1 to 25 of 26 Threat Modelling Jobs in London

SAST, DAST, SCA) and work with developers to remediate findings. Support cloud security controls (primarily Azure, including cloud-native apps). Champion secure development, threat modelling, and DevSecOps integration. Research emerging threats and recommend proactive mitigations. Provide mentoring, training, and security awareness support to internal teams. Essential Skills … risk-based security. Relevant certifications such as CISSP, CompTIA Security+, GIAC, or equivalent. Excellent documentation, communication, and stakeholder collaboration skills. Desirable Background in threat modelling or secure software design. Knowledge of ISO27001, Cyber Essentials Plus, or cloud security certifications. Experience in large-scale or regulated environments. What ...

. Youll dissect designs, model attack paths, and show engineering teams what good really looks like. Depending on the engagement, you might run a threat model, assess CI/CD pipelines, learn a vendor DSL for a PoC, or build internal tooling. We dont expect you to know everything … just to be curious, practical, and willing to dive in. What Youll Do Threat Modelling & Architecture Reviews: Break down AWS services, map trust boundaries, build attack trees, and define security requirements before code ships. Security Automation: Build IaC-driven checks, Lambda/Step Function tooling, CI/ ...

implementing security architectures across enterprise IT and operational technology systems Collaborating with technical teams to integrate security into solution design and delivery Conducting threat modelling to identify vulnerabilities and define security requirements Managing security requirements throughout the system delivery and operational lifecycle Providing specialist security advice on: Risk … based and threat-based mitigation strategies Security frameworks such as NIST, ISO, CIS Authentication, authorisation, and protective monitoring best practices Developing strong working relationships with stakeholders, peers and teams Communicating complex technical concepts clearly to non-technical audiences Preparing written guidance, reports, and delivering impactful presentations Applying critical thinking ...

build-out of their cloud-native Infrastructure capability . Highly technical position where you will be responsible for not just assessing and threat modelling novel concepts and services to introduce across Security and the wider Tech functions; but leading in the actual design, configuration and implementation. Previous experience … most ambitious Tech Transformations for one of the most renowned Quant Finance firms in the UK. Responsibilities Perform hands-on security threat modelling, risk assessment and vulnerability remediation. Evaluate, architect, implement and support security focused tools and services. Work closely with Development teams to ensure security and privacy ...

testing frameworks The AI Security Engineer is responsible for securing AI platforms and systems against adversarial threats. The role focuses on technical security controls, threat modelling, red teaming, and continuous monitoring of AI systems. Focus of the role Design and implement security controls for AI and LLM systems … Perform AI-specific threat modelling and risk analysis Lead red team and blue team testing of AI platforms Conduct prompt injection and adversarial testing Knowledge & Experience Strong background in security engineering and cloud security Hands-on experience with AI red teaming and adversarial testing Familiarity with AI security ...

testing frameworks The AI Security Engineer is responsible for securing AI platforms and systems against adversarial threats. The role focuses on technical security controls, threat modelling, red teaming, and continuous monitoring of AI systems. Focus of the role Design and implement security controls for AI and LLM systems … Perform AI-specific threat modelling and risk analysis Lead red team and blue team testing of AI platforms Conduct prompt injection and adversarial testing Knowledge & Experience Strong background in security engineering and cloud security Hands-on experience with AI red teaming and adversarial testing Familiarity with AI security ...

IaaS, PaaS, SaaS, CASB, Zero Trust and micro-segmentation. Demonstrate a strong understanding of IAM including RBAC, ABAC, PAM, provisioning, compliance and SSO. Apply threat-modelling approaches including OWASP, PASTA, STRIDE, MITRE ATT&CK, threat intelligence and threat hunting. Desirable Experience Design and assure secure network … architectures and enterprise security solutions. Designing or assuring SOC operations, including monitoring and response. Overseeing penetration testing, vulnerability assessments and remediation lifecycle. Integrating threat intelligence into operations and strategic planning. Essential QualificationsCertified Information Security Manager (CISM)Certified Information Systems Security Professional (CISSP)Security ClearanceSecurity Check (SC) Clearance is required. ...

client audit requests as they relate to AI use at the firm. Perform detailed security analysis of application architectures to provide assurance. Understand threat modelling and participate in major incidents responses with IAM and AI components. Review and approve the IAM components of solution designs. Collaborate with cloud ...

align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearmans strategy to lead where global complexity creates opportunity. In addition, you will have the opportunity to share … adherence to the change management process when implementing IAM relevant changes to architecture. Perform detailed analysis of application architectures to provide IAM assurance. Understand threat modelling and participate in major incidents responses with IAM components. Review and approve the IAM components of solution designs. Collaborate with cloud infrastructure ...

cloud deployments (private/public). Design and scope IT Health Checks and interpret outcomes. Identify and mitigate security risks in solution architectures. Conduct threat modelling and risk analysis. Design proportional security controls using native cloud technologies. Produce security architecture artefacts including standards and blueprints. What ...

Review ITHC outcomes, providing clear guidance and actionable remediation plans. Identify and assess security risks in proposed architectures, recommending mitigations and alternative solutions. Perform threat modelling, risk assessment, and security analysis for systems, applications, and infrastructure. Design proportionate security controls aligned to risk appetite, leveraging native cloud capabilities. ...

/CD and DevSecOps pipelines Secure containerised and Kubernetes-based environments Implement Infrastructure as Code and Policy as Code (Terraform, CloudFormation) Conduct cloud threat modelling, risk assessments and design reviews Ensure compliance with CIS, NIST, GDPR, PCI-DSS and ISO standards Collaborate with engineering, DevOps and security stakeholders ...

maintain security and cloud architecture patterns, principles, and standards Provide security and cloud input into solution designs, technical reviews, and delivery governance Support threat modelling, risk assessments, and security design reviews Advise on secure use of cloud-native services, data platforms, and AI-enabled services Ensure architectures align ...

cloud-compatible controls, templates, and "as code" modules. Collaborate with engineering teams to embed security into CI/CD, IaC, and DevSecOps pipelines. Lead threat modelling exercises and train non-security stakeholders in its application. About the requirements: Strong knowledge of industry frameworks (NIST CSF, ISO/ ...

multi-cloud security standards and reference blueprints (Azure Policy/Initiatives, AWS Control Tower, SCPs) Own security architecture patterns and contribute to HLDs, LLDs, threat models and risk assessments Set assurance and evidence requirements for internal teams and third-party suppliers Establish policy-as-code standards , including exception handling ...

technology environments. In this role, you will: Collaborate with solution and technical architects to define security architecture for advanced enterprise and operational systems. Lead threat modelling exercises and provide expert guidance on risk mitigation. Advise on security requirements through the full system lifecycle, including design, delivery, and operational ...

outcomes. About You We're looking for someone with a blend of technical expertise and delivery mindset: Hands-on application security experience: secure coding, threat modelling, SAST/DAST tooling. Strong knowledge of SDLC and CI/CD integration, with experience securing software throughout its lifecycle. Pragmatic, delivery ...

senior stakeholders, and leadership Experience aligning solutions to: Enterprise reference architectures Security principles, standards, and patterns 3. Governance, Risk & Regulatory Alignment Strong experience in: Threat modelling Security assessments feeding into design Ability to map: Policy control implementation evidence Experience designing solutions aligned to regulatory frameworks (explicitly mentions DORA … across: Security Infrastructure Platforms Application teams Acts as a security SME and consultant , not just a designer 5. Tooling & Documentation (Mandatory but Supporting) Architecture modelling tools: BizzDesign, Archi, UML (at least one) Delivery tooling: Jira (task & project management) Confluence (formal documentation) Excellent written documentation skills (this is strongly emphasised ...

experience with agents : LangChain, AutoGPT, CrewAI, or custom agent frameworks • Regulated industry background : Financial services, healthcare, or other domains with compliance requirements • Security/threat modelling expertise : Understanding of adversarial AI, prompt injection, or system security • Real-time systems experience : Trading systems, fraud detection, or other low-latency ...

blue-green), and infrastructure-as-code. Establish robust observability (metrics, logs, traces) and capacity/scale models for high-throughput, highly available services. Lead threat modeling, architecture reviews, and audit readiness for Tier 0 services; ensure security and privacy are embedded through the lifecycle. Mentor engineers, influence cross ...

Secure by Design discovery and assessment activities across digital services Identify security risks, constraints, and dependencies, and translate these into clear, prioritised recommendations. Facilitate threat modelling and risk workshops with multidisciplinary teams. Define pragmatic security control expectations aligned to service risk and context. Produce concise written outputs that ...

microservices (e.g., Kubernetes, Docker) Build and integrate security solutions for DevSecOps pipelines and collaborate with cross-functional teams to deploy them globally Perform threat modeling for cloud-based workloads and develop corresponding countermeasures Review and assess new third-party cloud and on-premises solutions to identify potential security risks … GitHub Hands-on experience with Infrastructure as Code (IaC) and Policy as Code (PaC) technologies, including Terraform and CloudFormation Demonstrated skills in cloud threat modeling and architectural assessment using tools like IriusRisk Strong knowledge of compliance benchmarks (e.g., CIS, GDPR, PCI-DSS, ISO standards) and industry cloud security standards ...

modules), and network segmentation for hybrid environments. DevSecOps: Integrating SAST/DAST tools into CI/CD pipelines and automating compliance checks. Security Documentation Threat Modeling: Using frameworks to identify risks in legacy-to-modern transitions. Security Control Sets: Defining controls for data encryption, access management, and audit logging … functional teams (developers, ops, risk owners) to align security with business objectives. Risk Appetite Management: Balancing security requirements with project timelines and budgetary constraints. Threat assessments and risk registers. Security Controls Statement of Applicability . Pre- and post-ITHC compliance reports. UK Government Experience: - Preferred to have 3 years ...

deep expertise in cybersecurity and practical experience in securing AI/ML systems. In this role, you will help clients navigate the rapidly evolving threat landscape of artificial intelligence. You will work across strategy, architecture, and hands-on technical analysis to design resilient systems for high-impact environments. … Responsibilities AI/ML Security Oversight: Evaluate and secure the entire AI lifecycle, including model governance, data pipelines, and deployment patterns. Threat Modeling: Conduct advanced security assessments and risk analysis across cloud, on-premise, and hybrid environments. Risk Mitigation: Advise clients on emerging AI risks such as prompt injection ...

security area to advance the business relative to the industry. Qualifications 6+ years of experience in vulnerability discovery/security engineering/application security Threat modeling experience of microservice architectures Experience working in a large cloud or software company Extensive research or experience with multiple classes of security bugs … Expertise in applying risk identification techniques to develop security solutions Experience and understanding of Cryptographic algorithms, standards, implementation and application Experience and understanding of threat modeling, penetration testing, reverse engineering and attacks on software Experience working with large enterprise customers ...