51 to 75 of 120 Threat Modelling Jobs in the UK

remediation tracking, and clear reporting aligned to regulatory expectations. Security Architecture & Change Enablement • Act as a security architect for projects and change initiatives. • Perform threat modelling where appropriate and define proportionate, practical controls across endpoints, cloud, identity, and data. Collaboration & Continuous Improvement • Partner with IT and Engineering teams ...

required. Bristol/Corsham access would be ideal. Key experience areas include: Security Architecture Secure by Design NCSC CAF/NIST/ISO27001 Threat modelling and risk assessment Cloud Security (AWS/Azure/GCP) Security assurance and accreditation activities Defence or wider Public Sector environments Strong stakeholder ...

with the highest security standards. Design and create secure Enterprise-Grade Architectures Across Cloud, Hybrid, and On-Prem Environments Conduct comprehensive risk assessments and threat modelling to proactively identify vulnerabilities and develop effective mitigation strategies Develop and maintain security policies and frameworks that adhere to industry standards such ...

identity management (e.g., Entra ID), and secure application development. Deliver clear cybersecurity advice to technical and non-technical stakeholders on Azure security best practices, threat protection, and compliance. Champion 'Secure by Design' across IT infrastructure, emphasizing Azure Defender, Sentinel, and application security controls. What were looking for Expertise … application security (e.g., OWASP, DevSecOps), and network segmentation. Strong knowledge of Azure-specific security tools (e.g., Azure Security Center, Key Vault, Policy, Private Link), threat modelling, secure SDLC, and assurance processes. Experience delivering "secure by design" in regulated sectors (e.g., finance, healthcare, critical infrastructure), including Azure compliance certifications ...

infrastructure security through Terraform-based infrastructure as code Automating security validation and policy enforcement using cloud-native tools and policy-as-code approaches Supporting threat modelling and secure design across engineering teams Managing vulnerability remediation workflows and ensuring issues are resolved within defined risk and compliance timelines Implementing … including IAM, networking and container security Experience integrating security controls into CI/CD pipelines (e.g. GitHub Actions) Practical exposure to vulnerability management and threat remediation processes Experience collaborating with SOC, cyber defence or enterprise security teams Understanding of modern application architectures and cloud-native systems Ability to adapt ...

change control procedures Experience designing or reviewing secure software supply chain and CI/CD security . Ability to interpret CVEs, CVSS scores, and threat intelligence feeds. Strong stakeholder engagement and communication skills with an ability to produce technical reports and articulate risk to non-specialists. Excellent written … technical security reports for assurance cycles Support compliance audit evidence packs (GovAssure/CAF, CE+, ISO 27001) Develop or update security standard documents (e.g. threat modelling, vulnerability mgmt) Support cyber input for IT, research or OT programmes Work with IT teams to co-author and test secure configuration ...

code reviews • Embed security into CI/CD pipelines and continuous delivery practices • Collaborate with engineering teams to ensure secure-by-design development • Lead threat modelling activities and articulate risks across systems and architectures • Guide adoption of security standards, frameworks, and compliance requirements • Mentor and develop junior engineers ...

Design Familiarity with: JSP440, JSP604/453, JSP490 Supplier Chain Assurance GDPR, PCI DSS, ICO ISO 27001, NIST CSF, CIS Controls v8 Skills in: Threat modelling (kill chain, attack trees, etc.) Cloud security (AWS, Azure), containerisation, firewalls Secure SDLC HLD/LLD review ITHC scoping and remediation Certifications ...

Design Familiarity with: JSP440, JSP604/453, JSP490 Supplier Chain Assurance GDPR, PCI DSS, ICO ISO 27001, NIST CSF, CIS Controls v8 Skills in: Threat modelling (kill chain, attack trees, etc.) Cloud security (AWS, Azure), containerisation, firewalls Secure SDLC HLD/LLD review ITHC scoping and remediation Certifications ...

Embed Secure by Design principles across system and solution delivery Conduct security design reviews and provide risk-based recommendations Support development of: Security architectures Threat models and risk assessments Security design documentation Ensure alignment with MOD and UK Government security standards Work with architects and delivery teams to integrate … Experience Proven experience implementing Secure by Design within MOD, Defence, or Government environments Strong background in security architecture and secure system design Experience conducting threat modelling and security risk assessments Knowledge of: NCSC Secure by Design guidance ISO 27001 or equivalent frameworks Secure SDLC methodologies Experience working within ...

security architecture for multiple ECUs, platforms, and vehicle programs, providing lifecycle support across concept, design, implementation, test, manufacturing, and production Own and sign off Threat Analysis and Risk Assessment (TARA) activities and associated cyber security work products for the domain Define cyber security architectures, concepts, and requirements covering: Platform … systems, and integration teams Support and review security verification, validation, and test activities, including penetration testing, vulnerability analysis, and remediation activities Lead and facilitate threat modelling and TARA workshops with engineering teams and Tier 1 suppliers Own and manage domain level vulnerability management, including risk triage and mitigation ...

business, regulatory and operational requirements Apply TOGAF, SABSA and ArchiMate across architecture artefacts and governance Design secure AWS, hybrid and cloud-native architectures Conduct threat modelling, risk assessments and security design reviews Define security patterns, standards and reference architectures Support assurance, governance, audit and secure-by-design delivery ...

Experience in these areas would be helpful: Previous experience in financial services or another regulated sector (FCA, PRA, etc.) Exposure to security architecture reviews, threat modelling, and risk assessments at pace Comfort working in a product-led agile delivery model during periods of significant business change Recognised professional ...

Experience in these areas would be helpful: Previous experience in financial services or another regulated sector (FCA, PRA, etc.) Exposure to security architecture reviews, threat modelling, and risk assessments at pace Comfort working in a product-led agile delivery model during periods of significant business change Recognised professional ...

deployment and tuning (Defender for Endpoint, CrowdStrike), Intune/Jamf device management, privileged access workstations, JIT/JEA models - API and application security: threat modelling (STRIDE/PASTA), OAuth 2.0/OIDC implementation review, secrets management (Key Vault, HashiCorp Vault), and secure SDLC integration - PKI, certificate lifecycle automation … automation and IaC: Python, PowerShell, Terraform, Bicep, or Sentinel analytics rules - you codify controls, you do not document them - MITRE ATT&CK coverage mapping; threat hunting, adversary emulation, and proactive gap analysis against realistic TTPs - Cloud infrastructure - Azure preferred, AWS considered; IAM, managed services, automated and auditable deployment pipelines ...

solution design. Key Responsibilities: Design and review security architectures for large-scale transformation programmes Provide security advisory across complex IT and digital initiatives Conduct threat modelling and identify risks across systems and solutions Advise on risk mitigation strategies and secure design patterns Support adoption of security frameworks ...

maintain security controls across network, identity, endpoint, application and data layers. Define and enforce IAM, network segmentation, encryption and key management strategies. Lead threat modelling, risk assessments and security design reviews. Infrastructure & Cloud Architect scalable, highly available infrastructure (compute, storage, networking) Lead cloud security and infrastructure architecture (Azure ...

Experienced in developing and managing Cyber Incident Response capabilities, including planning, implementation, and continuous improvement Proven experience designing and delivering Security Awareness programs, incorporating threat modelling, tabletop exercises, and war-gaming scenarios Desirable Skills & Experience Domain & Delivery Experience Experience working in both delivery and proposal environments Experience working ...

error-free ingestion. Use Case & Detection Content Development Design, implement, test, and tune detection use cases based on attacker techniques (MITRE ATT&CK), threat intelligence, and risk appetite. Build correlation rules, anomaly-based detections, dashboards, and alerting workflows. Regularly review detection efficacy and reduce false positives through tuning … understanding of log formats (JSON, syslog, XML, CEF, etc.) and ingestion technologies (Syslog, API, Event Hubs, Kafka, Agents). Practical knowledge of detection engineering, threat modelling, and attacker behaviour analysis. Experience building and tuning correlation rules, searches, and dashboards. Familiarity with SOAR platforms and automation workflows. Security Knowledge ...

error-free ingestion. Use Case & Detection Content Development Design, implement, test, and tune detection use cases based on attacker techniques (MITRE ATT&CK), threat intelligence, and risk appetite. Build correlation rules, anomaly-based detections, dashboards, and alerting workflows. Regularly review detection efficacy and reduce false positives through tuning … understanding of log formats (JSON, syslog, XML, CEF, etc.) and ingestion technologies (Syslog, API, Event Hubs, Kafka, Agents). Practical knowledge of detection engineering, threat modelling, and attacker behaviour analysis. Experience building and tuning correlation rules, searches, and dashboards. Familiarity with SOAR platforms and automation workflows. Security Knowledge ...

that will fundamentally change how their Application Security is Delivered within the SDLC. Early Phases of the Programme have already defined the Target Architecture, Threat Model & Prompt Engineering Strategy . The Next Stage is to Transform this Foundation into a Production - Grade Capability Used Daily by Engineering Teams , enabling … Agent Behaviours Policy Frameworks & Guardrails Tool Schemas & Execution Constraints Implement Protections Against: Prompt Injection Jailbreak Attempts Unsafe Tool Execution Ensure Alignment with Defined AASA Threat Model & Governance Standards Evaluation, Metrics & Assurance: Build & Maintain a Full Evaluation Framework , including: Golden Datasets & Regression Test Suites Precision/Recall Measurement for Vulnerability ...

driving the technical remediation follow-up. Cloud Security Guardrails : Provide hands-on security guidance for cloud platforms, specifically across Salesforce, Azure, and AWS. Threat Modelling : Act as the technical security authority within project streams, identifying threats early in the design phase. Required Technical Skills & Experience: Deep AppSec Background ...

Advising on secure design, risk, and compliance across complex IT estates Applying frameworks like ISO 27001, NIST, GDPR, PCI-DSS in real environments Running threat modelling and identifying architectural vulnerabilities Working closely with architects, engineers, and stakeholders to influence secure solutions Translating technical risk into clear business impact ...

logging, encryption, access control and network design Own security controls around package repositories, container images, third-party dependencies and base image standards Run threat modelling for new platform services, Kubernetes components and pipeline changes, converting findings into practical remediation work Partner with Security Operations to build detections ...

delivering an Information Security strategy in a way that balances risk reduction, business enablement and operational pragmatism Strong experience leading security risk assessments, threat modelling, incident management and remediation of security weaknesses in a structured, risk‐based way Significant experience managing external audits, customer assurance and recognised security ...