security tooling and process improvements What you will bring 3 to 5 years in Cyber Security, Product Security, or Secure Software Development Strong … knowledge of GCP (primary), AWS, Azure Experience with threat modelling, AppSec, and security in CI/CD pipelines Ability to communicate security concepts clearly and balance risk with business priorities A collaborative, pragmatic approach Why join Shape security at scale in a high-growth FinTech Work in a fast-paced, collaborative environment Salary £80,000 to More ❯

We are looking for a skilled Detection Engineer to join our Cyber Security team. In this role, you will be responsible for developing and maintaining high-fidelity threat detections across our security platforms. You’ll work at the intersection of threat intelligence, telemetry and security operations to build scalable, reliable and effective detection capabilities. Key Responsibilities Design, develop … and deploy detection logic across SIEM, EDR and cloud security platforms. Build detections aligned with frameworks such as MITRE ATT&CK and continuously tune for accuracy and performance. Conduct threat modelling and participate in purple team exercises to assess and improve detection effectiveness. Use Detection-as-Code principles to manage detection rules via version control, CI/CD … pipelines and automated testing frameworks. Reduce false positives through tuning, enrichment and contextual awareness. Skills 3+ years of experience in security operations, detection engineering, threat hunting, or a related Cyber Security field. Proficiency in query languages such as SPL (Splunk), KQL (Microsoft), Sigma, or similar. Experience with SIEM platforms (e.g. Splunk, Sentinel, Elastic), EDR tools (e.g. CrowdStrike, SentinelOne), and More ❯

strategy that aligns with the firm's risk tolerance and regulatory requirements. Drive and prioritise high-impact initiatives, including cloud and infrastructure hardening, application security for proprietary systems, advanced threat detection and response, and safeguarding of crypto assets. Build, mentor, and retain a top-tier team of security engineers, fostering a culture of excellence and innovation. Lead the design … detection, and exploit simulation frameworks. Proficient in modern programming languages such as Python, Go, or Rust, with strong familiarity with micro services and distributed system architectures. Experienced in conducting threat modelling for high-value, low-latency trading platforms or digital asset custody systems. More ❯

Event Hub Practical experience with Infrastructure as Code tools like Terraform and Bicep Excellent communication skills and the ability to support and mentor junior colleagues Desirable Skills Experience with threat modelling Background working on globally distributed systems Exposure to financial services or highly regulated environments Who Should Apply: This role is suited to individuals seeking a challenging, high More ❯

Event Hub Practical experience with Infrastructure as Code tools like Terraform and Bicep Excellent communication skills and the ability to support and mentor junior colleagues Desirable Skills Experience with threat modelling Background working on globally distributed systems Exposure to financial services or highly regulated environments Who Should Apply: This role is suited to individuals seeking a challenging, high More ❯

work closely with architecture, DevOps, and engineering teams to embed robust security controls across the cloud estate. The ideal candidate will be a hands-on practitioner with experience in threat modelling, and a solid understanding of DevSecOps principles. Key Responsibilities: • Design, implement, and maintain security controls across GCP services • Lead threat modelling activities for new and … compliance initiatives across GCP environments • Monitor and respond to security incidents and vulnerabilities in GCP Skills & Experience Required: • Extensive hands-on experience with Google Cloud Platform (GCP) security services • Threat modelling experience in cloud-native environments • Strong knowledge of Google BigQuery, SQL, and data access governance • CISSP certification (or equivalent experience in cloud security) • Proven track record of More ❯

with ForgeRock IAM stack : PingGateway, PingAM, PingIDM, PingDS Advanced cloud security knowledge (AWS CLI, security controls, policies) Strong experience with PKI, HSMs, certificate lifecycle management Proficiency in penetration testing , threat modeling, and vulnerability management Automating security with GitLab CI/CD, Chef, AWS CLI Collaborating with CISO, engineering, and product teams on secure architecture Completion of ForgeRock 4xx-level More ❯

infrastructure. Reporting directly to the CTO, this is not a purely strategic or oversight role. You’ll be owning the security vision, building the roadmap, writing code, reviewing architecture, threat modelling, and automating at scale, while building a high-performance team around you. This is what you will own: Security Engineering Strategy Define and execute the security vision … Technical Execution Design and implement secure-by-default patterns in AWS, Kubernetes, CI/CD pipelines, and crypto-native systems. Own IaC scanning, secrets detection, and automated control implementation. Threat Modelling & Incident Readiness Lead technical reviews of high-value trading and custody systems. Translate threat intel into proactive engineering solutions. Cross-Functional Collaboration Work closely with Engineering More ❯

of Security Engineering and lead in the build-out of their cloud-native Infrastructure capability . Highly technical position where you will be responsible for not just assessing and threat modelling novel concepts and services to introduce across Security and the wider Tech functions; but leading in the actual design, configuration and implementation. Previous experience in Software Security … to put your stamp on one of the most ambitious Tech Transformations for one of the most renowned Investment Management firms in the UK. Responsibilities Perform hands-on security threat modelling, risk assessment and vulnerability remediation. Evaluate, architect, implement and support security focused tools and services. Work closely with Development teams to ensure security and privacy are built More ❯

global customers. Managing and securing containerized applications using Kubernetes, EKS, and ECS in production environments. Building and maintaining Infrastructure as Code using Terraform while embedding security best practices. Conducting threat modelling exercises to proactively identify and mitigate security risks across the platform. Collaborating with development teams to integrate security seamlessly into CI/CD pipelines and deployment processes. … S3, serverless technologies, and cloud-native security implementations. Proficiency with container orchestration platforms including Kubernetes, EKS, and ECS. Advanced Terraform skills for secure infrastructure provisioning and management. Experience with threat modelling methodologies and security risk assessment. Strong understanding of DevOps practices with security integration experience. This is a fantastic opportunity to shape security strategy within an innovative e More ❯

s data. You will work will engineering teams to create solutions that solve or remediate security problems. This will involve a range of activities, including (but not limited to) threat modelling, selection and configuration of DevSecOps tools, high-level and detailed security designs. Key Responsibilities: We are seeking a Senior Security Engineer who has experience in the design … and implementation of secure software. You should possess verifiable experience in: Strong technical knowledge - a comprehensive understanding of software engineering principles, system architecture, and contemporary development frameworks. Threat modeling, as well as the design and implementation of security controls (either in a cloud environment or on-premises). Familiarity with cryptographic primitives and protocols. Proficiency in at least one More ❯

other security product like Trivy Experience with cloud computing platforms such as Microsoft Azure A strong understanding of software development methodologies and practices Ability to Rapid Risk Assessment and Threat Modeling Other technical skills required: Azure Security Monitoring including Application Insights, and SIEM Excellent communication skills to guarantee stakeholder alignment and successful outcomes at all stages of Product delivery More ❯

security product like Trivy preferred Experience with cloud computing platforms such as Microsoft Azure A strong understanding of software development methodologies and practices Ability to Rapid Risk Assessment and Threat Modeling Other technical skills required: Azure Security Monitoring including Application Insights, and SIEM Excellent communication skills to guarantee stakeholder alignment and successful outcomes at all stages of Product delivery More ❯

in securing complex, cloud-first environments within a data-rich, high-scale business — helping protect critical infrastructure and client data across global platforms. What You’ll Be Doing Leading threat detection and incident response across GCP environments Building and refining cloud-native detections using Kusto Query Language (KQL) Driving security automation and Infrastructure-as-Code practices Enhancing cloud visibility … through effective logging, monitoring, and threat modelling Collaborating with SOC analysts, engineers, and data teams to secure workloads and services Performing proactive threat hunts and maturing detection logic over time Key skills and experience include: Cloud security expertise in Google Cloud Platform Hands-on experience with cloud-native tools (e.g., Defender for Cloud, GCP Security Command Center … Detection engineering using KQL, particularly with Microsoft Sentinel Familiarity with Kubernetes, Docker, and securing containerised services Understanding of Zero Trust Architecture, MITRE ATT&CK, and cloud threat models Experience with SOAR platforms and automation pipelines Scripting or programming skills (Python, PowerShell, Bash, etc.) Interviews are moving fast — apply now or reach out to learn more. More ❯

via pull requests. Conduct secure code reviews and provide clear remediation guidance to engineering teams. Embed automated security checks into CI/CD pipelines using existing AppSec tools. Perform threat modelling and contribute to secure design decisions. Develop PoCs to demonstrate risk and impact of discovered vulnerabilities. Requirements: 5+ years of hands-on experience in application security and More ❯