1 to 25 of 71 Threat Modelling Jobs in the UK excluding London

roadmap, backlog and design decisions. Work with colleagues across product, development, and networks & infrastructure to embed security across the product lifecycle. Carry out threat modelling, secure design reviews and technical risk assessments for new and existing product capabilities. Assign pragmatic risk levels and support sensible prioritisation of remediation … software-led environment. Good understanding of how product and development teams operate, including how security considerations are balanced alongside product delivery. Strong experience of threat modelling, secure design review, vulnerability assessment and remediation prioritisation. The judgement to assess exploitability and business impact pragmatically Practical experience applying security across ...

roadmap, backlog and design decisions. Work with colleagues across product, development, and networks & infrastructure to embed security across the product lifecycle. Carry out threat modelling, secure design reviews and technical risk assessments for new and existing product capabilities. Assign pragmatic risk levels and support sensible prioritisation of remediation … software-led environment. Good understanding of how product and development teams operate, including how security considerations are balanced alongside product delivery. Strong experience of threat modelling, secure design review, vulnerability assessment and remediation prioritisation. The judgement to assess exploitability and business impact pragmatically Practical experience applying security across ...

roadmap, backlog and design decisions. Work with colleagues across product, development, and networks & infrastructure to embed security across the product lifecycle. Carry out threat modelling, secure design reviews and technical risk assessments for new and existing product capabilities. Assign pragmatic risk levels and support sensible prioritisation of remediation … software-led environment. Good understanding of how product and development teams operate, including how security considerations are balanced alongside product delivery. Strong experience of threat modelling, secure design review, vulnerability assessment and remediation prioritisation. The judgement to assess exploitability and business impact pragmatically Practical experience applying security across ...

engineering teams to embed automated security testing and guardrails into development workflows. Define, implement, and maintain secure development standards, including secure coding guidelines, threat modelling practices, and minimum-security requirements for applications and APIs. Partner with engineering, platform, and product teams to embed secure-by-design principles into … development team, providing hands-on technical leadership across design, development, and operation. Perform deep-dive security activities for the team, including threat modelling, code-level reviews, and vulnerability triage/remediation support. Oversee and coordinate third-party application security reviews, ensuring consistent assessment standards and effective risk management ...

risks and benefits of competing Security design options. Comfortable working on multiple challenging projects simultaneously. Mandatory skills Experience require with security consultancy delivery (e.g. threat modelling, secure design, driving decisions) Experience with cloud-native platforms and modern architectures Developing a more security-led perspective, rather than primarily infrastructure … practical application Gaining further exposure to security standards and regulatory frameworks (e.g. PCI DSS, data protection) Strengthening end-to-end security design capability (e.g. threat modelling, control coverage) Providing clearer examples of individual contribution and ownership in security decisions Any experience of these would be really useful Awareness ...

primary security resource for development teams, providing technical advice on vulnerability fixes and secure coding practices (e.g., adherence to the OWASP Top 10). Threat Modelling: Conduct formal threat modelling exercises for new features and application architectures to proactively identify and mitigate design flaws. B. Systems ...

primary security resource for development teams, providing technical advice on vulnerability fixes and secure coding practices (e.g., adherence to the OWASP Top 10). Threat Modelling: Conduct formal threat modelling exercises for new features and application architectures to proactively identify and mitigate design flaws. B. Systems ...

architectures aligned to business and technical requirements. Collaborate with multidisciplinary teams to ensure security considerations are embedded across the entire delivery lifecycle. Conduct security threat modelling, risk assessments, and security architecture reviews for critical systems and services. Develop and maintain security reference architectures, standards, principles, and best practices. … Security Architect within Central Government, Defence, or highly regulated environments. Strong understanding of enterprise security architecture principles, methodologies, and frameworks. Hands-on experience performing threat modelling, security risk assessments, and secure solution assurance. Experience designing secure cloud and hybrid architectures using Microsoft Azure and/or AWS. Strong ...

architectures aligned to business and technical requirements. Collaborate with multidisciplinary teams to ensure security considerations are embedded across the entire delivery lifecycle. Conduct security threat modelling, risk assessments, and security architecture reviews for critical systems and services. Develop and maintain security reference architectures, standards, principles, and best practices. … Security Architect within Central Government, Defence, or highly regulated environments. Strong understanding of enterprise security architecture principles, methodologies, and frameworks. Hands-on experience performing threat modelling, security risk assessments, and secure solution assurance. Experience designing secure cloud and hybrid architectures using Microsoft Azure and/or AWS. Strong ...

standardise assessments across platforms. Conduct comprehensive platform security reviews (build systems, CI/CD pipelines, runtime infrastructure, developer tooling) against defined framework criteria. Perform threat modelling and gap analysis, identifying vulnerabilities and systemic risks impacting source code, artifacts, and workloads. Engineering Platform Security Enablement Establish standardised secure architecture … security controls. Strong knowledge and understanding of service mesh, cryptography, network security, application security, vulnerability management, and risk management. Demonstrable ability to conduct threat modelling, platform security assessments, and gap analysis. Experience building and implementing maturity models, frameworks, or roadmaps in complex enterprise environments. Strong stakeholder management skills ...

strong technical depth. Key Responsibilities: Define and implement secure architecture patterns across engineering platforms (CI/CD, build systems, runtime environments) Conduct security assessments, threat modelling, and gap analysis across platforms and pipelines Develop and embed DevSecOps best practices, including secure pipeline design and automated controls Establish …/CD pipelines, build tools, artifact repositories, and developer platforms Expertise in secure software delivery, vulnerability management, and platform security Experience with threat modelling, security frameworks, and maturity assessments Strong knowledge of application security, network security, and cloud security principles Excellent stakeholder management and communication skills Desirable: Experience ...

cloud infrastructures. Contribute to blogs and research within the business community. Experience Required The successful candidate will possess proven experience in cybersecurity, security architecture, threat modelling, or related fields within Public Sector and MOD and will have achieved or be working towards Full Membership of CIISEC … NPSA and NCSC security policies, standards and guidance. Have experience building and implementing secure by design principals within the software development lifecycle (SDLC). Threat Modelling - Kill Chain - Attack tree analysis. Working understanding of: Cloud security including Azure, Amazon Web Service, Key Management Systems, Containerisation, Network Security Groups ...

capabilities (eg SAST, DAST, SCA, container and cloud security tooling) Define and implement secure engineering standards, including secure coding, infrastructure-as-code security, and threat modelling practices Partner with Vulnerability Management and broader security teams to ensure effective identification, prioritisation, and remediation of risks in line with agreed … DevSecOps environments Experience embedding security into CI/CD pipelines (eg using AWS, Azure, or GitHub-based workflows) Strong knowledge of secure development practices, threat modelling, and vulnerability management Solid understanding of modern software engineering practices and cloud-native architectures Why Join? Be part of a long-term ...

capabilities (eg SAST, DAST, SCA, container and cloud security tooling) Define and implement secure engineering standards, including secure coding, infrastructure-as-code security, and threat modelling practices Partner with Vulnerability Management and broader security teams to ensure effective identification, prioritisation, and remediation of risks in line with agreed … DevSecOps environments Experience embedding security into CI/CD pipelines (eg using AWS, Azure, or GitHub-based workflows) Strong knowledge of secure development practices, threat modelling, and vulnerability management Solid understanding of modern software engineering practices and cloud-native architectures Why Join? Be part of a long-term ...

cloud infrastructures. Contribute to blogs and research within the Cyberfort community. Experience Required The successful candidate will possess proven experience in cybersecurity, security architecture, threat modelling, or related fields within Public Sector and MOD and will have achieved or be working towards Full Membership of CIISEC … NPSA and NCSC security policies, standards and guidance. Have experience building and implementing secure by design principals within the software development lifecycle (SDLC). Threat Modelling – Kill Chain – Attack tree analysis. Certifications: AWS/Azure Security Professional, CCSP, CISSP, CISM, CIISEC, UK Cyber Security Council registration (Chartered ...

candidate will report to the Head of Cyber Security and will lead the Security Engineering function, which covers Identity and Access Management, Cloud Security, Threat Modelling, and Application Security. This is a senior role that will shape Icelands security architecture and ensure that security is embedded … principles and technologies. Experience of working within a predominantly Microsoft environment. Expertise in cloud security (Microsoft Azure; AWS experience desirable). Ability to perform threat modelling and provide secure design guidance for projects and applications. Excellent communication and stakeholder engagement skills. Ability to influence and embed security practices ...

highly regulated defence environment. Key responsibilities: • Deliver Secure by Design and cyber security activities across the engineering lifecycle • Conduct cyber security risk assessments and threat modelling activities • Support development of security artefacts including RMADS, SyOPs, risk registers and security management documentation • Participate in Security Working Groups and stakeholder … experience required: • Experience working within defence, aerospace, aviation or highly regulated environments • Strong understanding of Secure by Design principles • Experience with security risk assessments, threat modelling and security assurance • Experience supporting security activities across the engineering lifecycle • Knowledge of MOD and industry security standards/frameworks such ...

security delivery across the engineering lifecycle Translate customer requirements into actionable security management plans and deliverables Conduct cyber and information security risk assessments and threat analysis Manage and escalate technical and delivery risks Support Security Working Groups and customer security workstreams Work closely with engineers, architects and developers … Experience with Def Stan 05-138/05-139 and aviation security standards including RTCA DO-326A/B Proven experience in threat modelling, vulnerability analysis and security risk assessment Ability to work independently and communicate effectively with customers and stakeholders Qualifications Degree in Cyber Security, Systems Engineering ...

part of a bigger team, working with a group of a Senior Security Architects and Digital Engineering stakeholders to produce security architecture artifacts, threat modelling, design assurance, and reusable patterns that strengthen the programme’s security posture. Key Responsibilities: You will lead and deliver core security architecture outputs … including: Digital Engineering Security Artifacts and Engagement Report Security Requirements Specification Security Principles Framework Infrastructure Mapping Document & Security Architecture Design Pack Threat Modelling Report Reusable Security Pattern Library Knowledge Transfer Pack (training materials, handover content, recorded walkthroughs) We are looking for someone with: Extensive Security Architecture/Security ...

embed security into lifecycle governance Define and implement a modern DevSecOps tooling strategy (CI/CD, SAST/DAST, SCM, automation) Drive secure coding, threat modelling, and supply chain security practices (SBOM, provenance, signing) Develop KPIs, metrics, and maturity models to track and continuously improve SDLC performance Build … NIST SSDF, OWASP SAMM/ASVS, ISO 27034) Strong understanding of modern engineering practices (Agile, CI/CD, cloud, automation) Expertise in application security, threat modelling, and secure coding standards Experience implementing tooling ecosystems (e.g. SAST, DAST, SCA, pipeline automation) A track record of influencing senior stakeholders ...

quickly. Own the code review culture and provide constructive, educational feedback that raises the bar for everyone. Embed secure coding practices across the team: threat modelling, security testing, and dependency management. Build observability into your systems from the start, covering instrumentation, logging, monitoring, and alerting, so that your … cloud infrastructure. Practical knowledge of cloud platforms (Azure/AWS) and containers (Docker/Kubernetes). Strong security fundamentals across OWASP, secure coding, threat modelling, and security testing. Proven ability to design scalable, maintainable architectures and evolve complex legacy systems. AI-Native Engineering Practice Demonstrable experience using ...

translate complex security risks into clear architectural decisions. A key aspect of the role is the ability to challenge existing designs, conduct architecture assurance, threat modelling, and risk analysis, and provide clear, practical security guidance that can be implemented by engineering teams. The position involves working in highly … methodical approach to problem solving, and the ability to consistently challenge assumptions by asking the right questions (“why” driven mindset). Strong experience in threat modelling, risk assessment, and security architecture assurance is expected, along with the ability to communicate effectively with both technical teams and senior stakeholders. ...

Threat & Adversarial AI Expert 6 Months Contract + Extension London Based 2 days in the office £500 to £600 a day Inside IR35 A pioneering financial institution is seeking an experienced Threat & Adversarial AI Expert to join their cybersecurity team. You will act as the primary architect … safety for the firm's generative AI ecosystem, ensuring agentic capabilities remain resilient against an evolving global threat landscape. As a Threat AI Expert, you will lead the organisation's Generative AI security strategy. Key responsibilities include: Advanced Threat Modelling: Leading structured sessions using STRIDE ...

IR35 Active SC Clearance Required Core Responsibilities Design and maintain secure architecture frameworks for enterprise systems across cloud, on-premises, and hybrid environments Conduct threat modelling, risk assessments, and security gap analyses across infrastructure and application layers Define and enforce security standards, reference architectures, and policy controls aligned ...

THROUGH UMBRELLA Role Description: "Core Responsibilities: Develop and maintain secure architecture frameworks for enterprise-grade systems, including cloud, on-premises, and hybrid environments Conduct threat modelling, risk assessments, and security gap analyses across infrastructure and application layers Define security standards, reference architectures, and policy controls based on industry … ensure secure software development lifecycles (SSDLC) Lead strategic initiatives in incident response planning, detection and mitigation strategies, and digital forensics Monitor advancements in threat intelligence and regulatory requirements, advising stakeholders on appropriate countermeasures Produce and maintain architectural documentation, ensuring traceability of security controls and compliance obligations Experience: Demonstrated experience ...