1 to 25 of 56 Threat Modelling Jobs in the UK excluding London

engineering teams to embed automated security testing and guardrails into development workflows. Define, implement, and maintain secure development standards, including secure coding guidelines, threat modelling practices, and minimum-security requirements for applications and APIs. Partner with engineering, platform, and product teams to embed secure-by-design principles into … development team, providing hands-on technical leadership across design, development, and operation. Perform deep-dive security activities for the team, including threat modelling, code-level reviews, and vulnerability triage/remediation support. Oversee and coordinate third-party application security reviews, ensuring consistent assessment standards and effective risk management ...

approach with 2 days a week onsite in Osterley campus. What you'll do You will be able to perform an end-to-end threat model, using the STRIDE methodology, independently of any help. This means to organise, perform, document, and follow up on the threat models taking … place. Perform threat modelling for AI-enabled systems, including LLM-based and agentic architectures, identifying risks introduced by autonomy, tool use, memory, and orchestration layers. Work with engineering and product teams to define secure design patterns, guardrails, and mitigations for AI agents (e.g. least-privilege tool access, human ...

Title: Cyber Threat Management Lead Location: London (2 days onsite per week) Duration: 6 months Rate: £670 via Umbrella Role Summary: We are Seeking a Cyber SME to improve cyber defence through threat intelligence, threat hunting, and detection engineering. Key Responsibilities: Apply cyber threat intelligence … strengthen network defence Conduct threat hunting and detection engineering Perform threat modelling and threat-led risk reduction Support purple team and offensive security testing to improve detections and controls Guidant, Carbon60, Lorien & SRG - The Impellam Group Portfolio are acting as an Employment Business in relation ...

standardise assessments across platforms. Conduct comprehensive platform security reviews (build systems, CI/CD pipelines, runtime infrastructure, developer tooling) against defined framework criteria. Perform threat modelling and gap analysis, identifying vulnerabilities and systemic risks impacting source code, artifacts, and workloads. Engineering Platform Security Enablement Establish standardised secure architecture … security controls. Strong knowledge and understanding of service mesh, cryptography, network security, application security, vulnerability management, and risk management. Demonstrable ability to conduct threat modelling, platform security assessments, and gap analysis. Experience building and implementing maturity models, frameworks, or roadmaps in complex enterprise environments. Strong stakeholder management skills ...

cloud infrastructures. Contribute to blogs and research within the business community. Experience Required The successful candidate will possess proven experience in cybersecurity, security architecture, threat modelling, or related fields within Public Sector and MOD and will have achieved or be working towards Full Membership of CIISEC … NPSA and NCSC security policies, standards and guidance. Have experience building and implementing secure by design principals within the software development lifecycle (SDLC). Threat Modelling - Kill Chain - Attack tree analysis. Working understanding of: Cloud security including Azure, Amazon Web Service, Key Management Systems, Containerisation, Network Security Groups ...

strong technical depth. Key Responsibilities: Define and implement secure architecture patterns across engineering platforms (CI/CD, build systems, runtime environments) Conduct security assessments, threat modelling, and gap analysis across platforms and pipelines Develop and embed DevSecOps best practices, including secure pipeline design and automated controls Establish …/CD pipelines, build tools, artifact repositories, and developer platforms Expertise in secure software delivery, vulnerability management, and platform security Experience with threat modelling, security frameworks, and maturity assessments Strong knowledge of application security, network security, and cloud security principles Excellent stakeholder management and communication skills Desirable: Experience ...

client-facing role combining security architecture, risk management, and governance . Key Responsibilities Provide security advice and guidance across IT and business projects Conduct threat modelling and security impact assessments (SIAs) Define and review security requirements for applications and infrastructure Review conceptual, logical, and physical solution designs Manage … security architecture within complex environments Strong knowledge of ISO 27001/ISMS and security governance frameworks CISSP (or equivalent certification) Experience with risk assessments, threat modelling, and security design reviews Broad technical understanding across: Application security (e.g. OWASP, IAM, cryptography) Infrastructure security (networks, endpoints, cloud) Operational security (incident ...

cloud infrastructures. Contribute to blogs and research within the Cyberfort community. Experience Required The successful candidate will possess proven experience in cybersecurity, security architecture, threat modelling, or related fields within Public Sector and MOD and will have achieved or be working towards Full Membership of CIISEC … NPSA and NCSC security policies, standards and guidance. Have experience building and implementing secure by design principals within the software development lifecycle (SDLC). Threat Modelling – Kill Chain – Attack tree analysis. Certifications: AWS/Azure Security Professional, CCSP, CISSP, CISM, CIISEC, UK Cyber Security Council registration (Chartered ...

security risks, issues, and mitigation plans throughout the delivery lifecycle. Ensure security requirements are captured, validated, and integrated into design and delivery documentation. Support threat modelling, risk assessments, and security reviews. Maintain and update assurance artefacts, including design documentation, risk registers, and compliance checklists. Facilitate security sign … governance processes. Strong communication and stakeholder engagement skills. Ability to interpret technical documentation and translate security requirements into actionable tasks. Desirable Skills Experience with threat modelling tools and techniques. Knowledge of cloud security (AWS, Azure, GCP). Understanding of regulatory and compliance frameworks. Background in cyber security ...

other AppSec tooling to ensure effective coverage across all in scope applications Create, roll out and maintain secure development practices and standards including threat modelling, secure coding practices for all applications and APIs Collaborate with the Vulnerability Engineering Lead to support the identifications, triages, and remediation programs … Extensive experiences of integrating security into the CI/CD pipeline eg using AWS DevOps or GitHub Strong history of secure coding practices, threat modelling and vulnerability management in production Strong understanding of modern software development practices If this sounds like the role for you, hit the apply ...

productivity. Mentor senior engineers and influence technical leaders across the organisation. Secure-by-Design & Compliance Embed secure-by-design principles into architectural decisions. Ensure threat modelling is performed for new features and major changes. Champion secure coding standards and integration of security testing into the delivery pipeline. Collaborate … delivery of product capabilities. Strong background in cloud-native architectures (microservices, event-driven, distributed systems). Deep understanding of secure-by-design principles, threat modelling, cryptography basics, and modern security practices. Experience with API design, integration patterns, and domain-driven design (DDD) and Event Driven Design. Ability ...

ensure compliance and security standard processes. Evaluate and integrate new identity tools, authentication platforms and access capabilities. Drive continuous improvement through risk assessments, threat modelling, and automation. You will need: Strong practical experience in designing and running Identity and Access Management (IAM) solutions within large-scale, complex environments. … Okta, CyberArk, Ping, or preferably Microsoft Entra ID. Ability to define standards, partner cross-functionally (IT, GRC, Engineering), and drive risk reduction through threat modelling, compliance (NIST, ISO, GDPR), and ongoing optimisation of identity systems. Experience working with cloud identity (Azure, AWS, or GCP). What ...

Product Security Management System (PSMS) and propose improvements when gaps or inefficiencies are identified. Support evidence generation required for Cybersecurity Conduct security analyses , threat modelling and vulnerability assessments within the digital engineering environment. Support incident investigations and maintain accurate records of product-security-relevant decisions . Essential Skills … product, system or cyber security engineering industries. (Internal BAE Systems training is available for Product Security specialism) An awareness of secure-by-design principles , threat modelling, risk assessment methodologies and security control design. Practical knowledge of security policies, standards and good practice frameworks in highly regulated industries Experience ...

Product Security Management System (PSMS) and propose improvements when gaps or inefficiencies are identified. Support evidence generation required for Cybersecurity Conduct security analyses , threat modelling and vulnerability assessments within the digital engineering environment. Support incident investigations and maintain accurate records of product-security-relevant decisions . Essential Skills … product, system or cyber security engineering industries. (Internal BAE Systems training is available for Product Security specialism) An awareness of secure-by-design principles , threat modelling, risk assessment methodologies and security control design. Practical knowledge of security policies, standards and good practice frameworks in highly regulated industries Experience ...

Product Security Management System (PSMS) and propose improvements when gaps or inefficiencies are identified. Support evidence generation required for Cybersecurity Conduct security analyses , threat modelling and vulnerability assessments within the digital engineering environment. Support incident investigations and maintain accurate records of product-security-relevant decisions . Essential Skills … product, system or cyber security engineering industries. (Internal BAE Systems training is available for Product Security specialism) An awareness of secure-by-design principles , threat modelling, risk assessment methodologies and security control design. Practical knowledge of security policies, standards and good practice frameworks in highly regulated industries Experience ...

world national security impact, while enjoying hybrid working and strong professional development opportunities. Skills Secure architecture design and secure-by-design principles Risk assessment, threat modelling, and vulnerability management Security frameworks: ISO 27001, NIST 800-30/53, OWASP Cloud security architecture (AWS, Azure, GCP) Incident response, penetration ...

evolve secure, enterprise-grade architectures across cloud, hybrid, and on-prem environments. Embed security into every stage of our SDLC Conduct risk assessments and threat modelling, proactively identifying vulnerabilities and mitigation strategies Develop and maintain security policies and frameworks aligned with NIST, ISO 27001, and CIS Controls Guide ...

identity management (e.g., Entra ID), and secure application development. Deliver clear cybersecurity advice to technical and non-technical stakeholders on Azure security best practices, threat protection, and compliance. Champion 'Secure by Design' across IT infrastructure, emphasizing Azure Defender, Sentinel, and application security controls. What were looking for Expertise … application security (e.g., OWASP, DevSecOps), and network segmentation. Strong knowledge of Azure-specific security tools (e.g., Azure Security Center, Key Vault, Policy, Private Link), threat modelling, secure SDLC, and assurance processes. Experience delivering "secure by design" in regulated sectors (e.g., finance, healthcare, critical infrastructure), including Azure compliance certifications ...

infrastructure security through Terraform-based infrastructure as code Automating security validation and policy enforcement using cloud-native tools and policy-as-code approaches Supporting threat modelling and secure design across engineering teams Managing vulnerability remediation workflows and ensuring issues are resolved within defined risk and compliance timelines Implementing … including IAM, networking and container security Experience integrating security controls into CI/CD pipelines (e.g. GitHub Actions) Practical exposure to vulnerability management and threat remediation processes Experience collaborating with SOC, cyber defence or enterprise security teams Understanding of modern application architectures and cloud-native systems Ability to adapt ...

with the highest security standards. Design and create secure Enterprise-Grade Architectures Across Cloud, Hybrid, and On-Prem Environments Conduct comprehensive risk assessments and threat modelling to proactively identify vulnerabilities and develop effective mitigation strategies Develop and maintain security policies and frameworks that adhere to industry standards such ...

cloud deployments (private/public). Design and scope IT Health Checks and interpret outcomes. Identify and mitigate security risks in solution architectures. Conduct threat modelling and risk analysis. Design proportional security controls using native cloud technologies. Produce security architecture artefacts including standards and blueprints. What ...

cloud deployments (private/public). Design and scope IT Health Checks and interpret outcomes. Identify and mitigate security risks in solution architectures. Conduct threat modelling and risk analysis. Design proportional security controls using native cloud technologies. Produce security architecture artefacts including standards and blueprints. What ...

Design Familiarity with: JSP440, JSP604/453, JSP490 Supplier Chain Assurance GDPR, PCI DSS, ICO ISO 27001, NIST CSF, CIS Controls v8 Skills in: Threat modelling (kill chain, attack trees, etc.) Cloud security (AWS, Azure), containerisation, firewalls Secure SDLC HLD/LLD review ITHC scoping and remediation Certifications ...

security solutions to support meeting industrial and security frameworks such as ISO 27000 series, PCI DSS, COBIT, NIST, OWASP. Proven experience in risk assessment, threat modelling and implementing security controls. Expertise in managing user identities and securing access to systems. Knowledge of encryption, hashing, and tokenization techniques ...

security solutions to support meeting industrial and security frameworks such as ISO 27000 series, PCI DSS, COBIT, NIST, OWASP. Proven experience in risk assessment, threat modelling and implementing security controls. Expertise in managing user identities and securing access to systems. Knowledge of encryption, hashing, and tokenization techniques ...