23 of 23 Threat Modelling Jobs in the South West

systems. The Security Architect will draw upon Enterprise Security Architecture or Security Solutions Architecture to: - Identify business objectives, user needs, risk appetite and cyber security obligations - Identify vulnerabilities, perform threat modelling, undertake risk assessment, evaluate the effectiveness of security controls - Verify and evidence alignment to 'Secure by Design' principles, corporate security policy/standards as well as industry … Contribute to a reference architecture of established patterns, principles and guidelines Research emerging technologies, new products and be able to position these in a coherent manner against the developing threat landscape and client risk appetite Ability to distil complex information and concepts into key discussion points that identifies a path to resolution rather than only the identification of challenges … native security capabilities and good practice within Cloud platforms (AWS and/or Microsoft Azure) In-depth knowledge of modern security concepts, common attack vectors, malware, security analytics and threat intelligence. A good understanding of security testing and vulnerability management is important (including pen testing/ITHC, CVSS/CVE) Experience working with security standards such as ISO More ❯

also contribute to security compliance and best practices, ensuring products meet regulatory and industry standards. Key Responsibilities: Identify security requirements and integrate controls into product development. Conduct risk assessments, threat modeling, and vulnerability analysis. Develop and implement risk management strategies using security frameworks. Collaborate with development teams to ensure security best practices and secure-by-design principles. Identify and …/53, OWASP) . Experience with risk management methodologies and compliance with MOD and HMG security standards (JSP, Def Stan 05-138/139). Proficiency in security threat modeling and risk assessments. Knowledge of secure development practices, penetration testing, and vulnerability assessments. Ability to communicate security risks and strategies to technical and non-technical stakeholders. Experience in incident More ❯

also contribute to security compliance and best practices, ensuring products meet regulatory and industry standards. Key Responsibilities: Identify security requirements and integrate controls into product development. Conduct risk assessments, threat modeling, and vulnerability analysis. Develop and implement risk management strategies using security frameworks. Collaborate with development teams to ensure security best practices and secure-by-design principles. Identify and …/53, OWASP) . Experience with risk management methodologies and compliance with MOD and HMG security standards (JSP, Def Stan 05-138/139). Proficiency in security threat modeling and risk assessments. Knowledge of secure development practices, penetration testing, and vulnerability assessments. Ability to communicate security risks and strategies to technical and non-technical stakeholders. Experience in incident More ❯

Certified Cloud Security Professional CISM or SSCP – Highly desirable Bonus Skills & Knowledge Awareness of compliance and risk frameworks such as ISO 27001, NIST, and CIS Benchmarks. Ability to support threat modelling, cloud risk assessment, and incident response planning. Exposure to Infrastructure-as-Code (IaC) security using tools like Terraform, ARM templates, or Bicep. Skilled in translating technical risks More ❯

a strong working knowledge of Defence Standards DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1 . If you're an experienced professional with strong capabilities in threat modelling , risk assessment , and secure systems architecture , we want to hear from you. Role Responsibilities: Integrate security controls throughout the product development lifecycle Conduct detailed threat modelling … NIST frameworks (including NIST 800-30, NIST 800-53) - non-negotiable Working knowledge of DefStan 05-138 (Issue 3) and DefStan 05-139 (Issue 1) is essential Proficiency in threat modelling methodologies and tools (e.g., STRIDE, DREAD, Attack Trees) Familiarity with other standards such as ISO/IEC 27001, ISO 27005, OWASP, and MOD ISN 23/ More ❯

a strong working knowledge of Defence Standards DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1 . If you're an experienced professional with strong capabilities in threat modelling , risk assessment , and secure systems architecture , we want to hear from you. Role Responsibilities: Integrate security controls throughout the product development lifecycle Conduct detailed threat modelling … NIST frameworks (including NIST 800-30, NIST 800-53) - non-negotiable Working knowledge of DefStan 05-138 (Issue 3) and DefStan 05-139 (Issue 1) is essential Proficiency in threat modelling methodologies and tools (e.g., STRIDE, DREAD, Attack Trees) Familiarity with other standards such as ISO/IEC 27001, ISO 27005, OWASP, and MOD ISN 23/ More ❯

a strong working knowledge of Defence Standards DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1 . If you're an experienced professional with strong capabilities in threat modelling , risk assessment , and secure systems architecture , we want to hear from you. Role Responsibilities: Integrate security controls throughout the product development lifecycle Conduct detailed threat modelling … NIST frameworks (including NIST 800-30, NIST 800-53) - non-negotiable Working knowledge of DefStan 05-138 (Issue 3) and DefStan 05-139 (Issue 1) is essential Proficiency in threat modelling methodologies and tools (e.g., STRIDE, DREAD, Attack Trees) Familiarity with other standards such as ISO/IEC 27001, ISO 27005, OWASP, and MOD ISN 23/ More ❯

a strong working knowledge of Defence Standards DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1 . If you're an experienced professional with strong capabilities in threat modelling , risk assessment , and secure systems architecture , we want to hear from you. Role Responsibilities: Integrate security controls throughout the product development lifecycle Conduct detailed threat modelling … NIST frameworks (including NIST 800-30, NIST 800-53) - non-negotiable Working knowledge of DefStan 05-138 (Issue 3) and DefStan 05-139 (Issue 1) is essential Proficiency in threat modelling methodologies and tools (e.g., STRIDE, DREAD, Attack Trees) Familiarity with other standards such as ISO/IEC 27001, ISO 27005, OWASP, and MOD ISN 23/ More ❯

a strong working knowledge of Defence Standards DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1 . If you're an experienced professional with strong capabilities in threat modelling , risk assessment , and secure systems architecture , we want to hear from you. Role Responsibilities: Integrate security controls throughout the product development lifecycle Conduct detailed threat modelling … NIST frameworks (including NIST 800-30, NIST 800-53) - non-negotiable Working knowledge of DefStan 05-138 (Issue 3) and DefStan 05-139 (Issue 1) is essential Proficiency in threat modelling methodologies and tools (e.g., STRIDE, DREAD, Attack Trees) Familiarity with other standards such as ISO/IEC 27001, ISO 27005, OWASP, and MOD ISN 23/ More ❯

a strong working knowledge of Defence Standards DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1 . If you're an experienced professional with strong capabilities in threat modelling , risk assessment , and secure systems architecture , we want to hear from you. Role Responsibilities: Integrate security controls throughout the product development lifecycle Conduct detailed threat modelling … NIST frameworks (including NIST 800-30, NIST 800-53) - non-negotiable Working knowledge of DefStan 05-138 (Issue 3) and DefStan 05-139 (Issue 1) is essential Proficiency in threat modelling methodologies and tools (e.g., STRIDE, DREAD, Attack Trees) Familiarity with other standards such as ISO/IEC 27001, ISO 27005, OWASP, and MOD ISN 23/ More ❯

security designs as they pertain to the cyber domain. Decomposing cyber and security requirements down to the system control level. Conducting cyber and information security risk assessment activities including threat modelling, vulnerability analysis and analysis of mitigations, including technical understanding. Scoping and managing security verification and validation activities and remedial action plans. Coordinating with product engineers, system architects More ❯

of security in at least one of the following areas: IP networking & OT On-premises architecture and Virtualization cloud platforms and Containerization Databases and LLMs Mobile Technologies & Application security Threat modeling techniques to identify security threats to systems, leading to the definition of Security requirements. Managing security requirements through the delivery and operational life cycle of a system Provision … of authoritative specialist security advice in Risk and threat-based mitigation to system designs Control frameworks such as NIST, ISO, CIS Protective monitoring, Authentication and authorization best practices. Develop excellent working relationships with key stakeholders, peers and subordinates. Communicating effectively verbally and in writing, demonstrated through: Effectively explain complex technical solutions to a non-technical audience Writing meaningfully to More ❯

engineering principles in the context of safety-critical systems and regulated environments. Demonstrated experience leading the development of cybersecurity assurance artefacts for certification programmes. Practical understanding of airworthiness risk modelling, threat identification, attack surface reduction, and aircraft-level threat scenarios. Ability to produce certification-ready documentation aligned to EASA/UK CAA guidance, including traceability to compliance … objectives. Strong communication and interpersonal skills, with the ability to translate complex cybersecurity concepts for engineering, safety, and programme stakeholders. Knowledge of aerospace cybersecurity policy, risk management, and threat intelligence as applied to aircraft development environments. Collaborative and detail-oriented, able to work across international teams and regulatory boundaries. Desired skills Experience supporting cybersecurity assurance within other EASA/… responding to regulatory audits, design reviews, and certification authority engagements. Understanding aircraft production and supply chain security, including configuration management, supplier assurance, and design data integrity. Exposure to digital threat modelling techniques tailored to aerospace domains (MITRE ATT&CK for ICS/Aerospace, STRIDE-LM). Ability to contribute to internal capability development, methodology refinement, and knowledge transfer More ❯

in architectures, codebases, and configurations; drive remediation with development and operations teams. Secure Development Practices Partner with software and hardware engineers to integrate secure coding and design principles (e.g., threat modelling, secure-by-design). Perform security code reviews, provide guidance on secure libraries and frameworks. Standards & Compliance Ensure products meet regulatory and defence standards (ISO 27001/ More ❯

of security in at least one of the following areas: IP networking & OT On-premises architecture and Virtualization cloud platforms and Containerization Databases and LLMs Mobile Technologies & Application security Threat modeling techniques to identify security threats to systems, leading to the definition of Security requirements. Managing security requirements through the delivery and operational life cycle of a system Provision … of authoritative specialist security advice in Risk and threat-based mitigation to system designs Control frameworks such as NIST, ISO, CIS Protective monitoring, Authentication and authorization best practices. Develop excellent working relationships with key stakeholders, peers and subordinates. Communicating effectively verbally and in writing, demonstrated through: Effectively explain complex technical solutions to a non-technical audience Writing meaningfully to More ❯

thrive in a collaborative, high-impact environment - this is your chance to make a real difference. Key Responsibilities Define and embed security requirements throughout the product development lifecycle. Conduct threat modelling, risk assessments, and drive mitigation strategies. Advise on solution architecture, minimising security risks and ensuring compliance. Collaborate with cross-functional teams to implement security best practices. Support … by Design principles and MOD-specific guidelines (e.g. JSP, Def Stan 05-138/139). Familiarity with HMG security and assurance frameworks is a strong plus. Comfortable using threat modelling tools and risk assessment methodologies. Key Competencies: Excellent communicator - confident, clear, and influential. Proactive problem-solver with critical thinking skills. Organised, resilient, and delivery-focused. Strong team More ❯

outside IR35 Start Date: 1st July Responsibilities: Provide expert security consultancy across the project lifecycle, with a focus on secure-by-design practices. Lead or support security risk assessments, threat modelling, and architectural reviews. Support the production and review of security documentation (RMADS, SyOps, Security Cases, etc.). Engage with technical and delivery teams to embed security requirements More ❯

succeed in this role Deep experience in Azure infrastructure (with IaC using Bicep, ARM, or Terraform) Hands-on knowledge of DevSecOps tooling and techniques (CI/CD, secrets management, threat modelling) Experience implementing security standards across cloud and hybrid environments Familiarity with container security ( e.g. Docker, Kubernetes) A strong understanding of compliance frameworks such as ISO 27001 and More ❯

what you will be involved in: Identify security requirements and ensure the integration of security controls during the product development lifecycle Develop and implement risk management strategies Perform security threat modelling and risk assessments applying security controls to mitigate any threats identified Collaborate with the development teams to ensure the adoption of Secure by Design principles Identify security More ❯

what you will be involved in: Identify security requirements and ensure the integration of security controls during the product development lifecycle Develop and implement risk management strategies Perform security threat modelling and risk assessments applying security controls to mitigate any threats identified Collaborate with the development teams to ensure the adoption of Secure by Design principles Identify security More ❯

the delivery of high-quality, secure, and scalable applications on the cloud with automated tools and scripts Work with the product owner to address user needs Participate in agile threat modelling and vulnerability management Ensure compliance with security and regulatory requirements for MOD and high Design assurance software Support the Customer Enterprise/Solution Data Architects in coordinating More ❯

to identify weaknesses, assess risks, and develop mitigation strategies. What You'll Be Doing Researching, designing, and building resilient systems to support National Security objectives. Conducting vulnerability assessments and threat modelling on software and hardware components. Reverse engineering a wide range of technologies to uncover vulnerabilities and improve security. Writing secure, high-performance code that integrates deeply with More ❯

About the role Do you want to be at the forefront of cyber security, protecting people, data and systems from the evolving digital threat landscape? Are you looking to apply your technical expertise in a collaborative and forward-thinking environment? As a Technical Security Analyst, you'll be part of our Security team who are responsible for keeping our … ensuring that findings are managed appropriately and remediated according to agreed timescales. Assisting in the creation, testing, and implementation of response and recovery plans in support of incident management threat modelling. Researching and investigating attack techniques and recommending ways to defend against them. Supporting the Security function in all aspects of Security operations and management reporting. Performing technical assessments More ❯