1 to 25 of 48 Threat Modelling Jobs in the North West

the organization's systems, data, and infrastructure from threats and attacks. Key Responsibilities: Design and implement enterprise security architecture across systems, applications, networks, and cloud platforms. Conduct security assessments, threat modeling, and risk analysis for new and existing systems. Develop and maintain security policies, standards, and best practices aligned with industry frameworks (e.g., NIST, ISO 27001, CIS Controls). More ❯

delivery of critical systems that protect citizens and national interests. Working with the Principal Security Architect, you will own security architecture for a major portfolio, translate business goals and threat intelligence into practical controls, and mentor SEO level architects to raise capability across multiple programmes. You will engage senior stakeholders, balance risk against usability and cost, and shape patterns … user centred delivery. You will analyse emerging threats, advise on proportional mitigations, and produce or tailor reference patterns covering identity, network segmentation, container security, data protection, and monitoring. By modelling risks with frameworks such as ISO 27005, NIST, or STRIDE, you will justify design choices to technical and non technical audiences and document them for re use. What You … Security Architect strategy, translating them into reusable templates and guardrails. Lead architecture reviews for high risk projects, providing actionable recommendations and tracking remediation through to closure. Perform and interpret threat modelling/pen test results, converting findings into road mapped improvements and measurable risk reductions. Advise on security controls for hybrid and cloud platforms (AWS, Azure, Kubernetes, serverless More ❯

Security at Heywood, your role will be to develop, shape and update the Company’s information security capability, ensuring our hybrid cloud environment remains secure against an ever-changing threat landscape. Key responsibilities include: Information security strategy Continue to develop the Information Security Strategy, ensuring alignment to the Company’s IT strategy and business goals and create the required … Information Security Management System (“ISMS”) Responsible for the Company’s information security capabilities, including the technical training and awareness of colleagues, ensuring it remains prepared against an ever-changing threat landscape Work with the other department heads to develop a security community and security conscious culture. Operational input Contribute to design and architectural decisions and improve the approach to … the Company’s threat modelling Lead on information security incidents and work directly with internal teams and external parties on containment and mitigation activities, as well as preparing for incidents by running threat simulations, tabletop and red team exercises Assess emerging and potential security threats using the Cyber Risk Management Framework and act proactively to mitigate relevant More ❯

Security at Heywood, your role will be to develop, shape and update the Company’s information security capability, ensuring our hybrid cloud environment remains secure against an ever-changing threat landscape. Key responsibilities include: Information security strategy Continue to develop the Information Security Strategy, ensuring alignment to the Company’s IT strategy and business goals and create the required … Information Security Management System (“ISMS”) Responsible for the Company’s information security capabilities, including the technical training and awareness of colleagues, ensuring it remains prepared against an ever-changing threat landscape Work with the other department heads to develop a security community and security conscious culture. Operational input Contribute to design and architectural decisions and improve the approach to … the Company’s threat modelling Lead on information security incidents and work directly with internal teams and external parties on containment and mitigation activities, as well as preparing for incidents by running threat simulations, tabletop and red team exercises Assess emerging and potential security threats using the Cyber Risk Management Framework and act proactively to mitigate relevant More ❯

Join to apply for the Threat Hunter role at NCC Group 1 day ago Be among the first 25 applicants Join to apply for the Threat Hunter role at NCC Group Direct message the job poster from NCC Group Threat Hunter We are seeking a highly capable and hands-on Threat Hunter to design and lead … a professional threat hunting capability focused on identifying sophisticated adversaries through hypothesis-driven analysis and automation. You will be responsible for proactively detecting and analysing advanced threats across the customers environment. Ensuring our threat models and threat hunts are tightly aligned to industry risks to the customer. This is a high-impact role with significant autonomy. You … ll need to think critically, and hunt methodically. As a Threat Hunter, you will actively search for cyber threats that evade traditional security solutions. Your role will involve conducting in-depth analysis, identifying indicators of compromise (IOCs), and working cross-functionally with the Security Operations Centre Analysts, Detection Engineers, Privacy Team and Engineering Team to mitigate risks. Summary Threat More ❯

architectures for cloud-native apps across AWS, Azure, or GCP Integrate security into CI/CD pipelines and IaC tools Apply advanced container security and runtime protection strategies Lead threat modeling, risk assessment, and identity governance in the cloud Develop reusable security patterns aligned with CIS, NIST, ISO 27001 standards Successful Candidate Will Need: Hands-on CNAPP experience (CSPM More ❯

company’s information security strategy and operations. You’ll play a key role in ensuring the organisation’s hybrid cloud environment is secure, compliant, and resilient against an evolving threat landscape. Key Responsibilities Strategic Leadership Develop and maintain the Information Security Strategy aligned with IT and wider business goals Build and implement policies, procedures, and board-level metrics to … organisation’s Cyber Risk Management Framework Drive a security-aware culture across departments through training, communication, and engagement Operational Security Oversight Support architectural decisions and strengthen the company’s threat modelling approach Lead incident response efforts and run simulations, red team exercises, and readiness activities Conduct proactive assessments of emerging threats and implement mitigation strategies Oversee vulnerability management More ❯

support the assurance lifecycle and manage stakeholder expectations. Support the preparation for and participation in technical reviews, audits, and risk acceptance activities. Contribute to delivering security risk management processes, threat modelling sessions, and security design assessments. Provide subject matter expertise on assurance requirements for secure communications, supply chain security, platform integration, and physical security interfaces. Maintain accurate, high … the engineering lifecycle, ensuring traceability and alignment with delivery controls. Strong stakeholder engagement and communication skills, with experience working across technical, programme, and accreditation teams. Capable of contributing to threat modelling, risk assessments, and technical reviews with clear, structured input. Confident working independently in complex, multi-stakeholder environments while managing priorities and deadlines effectively. High attention to detail More ❯

company’s information security strategy and operations. You’ll play a key role in ensuring the organisation’s hybrid cloud environment is secure, compliant, and resilient against an evolving threat landscape. Key Responsibilities Strategic Leadership Develop and maintain the Information Security Strategy aligned with IT and wider business goals Build and implement policies, procedures, and board-level metrics to … organisation’s Cyber Risk Management Framework Drive a security-aware culture across departments through training, communication, and engagement Operational Security Oversight Support architectural decisions and strengthen the company’s threat modelling approach Lead incident response efforts and run simulations, red team exercises, and readiness activities Conduct proactive assessments of emerging threats and implement mitigation strategies Oversee vulnerability management More ❯

I am hiring a Lead DevSecOps Consultant on behalf of an exciting consultancy specialising in specialising in cyber security solutions. Their expertise includes risk and threat assessments, ensuring robust security measures for existing and new technologies. They promote a security-focused mindset within DevOps teams, coordinate penetration testing, and document security risks. They foster effective teamwork and manage client … Guide your team in creating forward-thinking approaches to security for various projects, integrating cutting-edge technologies to establish resilient and efficient practices. Proactive Risk Management -Perform assessments and modelling to identify potential threats and implement tailored safeguards for projects and clients. Collaborative Engagement and Leadership - Enhance security awareness and help to develop both the technical and soft skills … Essential: Minimum of 3 years experience in team leadership within cyber security Minimum 5 years experience in DevSecOps or a similar technically focused role Strong leadership skills Expertise in Threat Modelling Strong knowledge of Cloud and Infrastructure Security Experience with compliance of Frameworks and Standards such as ISO 27001, NIST, GDPR etc. Solution oriented mindset Strong interpersonal skills More ❯

I am hiring a Lead DevSecOps Consultant on behalf of an exciting consultancy specialising in specialising in cyber security solutions. Their expertise includes risk and threat assessments, ensuring robust security measures for existing and new technologies. They promote a security-focused mindset within DevOps teams, coordinate penetration testing, and document security risks. They foster effective teamwork and manage client … Guide your team in creating forward-thinking approaches to security for various projects, integrating cutting-edge technologies to establish resilient and efficient practices. Proactive Risk Management -Perform assessments and modelling to identify potential threats and implement tailored safeguards for projects and clients. Collaborative Engagement and Leadership - Enhance security awareness and help to develop both the technical and soft skills … Essential: Minimum of 3 years experience in team leadership within cyber security Minimum 5 years experience in DevSecOps or a similar technically focused role Strong leadership skills Expertise in Threat Modelling Strong knowledge of Cloud and Infrastructure Security Experience with compliance of Frameworks and Standards such as ISO 27001, NIST, GDPR etc. Solution oriented mindset Strong interpersonal skills More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … code analysis and runtime protection. Qualifications: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

company’s information security strategy and operations. You’ll play a key role in ensuring the organisation’s hybrid cloud environment is secure, compliant, and resilient against an evolving threat landscape. Key Responsibilities Strategic Leadership Develop and maintain the Information Security Strategy aligned with IT and wider business goals Build and implement policies, procedures, and board-level metrics to … organisation’s Cyber Risk Management Framework Drive a security-aware culture across departments through training, communication, and engagement Operational Security Oversight Support architectural decisions and strengthen the company’s threat modelling approach Lead incident response efforts and run simulations, red team exercises, and readiness activities Conduct proactive assessments of emerging threats and implement mitigation strategies Oversee vulnerability management More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

stakeholders to embed security throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards across web, mobile, and cloud-native applications. Provide security guidance during product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application vulnerabilities via static/… for code analysis and runtime protection. Qualifications: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding practices. Familiarity with threat modeling methodologies such as STRIDE and risk analysis. Experience with tools like SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. Strong understanding of cloud platforms More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … code analysis and runtime protection. Qualifications: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modeling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. Strong More ❯

embed security throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modeling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. Strong More ❯

and public cloud data centers. What you'll Need to Succeed: Strong foundations in software engineering. Minimum of 7 years of technical experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security. Minimum 2 years experience with Software Development Life Cycle in one or more … cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity with automated dynamic scanners, fuzzers, and proxy tools. An analytical mind for problem solving More ❯

and public cloud data centers. What you'll Need to Succeed: Strong foundations in software engineering. Minimum of 7 years of technical experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security. Minimum 2 years experience with Software Development Life Cycle in one or more … cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity with automated dynamic scanners, fuzzers, and proxy tools. An analytical mind for problem solving More ❯

engineering partners with cutting-edge tools, techniques, and methodologies to naturally build secure products. What you'll Need to Succeed/Role Requirements: Strong foundations in secure design reviews, threat modeling experience, code reviews, pen-testing Minimum of 3 years of technical experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication … of security principles, compliance regulations, and change management. Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Proven expertise in architectural threat modeling and conducting secure design reviews. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10 or SANS top 25). Familiarity with automated dynamic scanners, fuzzers More ❯