1 to 25 of 310 Threat Modelling Jobs in the UK

and Architecture: Develop and implement security strategies aligned with industry standards and best practices, ensuring all systems are secure by design. Risk Management: Assess risks, identify vulnerabilities, and create threat models for new and existing systems to prioritize security controls. Compliance and Governance: Ensure solutions comply with regulatory and organizational security standards (e.g., NIST, ISO 27001, GDPR). Solution More ❯

systems. The Security Architect will draw upon Enterprise Security Architecture or Security Solutions Architecture to: - Identify business objectives, user needs, risk appetite and cyber security obligations - Identify vulnerabilities, perform threat modelling, undertake risk assessment, evaluate the effectiveness of security controls - Verify and evidence alignment to 'Secure by Design' principles, corporate security policy/standards as well as industry … Contribute to a reference architecture of established patterns, principles and guidelines Research emerging technologies, new products and be able to position these in a coherent manner against the developing threat landscape and client risk appetite Ability to distil complex information and concepts into key discussion points that identifies a path to resolution rather than only the identification of challenges … native security capabilities and good practice within Cloud platforms (AWS and/or Microsoft Azure) In-depth knowledge of modern security concepts, common attack vectors, malware, security analytics and threat intelligence. A good understanding of security testing and vulnerability management is important (including pen testing/ITHC, CVSS/CVE) Experience working with security standards such as ISO More ❯

NIST, ISO 27001, CIS). Develop and maintain secure architectural patterns and standards, with a solid working knowledge of cloud security (AWS, Azure, GCP). Apply risk-based and threat-based approaches to evaluate and recommend appropriate and proportionate security technologies and solutions (e.g., SIEM, IAM, CASB, container security). Outline key security components, interfaces, and dependencies. Develop architectural … Document security design principles and provide rationale. Ensure designs align with business objectives, security policies, and industry best practices, with a focus on cloud-native security considerations. Risk and Threat Management: Conduct comprehensive risk assessments and threat modelling, providing detailed analysis and actionable recommendations. Advise clients on risk mitigation strategies and security best practices, and support the More ❯

expertise and excellence, working collaboratively across government to deliver holistic, customer centric cyber security services. This includes consultancy support that continually evolves to emerging technologies and the ever-changing threat and risk landscape. It is an exciting time to be part of our active and encouraging Cybersecurity and Architecture communities, working within HMRC and across HMG. As an Enterprise … TOGAF and SABSA and Framework adoption such as those in NIST 2.0. Security Tooling Roadmaps: Create detailed roadmaps for security tooling, incorporating vendor investment tracking, horizon scanning, and global threat landscape changes, and communicate these to stakeholders. Baseline Establishment and Design Patterns: Establish baselines for current security technologies and develop design patterns to support solution architects in implementing effective … DNS, NAC, NSPM, and architectures like SASE and Zero Trust. Application Security: Experience with SAST, DAST, RAST, IAST tools, integrating security into SDLC processes, OWASP, API security design, robust threat modelling, and containerization security. Data Security: Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities. Cyber Security Operations More ❯

expertise and excellence, working collaboratively across government to deliver holistic, customer centric cyber security services. This includes consultancy support that continually evolves to emerging technologies and the ever-changing threat and risk landscape. It is an exciting time to be part of our active and encouraging Cybersecurity and Architecture communities, working within HMRC and across HMG. As an Enterprise … TOGAF and SABSA and Framework adoption such as those in NIST 2.0. Security Tooling Roadmaps: Create detailed roadmaps for security tooling, incorporating vendor investment tracking, horizon scanning, and global threat landscape changes, and communicate these to stakeholders. Baseline Establishment and Design Patterns: Establish baselines for current security technologies and develop design patterns to support solution architects in implementing effective … DNS, NAC, NSPM, and architectures like SASE and Zero Trust. Application Security: Experience with SAST, DAST, RAST, IAST tools, integrating security into SDLC processes, OWASP, API security design, robust threat modelling, and containerization security. Data Security: Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities. Cyber Security Operations More ❯

expertise and excellence, working collaboratively across government to deliver holistic, customer centric cyber security services. This includes consultancy support that continually evolves to emerging technologies and the ever-changing threat and risk landscape. It is an exciting time to be part of our active and encouraging Cybersecurity and Architecture communities, working within HMRC and across HMG. As an Enterprise … TOGAF and SABSA and Framework adoption such as those in NIST 2.0. Security Tooling Roadmaps: Create detailed roadmaps for security tooling, incorporating vendor investment tracking, horizon scanning, and global threat landscape changes, and communicate these to stakeholders. Baseline Establishment and Design Patterns: Establish baselines for current security technologies and develop design patterns to support solution architects in implementing effective … DNS, NAC, NSPM, and architectures like SASE and Zero Trust. Application Security: Experience with SAST, DAST, RAST, IAST tools, integrating security into SDLC processes, OWASP, API security design, robust threat modelling, and containerization security. Data Security: Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities. Cyber Security Operations More ❯

technical expertise, strategic vision, and hands-on experience in building secure, AI-driven systems. As Director of Cybersecurity, you will oversee all aspects of our security architecture, operations, and threat intelligence functions—ensuring Nothreat’s platforms and clients remain resilient in an evolving threat landscape. You will also be expected to drive cross-functional collaboration across product, engineering … teams, and lead the execution of complex, high-impact security initiatives. Key Responsibilities Define and drive Nothreat’s cybersecurity strategy across product, infrastructure, and operations. Lead security architecture reviews, threat modeling, and secure development practices across engineering teams. Oversee the implementation and operation of security controls, incident response plans, and risk management frameworks. Work closely with the AI engineering …/ML systems, securing data pipelines, models, and associated infrastructure. Strong technical background in areas such as application security, cloud security (AWS/Azure), identity and access management, and threat detection. Proficiency with SIEM, SOAR, EDR, vulnerability management, and DevSecOps practices. Deep understanding of modern attack vectors, threat intelligence, and incident response processes. Experience with security frameworks and More ❯

technical expertise, strategic vision, and hands-on experience in building secure, AI-driven systems. As Director of Cybersecurity, you will oversee all aspects of our security architecture, operations, and threat intelligence functions—ensuring Nothreat’s platforms and clients remain resilient in an evolving threat landscape. You will also be expected to drive cross-functional collaboration across product, engineering … teams, and lead the execution of complex, high-impact security initiatives. Key Responsibilities Define and drive Nothreat’s cybersecurity strategy across product, infrastructure, and operations. Lead security architecture reviews, threat modeling, and secure development practices across engineering teams. Oversee the implementation and operation of security controls, incident response plans, and risk management frameworks. Work closely with the AI engineering …/ML systems, securing data pipelines, models, and associated infrastructure. Strong technical background in areas such as application security, cloud security (AWS/Azure), identity and access management, and threat detection. Proficiency with SIEM, SOAR, EDR, vulnerability management, and DevSecOps practices. Deep understanding of modern attack vectors, threat intelligence, and incident response processes. Experience with security frameworks and More ❯

development of products and services during the SDLC Provide guidance and support during development and rollout of new product features by understanding their requirements and model/evaluate likely threat vectors Provide security expertise and guidance to the Development Teams Promote a security-focused culture as part of the SDLC, educating DevOps teams in security best practices Conduct/… Lead threat modelling and security design activities alongside Dev/Engineering Teams Work with 3rd parties to support vulnerability and penetration testing Process reports from external penetration testing vendors and coordinate feedback with teams to ensure actions are followed to mitigate identified risks Skills: Software engineering background is a must with knowledge of Application Security Frameworks e.g. OWASP … SAMM/DSOMM etc Hands-on knowledge of information security processes such as security design review, threat modelling, OWASP Top 10, risk analysis, and software testing techniques Strong understanding of application security awareness, including the security of web applications Experience with risk management activities - identifying, assessing and providing remediation options for application and technology risks Knowledge of Agile More ❯

and trade renewable-generation data Embed security & privacy requirements into solution designs, CI/CD pipelines and infrastructure as code, working closely with product squads and the DPO Drive threat-modelling, technical risk assessments, and STRIDE/PASTA analyses for new solar-plant builds, grid integration projects and SaaS platforms Act as lead architect on secure network topologies More ❯

and trade renewable-generation data Embed security & privacy requirements into solution designs, CI/CD pipelines and infrastructure as code, working closely with product squads and the DPO Drive threat-modelling, technical risk assessments, and STRIDE/PASTA analyses for new solar-plant builds, grid integration projects and SaaS platforms Act as lead architect on secure network topologies More ❯

also contribute to security compliance and best practices, ensuring products meet regulatory and industry standards. Key Responsibilities: Identify security requirements and integrate controls into product development. Conduct risk assessments, threat modeling, and vulnerability analysis. Develop and implement risk management strategies using security frameworks. Collaborate with development teams to ensure security best practices and secure-by-design principles. Identify and …/53, OWASP) . Experience with risk management methodologies and compliance with MOD and HMG security standards (JSP, Def Stan 05-138/139). Proficiency in security threat modeling and risk assessments. Knowledge of secure development practices, penetration testing, and vulnerability assessments. Ability to communicate security risks and strategies to technical and non-technical stakeholders. Experience in incident More ❯

also contribute to security compliance and best practices, ensuring products meet regulatory and industry standards. Key Responsibilities: Identify security requirements and integrate controls into product development. Conduct risk assessments, threat modeling, and vulnerability analysis. Develop and implement risk management strategies using security frameworks. Collaborate with development teams to ensure security best practices and secure-by-design principles. Identify and …/53, OWASP) . Experience with risk management methodologies and compliance with MOD and HMG security standards (JSP, Def Stan 05-138/139). Proficiency in security threat modeling and risk assessments. Knowledge of secure development practices, penetration testing, and vulnerability assessments. Ability to communicate security risks and strategies to technical and non-technical stakeholders. Experience in incident More ❯

Collaborate with IT, cloud, and cybersecurity teams to ensure secure integration across systems and applications. Lead architectural reviews and assurance of designs working with System Integrators & partner resources. Conduct threat modeling and risk assessments on network infrastructure and recommend mitigations. Support incident response teams during network-related security incidents and perform root cause analysis. Evaluate and recommend security tools … IPS/IDS, and SD-WAN. Understanding of Zero Trust Architecture, microsegmentation, and secure cloud networking (e.g., Azure, AWS, GCP). Experience with security information and event management (SIEM), threat intelligence, and vulnerability management. Excellent communication and documentation skills, with the ability to influence and educate stakeholders. Relevant certifications strongly preferred (e.g., CISSP, CCNP Security, CCIE Security, GIAC, Azure More ❯

across technology, data sciences, consulting, and customer obsession to accelerate our clients' businesses through designing the products and services their customers truly value. Job Description As a Senior Engineer - Threat Modelling, you will be part of a cross-functional team delivering digital business transformation solutions to our clients. This role focuses on Security Architecture and Threat Modelling … Collaboration with Engineering, Information Security, Program Management, and Development teams is essential. You will conduct technical architecture reviews to identify security opportunities, threats, and mitigation strategies. Your Impact Conduct threat modeling exercises using established methodologies. Identify potential threats and specify mitigation controls. Manage the lifecycle of threats and controls, ensuring updates. Deliver threat models within deadlines. Provide feedback … to improve threat modeling processes. Present findings to leadership and stakeholders. Qualifications Your Skills & Experience We seek candidates with experience in: Proficiency in GCP (essential) Security architecture principles, frameworks, and best practices Threat modeling methodologies like MITRE ATT&CK, STRIDE, PASTA Cybersecurity experience of 5+ years Security practices including authentication, authorization, logging, encryption, infrastructure security, network segmentation Knowledge More ❯

part in developing our vulnerability management program, working closely with our operational support, infrastructure, and development teams. Plus, you'll be right in the thick of security event monitoring, threat intelligence, and incident management - keeping us one step ahead! What you'll be doing: Delivering SOC Capabilities: You'll be a key team member in delivering ongoing Security Operations … possible and play a big part in evolving our security tooling and services. Policy & Standards: You'll champion the adoption and adherence to our InfoSec policy, standards, and guidelines. Threat Intelligence: You'll monitor and apply current and emerging threat intelligence, using tools like Google Threat Intelligence to proactively spot and tackle digital threats. Incident Response: You … Management (CSPM) tools. Knowledge of Cloud Workload Protection Platforms (CWPP) for securing containers, serverless workloads, and virtual machines. Working knowledge of DevSecOps methodologies. Ability to contribute to cloud solution threat modelling and secure design reviews. A bit about you: Passion! You're genuinely passionate about your career path and love what you do. Communication skills. You can express More ❯

part in developing our vulnerability management program, working closely with our operational support, infrastructure, and development teams. Plus, you'll be right in the thick of security event monitoring, threat intelligence, and incident management - keeping us one step ahead! What you'll be doing: Delivering SOC Capabilities: You'll be a key team member in delivering ongoing Security Operations … possible and play a big part in evolving our security tooling and services. Policy & Standards: You'll champion the adoption and adherence to our InfoSec policy, standards, and guidelines. Threat Intelligence: You'll monitor and apply current and emerging threat intelligence, using tools like Google Threat Intelligence to proactively spot and tackle digital threats. Incident Response: You … CSPM) tools. Knowledge of Cloud Workload Protection Platforms (CWPP) for securing containers, serverless workloads, and virtual machines. Working knowledge of DevSecOps methodologies . Ability to contribute to cloud solution threat modelling and secure design reviews. A bit about you: Passion! You're genuinely passionate about your career path and love what you do. Communication skills. You can express More ❯

information risk management processes. They are the thought leader on all matters within the security and compliance domain such that the company remains secure against the ever-changing security threat and compliance landscape. Information Security Strategy Create and maintain the Company's strategy, ensuring alignment to the Company's strategy and business goals. Work across internal and external stakeholders … capability, both technical and operational, and propose remediation and mitigation plans and solutions. Responsible for the Company's information security capability, ensuring it remains secure against an ever-changing threat landscape. Operational Input Contribute to design and architectural decisions and improve the approach to the Company's threat modelling. Lead on information security incidents and work directly with … internal teams and external parties on containment and mitigation activities. Execute threat simulations. Assess emerging and potential security threats and act proactively to mitigate relevant threats. End-to-end vulnerability management. Manage the security toolset. Act as the security "face" of Sycurio to its customers, suppliers, and auditors, supporting both in-life and sales engagements. Manage and participate in More ❯

innovative team. The Security Engineer will play a crucial role in enhancing our information security and privacy posture by engaging with engineering and operations teams to perform security reviews, threat modeling, and other critical security activities. This role requires a deep understanding of information security principles, a strong technical background, and the ability to collaborate effectively across various teams. … is integrated into the secure software development lifecycle (SSLDC). Conduct comprehensive security reviews of software applications and systems to identify potential vulnerabilities and security gaps. Build and maintain threat models for new and existing applications, ensuring that all potential attack vectors are identified and mitigated. Develop and maintain security automation scripts and tools, such as SAST/DAST … PCI DSS, and GDPR knowledge, experience, and qualifications are highly desirable. At least 5 years of relevant industry experience in information security, with a focus on security architecture and threat modeling. Proven experience in performing security reviews, threat modeling, and risk assessments; strong understanding of information security principles, including confidentiality, integrity, and availability. Experience with security tools and More ❯

delivery of critical systems that protect citizens and national interests. Working with the Principal Security Architect, you will own security architecture for a major portfolio, translate business goals and threat intelligence into practical controls, and mentor SEO level architects to raise capability across multiple programmes. You will engage senior stakeholders, balance risk against usability and cost, and shape patterns … user centred delivery. You will analyse emerging threats, advise on proportional mitigations, and produce or tailor reference patterns covering identity, network segmentation, container security, data protection, and monitoring. By modelling risks with frameworks such as ISO 27005, NIST, or STRIDE, you will justify design choices to technical and non technical audiences and document them for re use. What You … Security Architect strategy, translating them into reusable templates and guardrails. Lead architecture reviews for high risk projects, providing actionable recommendations and tracking remediation through to closure. Perform and interpret threat modelling/pen test results, converting findings into road mapped improvements and measurable risk reductions. Advise on security controls for hybrid and cloud platforms (AWS, Azure, Kubernetes, serverless More ❯

data pipelines. Participate in enterprise-wide architecture initiatives for AI/ML. Understand the workflow and pipeline architectures of ML and deep learning workloads. Conduct security risk assessments and threat modelling for AI/ML and other business projects performed thorough design reviews and security assessments of architectures and designs, identifying vulnerabilities, threats, and risks, and providing recommendations … common security vulnerabilities and threats specific to AI/ML, including adversarial attacks, prompt injection, data poisoning and the MITRE ATLAS framework. Hands on experience using security assessment and threat modelling tools and techniques to evaluate AI/ML systems and identify potential security weaknesses. Familiarity with current and emerging regulations and standards, such as the EU AI More ❯

lifecycle (SDLC) and ensure products are built securely Oversee vulnerability management and remediation efforts, including leading responses to pen test findings and security assessments Experience conducting risk assessments and threat modelling for software development and advise where necessary Experience in software security design review Strong knowledge of Agile, DevSecOps, System Engineer and or equivalent Knowledge of security standards More ❯

e.g., XSS, SSRF, CSRF, CORS, SQL Injection, broken authentication/authorization, encryption flaws). Provide expert guidance on secure coding practices, common vulnerability classes (e.g., OWASP Top 10), and threat modeling for modern web applications. Conduct security reviews of design and architecture documents; lead threat modeling exercises using frameworks such as STRIDE, PASTA, MITRE ATT&CK, and DREAD. … Build and refine detection and response capabilities using logs, alerts, and behavioral signals. Lead or support incident response activities, including log analysis, querying, forensic investigation, threat mitigation, and root cause analysis. Conduct internal security reviews, network scans, and targeted penetration tests of applications and infrastructure using common security tooling (e.g., Burp Suite, ZAP, Amass, Nmap). Assess and mitigate … Django, Node.js , React). Expert-level scripting and automation skills (e.g., Python, Bash, PowerShell) for workflow automation, tooling, and log analysis. Proficient in log analysis, SIEM usage/configuration, threat hunting, and querying tools to support detection and response. Familiarity with static and dynamic analysis techniques and vulnerability mitigation. Strong understanding of modern cloud platforms-especially AWS-and cloud More ❯

applications/projects from inception through delivery. Ensure security controls are effectively embedded throughout the SDLC. Maintain up-to-date InfoSec policies and technical security standards. Conduct vulnerability assessments, threat modelling, and architecture reviews. What You’ll Bring Strong ability to translate technical risk into clear, actionable business terms. Hands-on experience with secure DevOps pipelines and development … development in .NET, Java, Python, PowerShell, or Bash. Knowledge of tools like SIEM, SOAR, IDS, WAF, vulnerability management platforms. Experience with UI, API, microservices security patterns and cryptographic principles. Threat modelling and dynamic security testing skills. Background in business analysis or requirements engineering. More ❯

applications/projects from inception through delivery. Ensure security controls are effectively embedded throughout the SDLC. Maintain up-to-date InfoSec policies and technical security standards. Conduct vulnerability assessments, threat modelling, and architecture reviews. What You’ll Bring Strong ability to translate technical risk into clear, actionable business terms. Hands-on experience with secure DevOps pipelines and development … development in .NET, Java, Python, PowerShell, or Bash. Knowledge of tools like SIEM, SOAR, IDS, WAF, vulnerability management platforms. Experience with UI, API, microservices security patterns and cryptographic principles. Threat modelling and dynamic security testing skills. Background in business analysis or requirements engineering. More ❯