1 to 25 of 142 Threat Modelling Jobs in the UK

Architect) to support public sector digital and technology programmes by embedding security early in project lifecycles. The role focuses on defining security requirements, conducting threat modelling, and advising delivery teams on proportionate, technically sound security controls. You will work closely with technical design and delivery teams, operating independently … prem, and application environments. Key Responsibilities Draft and define security requirements aligned to the Cyber Assessment Framework (CAF) Facilitate and participate in group threat-modelling sessions with technical delivery teams Produce clear threat statements as outputs of threat-modelling activities Undertake independent research to: Identify ...

resilient to evolving cyber and information threats. Key Responsibilities Identify, interpret, and integrate security requirements throughout the product and system development lifecycle . Lead threat modelling and risk assessments , applying recognised frameworks such as ISO/IEC 27001, NIST 800-30/53, and ISO 31000. … configure industry-standard threat-modelling tools (e.g., STRIDE-based tools, attack-tree tooling). Provide expert advice on secure architectures, ensuring risks are understood, prioritised, and mitigated. Ensure compliance with MOD and HMG standards, including JSPs, Def Stan 05-138/05-139 , and ISN 23/ ...

early. You'll work closely with Software Development teams to ensure application-based vulnerabilities are understood, prioritised, and remediated effectively. You'll contribute to threat modelling, penetration testing, secure design reviews, and the continuous improvement of security testing methodologies. The role also plays a key part in enhancing … SECURITY SPECIALIST ESSENTIAL SKILLS: * Hands-on experience with static and dynamic application security testing tools * Strong understanding of OWASP principles and their use within threat modelling * Experience conducting and reporting on web application penetration testing * Knowledge of software development practices and common programming languages * Working knowledge ...

practices throughout the software development lifecycle, with a strong emphasis on 'shift-left' principles to embed security early in the process. You will facilitate threat modelling workshops to help product teams identify, assess, and mitigate potential threats. You will also collaborate closely with other functions within the CISO … Cloud serverless transformation projects. You will have the ability to work with infrastructure as code and understand complex architectures. You will Lead/facilitate threat modelling workshops with SMEs. Engage with key stakeholders to identify threats and recommend countermeasures. Participate in architectural reviews of Product cloud implementations against ...

Join Police Digital Service as NMC Senior Cyber Threat Hunter Read all the information about this opportunity carefully, then use the application button below to send your CV and application. - Hybrid/Wigan - starting salary £65,000pa About Police Digital Service and NMC At PDS, we empower UK policing … value for money. The National Management Centre (NMC) is a core part of Police Digital Service (PDS), providing 24/7/365 cyber threat detection, response, and risk management capabilities across UK policing. We help forces proactively understand and mitigate cyber risks at both national and local levels. ...

SAST, DAST, SCA) and work with developers to remediate findings. Support cloud security controls (primarily Azure, including cloud-native apps). Champion secure development, threat modelling, and DevSecOps integration. Research emerging threats and recommend proactive mitigations. Provide mentoring, training, and security awareness support to internal teams. Essential Skills … risk-based security. Relevant certifications such as CISSP, CompTIA Security+, GIAC, or equivalent. Excellent documentation, communication, and stakeholder collaboration skills. Desirable Background in threat modelling or secure software design. Knowledge of ISO27001, Cyber Essentials Plus, or cloud security certifications. Experience in large-scale or regulated environments. What ...

cloud infrastructures. Contribute to blogs and research within the business community. Experience Required The successful candidate will possess proven experience in cybersecurity, security architecture, threat modelling, or related fields within Public Sector and MOD and will have achieved or be working towards Full Membership of CIISEC … NPSA and NCSC security policies, standards and guidance. Have experience building and implementing secure by design principals within the software development lifecycle (SDLC). Threat Modelling - Kill Chain - Attack tree analysis. Working understanding of: Cloud security including Azure, Amazon Web Service, Key Management Systems, Containerisation, Network Security Groups ...

. Youll dissect designs, model attack paths, and show engineering teams what good really looks like. Depending on the engagement, you might run a threat model, assess CI/CD pipelines, learn a vendor DSL for a PoC, or build internal tooling. We dont expect you to know everything … just to be curious, practical, and willing to dive in. What Youll Do Threat Modelling & Architecture Reviews: Break down AWS services, map trust boundaries, build attack trees, and define security requirements before code ships. Security Automation: Build IaC-driven checks, Lambda/Step Function tooling, CI/ ...

implementing security architectures across enterprise IT and operational technology systems Collaborating with technical teams to integrate security into solution design and delivery Conducting threat modelling to identify vulnerabilities and define security requirements Managing security requirements throughout the system delivery and operational lifecycle Providing specialist security advice on: Risk … based and threat-based mitigation strategies Security frameworks such as NIST, ISO, CIS Authentication, authorisation, and protective monitoring best practices Developing strong working relationships with stakeholders, peers and teams Communicating complex technical concepts clearly to non-technical audiences Preparing written guidance, reports, and delivering impactful presentations Applying critical thinking ...

lead in the build-out of their cloud-native Infrastructure capability. Highly technical position where you will be responsible for not just assessing and threat modelling novel concepts and services to introduce across Security and the wider Tech functions; but leading in the actual design, configuration and implementation. … most ambitious Tech Transformations for one of the most renowned Quant Finance firms in the UK. Responsibilities Perform hands-on security threat modelling, risk assessment and vulnerability remediation. Evaluate, architect, implement and support security focused tools and services. Work closely with Development teams to ensure security and privacy ...

build-out of their cloud-native Infrastructure capability . Highly technical position where you will be responsible for not just assessing and threat modelling novel concepts and services to introduce across Security and the wider Tech functions; but leading in the actual design, configuration and implementation. Previous experience … most ambitious Tech Transformations for one of the most renowned Quant Finance firms in the UK. Responsibilities Perform hands-on security threat modelling, risk assessment and vulnerability remediation. Evaluate, architect, implement and support security focused tools and services. Work closely with Development teams to ensure security and privacy ...

testing frameworks The AI Security Engineer is responsible for securing AI platforms and systems against adversarial threats. The role focuses on technical security controls, threat modelling, red teaming, and continuous monitoring of AI systems. Focus of the role Design and implement security controls for AI and LLM systems … Perform AI-specific threat modelling and risk analysis Lead red team and blue team testing of AI platforms Conduct prompt injection and adversarial testing Knowledge & Experience Strong background in security engineering and cloud security Hands-on experience with AI red teaming and adversarial testing Familiarity with AI security ...

testing frameworks The AI Security Engineer is responsible for securing AI platforms and systems against adversarial threats. The role focuses on technical security controls, threat modelling, red teaming, and continuous monitoring of AI systems. Focus of the role Design and implement security controls for AI and LLM systems … Perform AI-specific threat modelling and risk analysis Lead red team and blue team testing of AI platforms Conduct prompt injection and adversarial testing Knowledge & Experience Strong background in security engineering and cloud security Hands-on experience with AI red teaming and adversarial testing Familiarity with AI security ...

cryptography) Solid understanding of IAM concepts (RBAC, ABAC, PAM, SSO) Strong analytical skills with the ability to interpret complex technical information Good understanding of threat modelling and threat intelligence methodologies (OWASP, STRIDE, MITRE) For more details, please reach out to . Reasonable Adjustments: Respect and equality ...

IaaS, PaaS, SaaS, CASB, Zero Trust and micro-segmentation. Demonstrate a strong understanding of IAM including RBAC, ABAC, PAM, provisioning, compliance and SSO. Apply threat-modelling approaches including OWASP, PASTA, STRIDE, MITRE ATT&CK, threat intelligence and threat hunting. Desirable Experience Design and assure secure network … architectures and enterprise security solutions. Designing or assuring SOC operations, including monitoring and response. Overseeing penetration testing, vulnerability assessments and remediation lifecycle. Integrating threat intelligence into operations and strategic planning. Essential QualificationsCertified Information Security Manager (CISM)Certified Information Systems Security Professional (CISSP)Security ClearanceSecurity Check (SC) Clearance is required. ...

IaaS, PaaS, SaaS, CASB, Zero Trust and micro-segmentation. Demonstrate a strong understanding of IAM including RBAC, ABAC, PAM, provisioning, compliance and SSO. Apply threat-modelling approaches including OWASP, PASTA, STRIDE, MITRE ATT&CK, threat intelligence and threat hunting. Desirable Experience Design and assure secure network … architectures and enterprise security solutions. Designing or assuring SOC operations, including monitoring and response. Overseeing penetration testing, vulnerability assessments and remediation lifecycle. Integrating threat intelligence into operations and strategic planning. Essential QualificationsCertified Information Security Manager (CISM)Certified Information Systems Security Professional (CISSP)Security ClearanceSecurity Check (SC) Clearance is required. ...

client audit requests as they relate to AI use at the firm. Perform detailed security analysis of application architectures to provide assurance. Understand threat modelling and participate in major incidents responses with IAM and AI components. Review and approve the IAM components of solution designs. Collaborate with cloud ...

align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearmans strategy to lead where global complexity creates opportunity. In addition, you will have the opportunity to share … adherence to the change management process when implementing IAM relevant changes to architecture. Perform detailed analysis of application architectures to provide IAM assurance. Understand threat modelling and participate in major incidents responses with IAM components. Review and approve the IAM components of solution designs. Collaborate with cloud infrastructure ...

emerging threats and technologies, champion initiatives like Zero Trust and intelligence-led security, and continuously improve security posture. Hands-On Expertise: Conduct risk assessments, threat modelling, and gap analyses. Support incident management and security assurance activities. What We’re Looking For Proven experience as a Cyber Security Architect ...

cloud deployments (private/public). Design and scope IT Health Checks and interpret outcomes. Identify and mitigate security risks in solution architectures. Conduct threat modelling and risk analysis. Design proportional security controls using native cloud technologies. Produce security architecture artefacts including standards and blueprints. What ...

cloud deployments (private/public). Design and scope IT Health Checks and interpret outcomes. Identify and mitigate security risks in solution architectures. Conduct threat modelling and risk analysis. Design proportional security controls using native cloud technologies. Produce security architecture artefacts including standards and blueprints. What ...

/CD and DevSecOps pipelines Secure containerised and Kubernetes-based environments Implement Infrastructure as Code and Policy as Code (Terraform, CloudFormation) Conduct cloud threat modelling, risk assessments and design reviews Ensure compliance with CIS, NIST, GDPR, PCI-DSS and ISO standards Collaborate with engineering, DevOps and security stakeholders ...

Architect with enterprise architecture experience. Hands-on experience securing Azure environments (identity, network, platform, data security). Strong background in application security, secure SDLC, threat modelling, and real-world OWASP Top 10 mitigation. Confident presenting to CIOs, senior leadership, and clients, translating technical topics into business risk language. ...

Review ITHC outcomes, providing clear guidance and actionable remediation plans. Identify and assess security risks in proposed architectures, recommending mitigations and alternative solutions. Perform threat modelling, risk assessment, and security analysis for systems, applications, and infrastructure. Design proportionate security controls aligned to risk appetite, leveraging native cloud capabilities. ...

whether in the office or on the front line, plays a key part in this mission. Here’s how you will contribute... Perform a threat modelling exercise of all projects and provide mitigating cyber security requirements to help ensure the secure delivery of compliant systems, applications and business ...