17 of 17 Threat Modelling Jobs in Yorkshire

commercial awareness, assessing supplier proposals and driving cost-effective security solutions Ability to integrate security with software innovation while ensuring adherence to organisational standards Expertise in security methodologies, including threat modelling and risk assessment Deep understanding of technology trends and industry standards in information security Proven track record of delivering security-focused assets, including incident reports, secure coding More ❯

the risk and control portfolio related to the services Cybersecurity Assessment and Testing (CSAT) provides to the Group. CSAT oversees Vulnerability Management, Application Security, Penetration Testing and Red Teaming, Threat Modelling and other related services You will be a leader within the GCIO Chief Control Office (GCIO CCO) Function that directly supports the Group CISO within HSBC. This … in this role you should have the following skills: Technical: One or more or the control capabilities in the domain (Vulnerability Management, Penetration Testing and Red Teaming, Application Security, Threat Modelling) Management of operational risk, non-financial risk and/or technology and information security risk Management of diverse risk types Identifying, defining and solving problems that have More ❯

the risk and control portfolio related to the services Cybersecurity Assessment and Testing (CSAT) provides to the Group. CSAT oversees Vulnerability Management, Application Security, Penetration Testing and Red Teaming, Threat Modelling and other related services You will be a leader within the GCIO Chief Control Office (GCIO CCO) Function that directly supports the Group CISO within HSBC. This … in this role you should have the following skills: Technical: One or more or the control capabilities in the domain (Vulnerability Management, Penetration Testing and Red Teaming, Application Security, Threat Modelling) Management of operational risk, non-financial risk and/or technology and information security risk Management of diverse risk types Identifying, defining and solving problems that have More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

stakeholders to embed security throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards across web, mobile, and cloud-native applications. Provide security guidance during product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application vulnerabilities through static/… code analysis and runtime protection. Qualifications: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modeling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools like SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. Strong understanding More ❯

stakeholders to embed security throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards across web, mobile, and cloud-native applications. Provide security guidance during product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application vulnerabilities through static/… code analysis and runtime protection. Qualifications: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modeling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools like SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. Strong understanding More ❯

Event Hub Practical experience with Infrastructure as Code tools like Terraform and Bicep Excellent communication skills and the ability to support and mentor junior colleagues Desirable Skills Experience with threat modelling Background working on globally distributed systems Exposure to financial services or highly regulated environments Who Should Apply: This role is suited to individuals seeking a challenging, high More ❯

stakeholders to embed security throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards across web, mobile, and cloud-native applications. Provide security guidance during product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the integration of DevSecOps practices into CI/CD pipelines. Identify and remediate application vulnerabilities through static/dynamic analysis … for code analysis and runtime protection. Requirements: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding practices. Familiarity with threat modeling methodologies like STRIDE and risk analysis. Hands-on experience with SAST/DAST/IAST tools such as Snyk, SonarQube, Burp Suite, Veracode, etc. Strong understanding of cloud More ❯

intersection of Salesforce development and security engineering . You'll play a critical role in enhancing the security posture of our Salesforce platform-contributing directly to secure code practices, threat modelling, and security testing across our CI/CD pipeline. This role is ideal for someone with engineering roots who has evolved into the security space and is … to assess and uplift Salesforce security maturity. Own and improve pipeline security including static code analysis (SAST), dynamic application security testing (DAST), dependency checks, and secure deployment patterns. Conduct threat modelling for Salesforce-based estates, identifying and mitigating risks early in the development lifecycle. Perform and refine security tests across APIs and applications within the Salesforce environment. Work … how engineering and security intersect. Strong grasp of secure coding practices and experience running DAST/SAST on Salesforce environments. Exposure to or working knowledge of DSOMM , OWASP, and threat modelling methodologies. Experience integrating security into CI/CD pipelines , especially in complex enterprise platforms. Ability to approach platform security from an engineering-first mindset , not just compliance. More ❯

solutions from design through to delivery. Develop reusable security patterns, architecture principles, and frameworks. Drive security architecture across digital programmes such as ITSM (ServiceNow) and back-office modernisation. Conduct threat modelling , risk analysis, and define security requirements for systems including remote access (VPNs) and secure OT-to-IT data exchange. Ensure compliance with industry standards such as ISO27001 More ❯

or equivalent. Bonus Points Red team, purple team, or adversary emulation experience. Programming/scripting skills (Python, PowerShell, Bash). Cloud pentesting experience (AWS, Azure, GCP). Familiarity with threat modeling or risk-based vulnerability assessments. Advanced certifications such as OSCE, OSEP, OSWE, CRTP, CREST CRT/CCT . Join us if you want to make a real impact More ❯