1 to 25 of 161 Threat Modelling Jobs in England

Application Security Engineer to embed secure development practices across its software delivery lifecycle. This role is critical in reducing application-layer risks, implementing secure coding standards, and ensuring that threat modelling and architecture reviews are consistently applied across all development efforts. You will work closely with engineering, and platform teams to integrate security into CI/CD pipelines … pipelines and development workflows. Implement and manage SAST, DAST, and SCA tools to detect vulnerabilities early in the lifecycle Conduct secure code reviews and support developers in remediating findings. Threat Modelling & Architecture Review Lead threat modelling sessions using standard methodologies to identify design flaws Review application architectures to ensure alignment with security objectives and mitigation of … common threats. Maintain and update reference architectures based on threat modelling insights. Tooling & Automation Deploy and manage application security tools and integrate them with existing platforms. Automate security tasks using scripting (e.g., Python, PowerShell) or SOAR platforms. Governance & Compliance Ensure alignment with ISO 27001, FCA, and NIST standards. Contribute to audit readiness and support compliance automation platforms such More ❯

Architect to lead the design and implementation of enterprise-wide security architecture across a complex, regulated technology estate. This is a strategic, hands-on role focused on network security, threat modelling, and secure infrastructure design (not cyber operations). You'll work closely with senior stakeholders, infrastructure teams, and external auditors to ensure robust security across digital and … Pension, ~£3,500 Car Allowance Start Date : ASAP (Interviewing Now) Key Responsibilities Security Architecture : Develop and maintain security frameworks, models, and standards aligned with business goals and regulatory requirements. Threat Modelling : Conduct threat assessments for new applications and infrastructure, translating risks into actionable controls. Network Security : Design secure network architectures, segmentation strategies, and Firewall configurations. Governance & Compliance … a trusted advisor to senior leaders, translating technical risks into business insights. What You'll Bring Essential: 5+ years in IT solution development (architecture, infrastructure, cloud) Proven experience with threat modelling and security architecture Strong knowledge of NIS, NCSC CAF, and ISO27001 Experience working with external audit and certification bodies Familiarity with Agile, DevOps, and other SDLC methodologies More ❯

us embed secure-by-design thinking across the BBC. You'll work hands-on with engineering teams, applying InfoSec-led policies and architecture in delivery contexts. You'll support threat modelling, promote secure coding practices, and help scale Secure SDLC across the organisation - without reinventing governance or duplicating policy. It's a high-trust role with real impact … InfoSec on shared tooling, templates and enablement. Help teams adopt secure coding standards and integrate automated security checks (SAST, DAST, dependency scanning) into CI/CD pipelines. Participate in threat modelling using InfoSec-led methodologies and coordinate validation and review workflows. Review technical designs, proposals and code for alignment with security policies, architecture patterns and assurance requirements. Act … credibly - whether explaining risk trade-offs to a squad or feeding technical insight into an assurance board. It's a bonus if you've also: Facilitated or contributed to threat modelling sessions using frameworks like STRIDE or DFDs. Reviewed designs and code with a security lens and an eye for policy alignment. Navigated delivery in regulated, public service More ❯

strategy across infrastructure, applications, and data. Lead hands-on development of security roadmaps, maturity models, and control frameworks tailored to Fuse's risk profile. Directly contribute to architecture reviews, threat modelling sessions, and key design decisions across product and platform teams. Build and mentor a high-performing security team, including hiring, coaching, and managing performance. Develop KPIs and … data protection, access control, and insider risk. Ensure compliance with SOC 2, ISO 27001, GDPR, and other relevant frameworks. Oversee security audits and third-party risk programs. Risk Management & Threat Intelligence Lead threat modelling, risk assessments, and security reviews of critical systems; design and deliver security awareness training programs for all employees to promote a culture of … proactive risk management. Build threat intelligence capabilities to stay ahead of emerging risks. Balance risk management with product and engineering velocity. Incident Response & Resilience Own response plans for high-severity threats and incidents. Build robust detection, containment, and remediation processes. Drive business continuity and disaster recovery strategy. Technology & Infrastructure Security Partner with engineering to embed security in the SDLC More ❯

architectural guidance for cryptographic key management, signing workflows, and secure APIs. Evaluate and enhance security of components related to digital asset management, identity systems, or transaction flows. Risk Management & Threat Modelling Conduct comprehensive threat modelling and risk assessments, especially around distributed or high-value transaction systems. Define controls for securing sensitive operations such as wallet integrations … off-chain/on-chain data flows, and internal tooling. Develop and manage internal threat intelligence processes to proactively identify and mitigate emerging risks. Security Operations & Incident Response Lead response to advanced threats and incidents, including analysis, containment, and remediation. Build and optimise detection mechanisms and playbooks for novel attack vectors, including abuse prevention and fraud detection. Governance, Compliance More ❯

part of our culture and success. How will you contribute? Secure SDLC Support : Assist in integrating security practices into the software development lifecycle, including design reviews and backlog grooming. Threat Modelling : Participate in structured threat modelling exercises with guidance from senior team members. Vulnerability Triage : Work with engineering teams to review findings from SAST, SCA, DAST … Experience working in SaaS, multi-tenant cloud environments. Knowledge of machine learning security (AI/ML model risks, LLM security best practices). Familiarity with attack surface management and threat intelligence. Relevant certifications (e.g., Security+, SSCP, GSEC) are a plus but not required. What do we offer? We value our people and offer a competitive salary along with company More ❯

Working with the development team in embedding security in the SDLC Provide assistance in risk management activities Support security-related incidents Support our log monitoring operations Take part in threat modelling sessions Support the teams in risk analysis of technical vulnerabilities Support our Security Champions Assist in the execution of Threat Hunts, pentests and Threat Modelling … AWS Certified Security Familiarity with TCP/IP, DNS, firewalls, VPNs, and VLANs. Basic experience with SIEMs and security logs Understanding of vulnerability management practices Understanding of penetration testing, Threat Hunting, Red Teaming methodologies Familiarity with application security and OWASP Top Ten Scripting languages Experience with capture-the-flags Familiarity with audit principles and different information security compliance standards More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current: Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing: Perform ad-hoc security assessments and provide expert More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current : Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing : Perform ad-hoc security assessments and provide expert More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current : Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing : Perform ad-hoc security assessments and provide expert More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current : Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing : Perform ad-hoc security assessments and provide expert More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current : Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing : Perform ad-hoc security assessments and provide expert More ❯

expertise to help security and engineering teams across the enterprise embed security into the product development lifecycles. This role is the key advisor on AppSec standards, secure development practices, threat modelling, and security tooling (e.g. SAST, DAST, SCA, IaC scanning, container security, etc.), ensuring consistency and maturity in how applications are built and maintained. By aligning teams with … e.g. vulnerability MTTR, scan coverage, risk acceptance trends) and report findings to leadership and the Global Cyber Council. Coordinate secure architecture reviews for critical application initiatives and provide consultative threat modelling support to large cross brand projects. Continuous Improvement & Innovation: Know the latest on emerging application security technologies, industry best practices, and threat trends. Evaluate new tools More ❯

Actively contribute to the adoption of secure by design practices, with technical delivery teams for both existing systems and new systems, e.g. use of internal or external guidance, leading Threat Modelling activity. Nurture the use of secure technical practices to deliver technical excellence. Support experimentation and innovation in solving problems Supervise third parties in their deliveries related to … Functional knowledge and experience 7+ years of increasing responsibility in technical engineering or information security roles, security architecture preferred. Experience of enterprise architecture frameworks and their application Experience in threat modelling/design pattern development Proven Experience in designing and applying security controls into distributed systems (on premises and cloud) Thorough understanding of the latest security principles, techniques More ❯

engineering principles in the context of safety-critical systems and regulated environments. Demonstrated experience leading the development of cybersecurity assurance artefacts for certification programmes. Practical understanding of airworthiness risk modelling, threat identification, attack surface reduction, and aircraft-level threat scenarios. Ability to produce certification-ready documentation aligned to EASA/UK CAA guidance, including traceability to compliance … objectives. Strong communication and interpersonal skills, with the ability to translate complex cybersecurity concepts for engineering, safety, and programme stakeholders. Knowledge of aerospace cybersecurity policy, risk management, and threat intelligence as applied to aircraft development environments. Collaborative and detail-oriented, able to work across international teams and regulatory boundaries. Desired skills Experience supporting cybersecurity assurance within other EASA/… responding to regulatory audits, design reviews, and certification authority engagements. Understanding aircraft production and supply chain security, including configuration management, supplier assurance, and design data integrity. Exposure to digital threat modelling techniques tailored to aerospace domains (MITRE ATT&CK for ICS/Aerospace, STRIDE-LM). Ability to contribute to internal capability development, methodology refinement, and knowledge transfer More ❯

engineering principles in the context of safety-critical systems and regulated environments. Demonstrated experience leading the development of cybersecurity assurance artefacts for certification programmes. Practical understanding of airworthiness risk modelling, threat identification, attack surface reduction, and aircraft-level threat scenarios. Ability to produce certification-ready documentation aligned to EASA/UK CAA guidance, including traceability to compliance … objectives. Strong communication and interpersonal skills, with the ability to translate complex cybersecurity concepts for engineering, safety, and programme stakeholders. Knowledge of aerospace cybersecurity policy, risk management, and threat intelligence as applied to aircraft development environments. Experience Experience in cybersecurity, with at least 5 years focused on aerospace, defence, or regulated engineering environments. Proven track record of delivering security … responding to regulatory audits, design reviews, and certification authority engagements. Understanding aircraft production and supply chain security, including configuration management, supplier assurance, and design data integrity. Exposure to digital threat modelling techniques tailored to aerospace domains (MITRE ATT&CK for ICS/Aerospace, STRIDE-LM). Ability to contribute to internal capability development, methodology refinement, and knowledge transfer More ❯

engineering principles in the context of safety-critical systems and regulated environments. Demonstrated experience leading the development of cybersecurity assurance artefacts for certification programmes. Practical understanding of airworthiness risk modelling, threat identification, attack surface reduction, and aircraft-level threat scenarios. Ability to produce certification-ready documentation aligned to EASA/UK CAA guidance, including traceability to compliance … objectives. Strong communication and interpersonal skills, with the ability to translate complex cybersecurity concepts for engineering, safety, and programme stakeholders. Knowledge of aerospace cybersecurity policy, risk management, and threat intelligence as applied to aircraft development environments. Experience Experience in cybersecurity, with at least 5 years focused on aerospace, defence, or regulated engineering environments. Proven track record of delivering security … responding to regulatory audits, design reviews, and certification authority engagements. Understanding aircraft production and supply chain security, including configuration management, supplier assurance, and design data integrity. Exposure to digital threat modelling techniques tailored to aerospace domains (MITRE ATT&CK for ICS/Aerospace, STRIDE-LM). Ability to contribute to internal capability development, methodology refinement, and knowledge transfer More ❯

Drive the integration of security into every stage of the Software Development Lifecycle (SDLC). Design, implement, and manage security controls to ensure secure product design, development, and deployment. Threat Analysis and Mitigation : Collaborate with cross-functional teams to perform threat modelling, identify security risks, and implement effective countermeasures. Proactively assess the security posture of applications through … vulnerability scanning solutions. Strong grasp of secure coding practices and proficiency in integrating security into the Software Development Lifecycle (SDLC). Technical Knowledge and Implementation experience: Direct experience with threat modelling, security reviews, and penetration testing. Proven ability to secure cloud-native architectures, containerization technologies, and Infrastructure as Code (IaC) environments. Familiarity with industry standards and frameworks such More ❯

to be the engineer that can dissect designs, model attack paths, and give hands-on examples to teams of what good looks like. On any given engagement you might threat model, assess pipelines, learn a DSL from a security vendor so that you can complete a proof of concept, or build toolkit to help your team. We don't … expect you to know it all. Responsibilities: Threat modelling & architecture reviews - break down new AWS-backed services, map trust boundaries, build attack trees, and define security requirements before a single line of code is merged. Security automation - write and maintain IaC-driven checks, custom Lambda/Step-Functions, CI/CD gates, and CSPM rules so that secure … About the candidate: Must-haves A minimum Bachelor's degree (2.1 or higher) is required in Computer Science, or in a Technology-related field Deep AWS internals knowledge Proven threat-modelling chops (STRIDE, attack-trees, or other methodologies ). Strong coding ability in at least one language (Python, Go, Rust, etc.). CI/CD security automation (GitHub More ❯

of applications. Collaborate with empowered teams to ensure secure design, development, implementation, and verification of applications. Provide remediation guidance and recommendations to developers and administrators. Participate in and advance threat modelling practices across the division. Help stakeholders make risk-based decisions. Train developers and create educational presentations. Develop tools and automation supporting responsibilities. What You Bring to The … identify threats. Excellent ability to communicate, verbally and in writing, complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management. Strong experience in threat modelling software systems. Certification in CISSP or CCSP, it's a plus. Strong problem-solving capabilities using various technologies. Capability to research a new topic and to learn More ❯

our continual information security strategy, joining us on our journey and developing yourself along the way. Why Join Us? Work with a talented team of security professionals in a threat-driven environment. Ability to help shape the future of our cyber defence capabilities across a wide and diverse range of businesses. Competitive compensation and benefits package. Flexible work environment … with opportunities for remote work and professional development. Key responsibilities: Reporting to the Director of Information Security & Information Technology, you will be responsible for: - Build and own Seniors threat intelligence strategy. Develop and own the threat management program with regular assessments, threat modelling, risk prioritisation and remediation activities. The individual will serve as a subject matter … expert incyber threat management, advising our various businesses on adversary activities, situational awareness and defensive actions. Designing tactical and strategic responses to emerging security threats Define, implement and manage our cyber threat capability working with our local IT teams, MSSP partners, vendors and other key stakeholders. Provide our IT teams with guidance on adversary intentions, objectives and potential More ❯

implement scalable security mechanisms and tooling across diverse customer environments and architectures. • Engage directly with CISOs, enterprise architects, and security executives to co-develop secure-by-design solutions. • Lead threat modelling, posture review, and detection design efforts targeting systemic risk. • Build automation and detection systems directly or in collaboration with engineering teams to reduce manual effort and accelerate … regulated or high-trust environments such as finance, energy, or government • Prior experience designing or contributing to security automation mechanisms at scale • Strong understanding of cloud-native security principles, threat modelling, and secure design patterns • Demonstrated ability to collaborate and deliver results across organisational and technical boundaries Amazon is an equal opportunities employer. We believe passionately that employing More ❯

Our Needs Fluent in English - both written and spoken Demonstrable experience as a Security Architect or similar role Strong knowledge of security standards, protocols, and best practices Experience with threat modelling, risk assessment, and incident response Familiarity with security tools (e.g., Snyk, OWASP ZAP) Excellent communication and collaboration skills Self-learner and ability to execute tasks without supervision … Ability to maintain the highest level of professionalism Activities Assess and design secure system architectures Define and enforce security policies and best practices Conduct threat modelling and risk assessments Collaborate with development teams to ensure secure coding practices Review and recommend security tools and technologies Respond to security incidents and perform root cause analysis Acquired Experiences and Demonstrable More ❯

drive awareness of security from the earliest stages of design through to deployment. You'll help integrate automated security tooling and checks into our CI/CD pipelines, facilitate threat modelling sessions, and review security-sensitive design decisions around authentication, cryptography, and logging. You'll also ensure that tools such as SAST, DAST, and SCA are effective and … in CI/CD Hands-on experience with security tools like SAST, DAST, and SCA Familiar with cloud environments (especially AWS), containers, and microservices Comfortable reviewing technical designs, performing threat modelling, and advising on secure architecture Strong communicator who collaborates well with engineers and promotes secure-by-default practices We might not be right for you if: You More ❯

that requires a higher level of resolution. Assist with Problem and Change management support for the resolution of incidents. Proactively identify opportunities of improvement from a technical perspective. Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring Pre-requisites: Experience of 9-12 years in advanced security technologies Strong security More ❯