1 to 25 of 112 Threat Modelling Jobs in London

and Architecture: Develop and implement security strategies aligned with industry standards and best practices, ensuring all systems are secure by design. Risk Management: Assess risks, identify vulnerabilities, and create threat models for new and existing systems to prioritize security controls. Compliance and Governance: Ensure solutions comply with regulatory and organizational security standards (e.g., NIST, ISO 27001, GDPR). Solution More ❯

NIST, ISO 27001, CIS). Develop and maintain secure architectural patterns and standards, with a solid working knowledge of cloud security (AWS, Azure, GCP). Apply risk-based and threat-based approaches to evaluate and recommend appropriate and proportionate security technologies and solutions (e.g., SIEM, IAM, CASB, container security). Outline key security components, interfaces, and dependencies. Develop architectural … Document security design principles and provide rationale. Ensure designs align with business objectives, security policies, and industry best practices, with a focus on cloud-native security considerations. Risk and Threat Management: Conduct comprehensive risk assessments and threat modelling, providing detailed analysis and actionable recommendations. Advise clients on risk mitigation strategies and security best practices, and support the More ❯

expertise and excellence, working collaboratively across government to deliver holistic, customer centric cyber security services. This includes consultancy support that continually evolves to emerging technologies and the ever-changing threat and risk landscape. It is an exciting time to be part of our active and encouraging Cybersecurity and Architecture communities, working within HMRC and across HMG. As an Enterprise … TOGAF and SABSA and Framework adoption such as those in NIST 2.0. Security Tooling Roadmaps: Create detailed roadmaps for security tooling, incorporating vendor investment tracking, horizon scanning, and global threat landscape changes, and communicate these to stakeholders. Baseline Establishment and Design Patterns: Establish baselines for current security technologies and develop design patterns to support solution architects in implementing effective … DNS, NAC, NSPM, and architectures like SASE and Zero Trust. Application Security: Experience with SAST, DAST, RAST, IAST tools, integrating security into SDLC processes, OWASP, API security design, robust threat modelling, and containerization security. Data Security: Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities. Cyber Security Operations More ❯

technical expertise, strategic vision, and hands-on experience in building secure, AI-driven systems. As Director of Cybersecurity, you will oversee all aspects of our security architecture, operations, and threat intelligence functions—ensuring Nothreat’s platforms and clients remain resilient in an evolving threat landscape. You will also be expected to drive cross-functional collaboration across product, engineering … teams, and lead the execution of complex, high-impact security initiatives. Key Responsibilities Define and drive Nothreat’s cybersecurity strategy across product, infrastructure, and operations. Lead security architecture reviews, threat modeling, and secure development practices across engineering teams. Oversee the implementation and operation of security controls, incident response plans, and risk management frameworks. Work closely with the AI engineering …/ML systems, securing data pipelines, models, and associated infrastructure. Strong technical background in areas such as application security, cloud security (AWS/Azure), identity and access management, and threat detection. Proficiency with SIEM, SOAR, EDR, vulnerability management, and DevSecOps practices. Deep understanding of modern attack vectors, threat intelligence, and incident response processes. Experience with security frameworks and More ❯

technical expertise, strategic vision, and hands-on experience in building secure, AI-driven systems. As Director of Cybersecurity, you will oversee all aspects of our security architecture, operations, and threat intelligence functions—ensuring Nothreat’s platforms and clients remain resilient in an evolving threat landscape. You will also be expected to drive cross-functional collaboration across product, engineering … teams, and lead the execution of complex, high-impact security initiatives. Key Responsibilities Define and drive Nothreat’s cybersecurity strategy across product, infrastructure, and operations. Lead security architecture reviews, threat modeling, and secure development practices across engineering teams. Oversee the implementation and operation of security controls, incident response plans, and risk management frameworks. Work closely with the AI engineering …/ML systems, securing data pipelines, models, and associated infrastructure. Strong technical background in areas such as application security, cloud security (AWS/Azure), identity and access management, and threat detection. Proficiency with SIEM, SOAR, EDR, vulnerability management, and DevSecOps practices. Deep understanding of modern attack vectors, threat intelligence, and incident response processes. Experience with security frameworks and More ❯

and trade renewable-generation data Embed security & privacy requirements into solution designs, CI/CD pipelines and infrastructure as code, working closely with product squads and the DPO Drive threat-modelling, technical risk assessments, and STRIDE/PASTA analyses for new solar-plant builds, grid integration projects and SaaS platforms Act as lead architect on secure network topologies More ❯

and trade renewable-generation data Embed security & privacy requirements into solution designs, CI/CD pipelines and infrastructure as code, working closely with product squads and the DPO Drive threat-modelling, technical risk assessments, and STRIDE/PASTA analyses for new solar-plant builds, grid integration projects and SaaS platforms Act as lead architect on secure network topologies More ❯

across technology, data sciences, consulting, and customer obsession to accelerate our clients' businesses through designing the products and services their customers truly value. Job Description As a Senior Engineer - Threat Modelling, you will be part of a cross-functional team delivering digital business transformation solutions to our clients. This role focuses on Security Architecture and Threat Modelling … Collaboration with Engineering, Information Security, Program Management, and Development teams is essential. You will conduct technical architecture reviews to identify security opportunities, threats, and mitigation strategies. Your Impact Conduct threat modeling exercises using established methodologies. Identify potential threats and specify mitigation controls. Manage the lifecycle of threats and controls, ensuring updates. Deliver threat models within deadlines. Provide feedback … to improve threat modeling processes. Present findings to leadership and stakeholders. Qualifications Your Skills & Experience We seek candidates with experience in: Proficiency in GCP (essential) Security architecture principles, frameworks, and best practices Threat modeling methodologies like MITRE ATT&CK, STRIDE, PASTA Cybersecurity experience of 5+ years Security practices including authentication, authorization, logging, encryption, infrastructure security, network segmentation Knowledge More ❯

innovative team. The Security Engineer will play a crucial role in enhancing our information security and privacy posture by engaging with engineering and operations teams to perform security reviews, threat modeling, and other critical security activities. This role requires a deep understanding of information security principles, a strong technical background, and the ability to collaborate effectively across various teams. … is integrated into the secure software development lifecycle (SSLDC). Conduct comprehensive security reviews of software applications and systems to identify potential vulnerabilities and security gaps. Build and maintain threat models for new and existing applications, ensuring that all potential attack vectors are identified and mitigated. Develop and maintain security automation scripts and tools, such as SAST/DAST … PCI DSS, and GDPR knowledge, experience, and qualifications are highly desirable. At least 5 years of relevant industry experience in information security, with a focus on security architecture and threat modeling. Proven experience in performing security reviews, threat modeling, and risk assessments; strong understanding of information security principles, including confidentiality, integrity, and availability. Experience with security tools and More ❯

lifecycle (SDLC) and ensure products are built securely Oversee vulnerability management and remediation efforts, including leading responses to pen test findings and security assessments Experience conducting risk assessments and threat modelling for software development and advise where necessary Experience in software security design review Strong knowledge of Agile, DevSecOps, System Engineer and or equivalent Knowledge of security standards More ❯

applications/projects from inception through delivery. Ensure security controls are effectively embedded throughout the SDLC. Maintain up-to-date InfoSec policies and technical security standards. Conduct vulnerability assessments, threat modelling, and architecture reviews. What You’ll Bring Strong ability to translate technical risk into clear, actionable business terms. Hands-on experience with secure DevOps pipelines and development … development in .NET, Java, Python, PowerShell, or Bash. Knowledge of tools like SIEM, SOAR, IDS, WAF, vulnerability management platforms. Experience with UI, API, microservices security patterns and cryptographic principles. Threat modelling and dynamic security testing skills. Background in business analysis or requirements engineering. More ❯

pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development teams. Security certifications such as CISSP, OSCP, GWAPT, CEH or CSSLP More ❯

pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development teams. Security certifications such as CISSP, OSCP, GWAPT, CEH or CSSLP More ❯

pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development teams. Security certifications such as CISSP, OSCP, GWAPT, CEH or CSSLP More ❯

should have at least 3 years of experience in system, network or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ) Experience with designing and administering identity management (authentication and authorisation including policy enforcement More ❯

should have at least 3 years of experience in system, network or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ), Experience with designing and administering identity management (authentication and authorisation including policy enforcement More ❯

and proactive risk reduction initiatives Advocate for secure development practices - from CI/CD pipelines to containerised workloads - ensuring that friction is addressed with empathy and practical value Apply threat modelling frameworks to uncover vulnerabilities and recommend architecture-level mitigation strategies Work directly with developers and infrastructure teams to align real-world engineering goals with enterprise security objectives … systems within cloud-native environments (AWS or Azure) Comfortable developing IaC (Terraform or similar), automating security controls, and contributing to secure infrastructure practices Strong understanding of modern security principles, threat actor behaviour, and risk frameworks (NIST preferred) Skilled in collaborating with developers to find practical, low-friction ways to implement secure patterns Confident communicator across technical and non-technical … teams, with the ability to influence architecture-level decisions Deep familiarity with secure development tooling, infrastructure design, and threat modelling practices Background in highly regulated environments such as financial services, insurance, or pensions (Preferred) Degree in a related field and/or certifications such as CISSP, CISM, or equivalent (Preferred) Experience contributing to architectural governance, documentation, and change More ❯

adjacent fields (e.g. Data, DevOps, Cloud) on the fundamentals and best practices of cyber security. Be part of updating training content to reflect current cyber industry trends, tools and threat landscapes. Work closely with the curriculum team to improve and tailor course content and delivery methods. Some weeks will require travel into the London HQ for in-person sessions … security engineering, consulting, or operations Ability to teach and explain key cyber domains, and at least one of the below: Network and infrastructure security Security operations and incident response Threat intelligence and threat modelling Governance, risk & compliance (GRC) Cloud security Penetration testing and vulnerability management Excellent communication & presentation skills. Desirable: Certifications such as CISSP, CISM, CEH, CPENT More ❯

adjacent fields (e.g. Data, DevOps, Cloud) on the fundamentals and best practices of cyber security. Be part of updating training content to reflect current cyber industry trends, tools and threat landscapes. Work closely with the curriculum team to improve and tailor course content and delivery methods. Some weeks will require travel into the London HQ for in-person sessions … security engineering, consulting, or operations Ability to teach and explain key cyber domains, and at least one of the below: Network and infrastructure security Security operations and incident response Threat intelligence and threat modelling Governance, risk & compliance (GRC) Cloud security Penetration testing and vulnerability management Excellent communication & presentation skills. Desirable: Certifications such as CISSP, CISM, CEH, CPENT More ❯

adjacent fields (e.g. Data, DevOps, Cloud) on the fundamentals and best practices of cyber security. Be part of updating training content to reflect current cyber industry trends, tools and threat landscapes. Work closely with the curriculum team to improve and tailor course content and delivery methods. Some weeks will require travel into the London HQ for in-person sessions … security engineering, consulting, or operations Ability to teach and explain key cyber domains, and at least one of the below: Network and infrastructure security Security operations and incident response Threat intelligence and threat modelling Governance, risk & compliance (GRC) Cloud security Penetration testing and vulnerability management Excellent communication & presentation skills. Desirable: Certifications such as CISSP, CISM, CEH, CPENT More ❯

this is inside I35. Key Responsibilities: Lead security design and architecture across applications and projects. Ensure alignment of security solutions with business needs and regulatory standards. Conduct risk assessments, threat modelling, and vulnerability testing. Communicate risks and mitigation strategies to senior stakeholders. Work with DevOps teams on secure development pipelines. What We’re Looking For: 5+ years’ experience More ❯

under the CHECK scheme (e.g., as a CHECK Team Member/Leader). Knowledge of UK public sector security and data protection standards (e.g., NCSC, Cyber Essentials Plus). Threat modelling and secure design practices. Cyber Security Engineer - London (Hybrid) - £700 per day inside IR35 - 4 months+ Damia Group Limited acts as an employment agency for permanent recruitment More ❯

with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator - able to engage confidently with both engineers and More ❯

and security roadmap. Manage information security projects and initiatives across IT and business units. Collaborate with senior leadership to align security goals with business objectives. Lead risk assessments and threat modelling exercises for internal systems and third-party services. Manage the deployment and maintenance of security solutions (SIEM, firewalls, endpoint protection, DLP, etc.). Oversee the organization's More ❯

applications. Deploy and Manage Security Tooling: Select, implement, and operate key tools across GCP , such as Cloud Armor , Cloud Identity , Security Command Center , and VPC Service Controls for ongoing threat detection and response. Integrate Security in SDLC: Collaborate with product and engineering teams to integrate security into every stage of the software development lifecycle. Threat Modeling and Risk … Analysis: Perform structured threat modeling using frameworks such as STRIDE and PASTA to proactively mitigate security risks. Champion Developer Education: Promote secure development practices by educating engineers on cloud and application security fundamentals. Mentor and Lead: Act as a mentor to future hires, helping scale a high-impact cloud security function as the business grows. What you'll bring … with core cloud security components including IAM , WAFs , SIEM , CSPM , and vulnerability scanners. Technical Skills: Proficiency in at least one scripting or programming language (e.g. Python, Go, Bash). Threat Modeling: Practical knowledge of frameworks like STRIDE and PASTA. Education: Bachelor's degree in Computer Science, Information Security, or a related technical field. Collaborative Expertise: Clear and effective communication More ❯