1 to 25 of 236 Threat Modelling Jobs in the UK excluding London

resilient to evolving cyber and information threats. Key Responsibilities Identify, interpret, and integrate security requirements throughout the product and system development lifecycle . Lead threat modelling and risk assessments , applying recognised frameworks such as ISO/IEC 27001, NIST 800-30/53, and ISO 31000. … configure industry-standard threat-modelling tools (e.g., STRIDE-based tools, attack-tree tooling). Provide expert advice on secure architectures, ensuring risks are understood, prioritised, and mitigated. Ensure compliance with MOD and HMG standards, including JSPs, Def Stan 05-138/05-139 , and ISN 23/ ...

Title: Cyber Security Specialist (Threat Modelling Contract) Location: Birmingham (Hybrid, 3 days on-site) Contract: 3 - 6 Months We are seeking an experienced Cyber Security Specialist for a 3 - 6 month hybrid contract in Birmingham. This role is focused on conducting comprehensive threat modelling and risk … telecommunications infrastructure. You will work with architecture teams to identify vulnerabilities, recommend mitigations, and produce clear, actionable reports. Essential Skills & Experience: Proven experience in threat modelling complex infrastructures. Strong background in operational security (e.g., Threat Hunting, Red Team, or Intelligence). Familiarity with threat modelling ...

practices throughout the software development lifecycle, with a strong emphasis on 'shift-left' principles to embed security early in the process. You will facilitate threat modelling workshops to help product teams identify, assess, and mitigate potential threats. You will also collaborate closely with other functions within the CISO … Cloud serverless transformation projects. You will have the ability to work with infrastructure as code and understand complex architectures. You will Lead/facilitate threat modelling workshops with SMEs. Engage with key stakeholders to identify threats and recommend countermeasures. Participate in architectural reviews of Product cloud implementations against ...

Join Police Digital Service as NMC Senior Cyber Threat Hunter - Hybrid - starting salary £65,000pa About Police Digital Service and NMC At PDS, we empower UK policing to stay ahead of evolving threats in a rapidly changing digital landscape. As the trusted technology partner for law enforcement, we deliver … value for money. The National Management Centre (NMC) is a core part of Police Digital Service (PDS), providing 24/7/365 cyber threat detection, response, and risk management capabilities across UK policing. We help forces proactively understand and mitigate cyber risks at both national and local levels. ...

throughout the delivery lifecycle, working closely with infrastructure engineers, architects, and project/programme managers. You'll define and enforce secure configuration baselines, conduct threat modelling and risk assessments, integrate monitoring and alerting, and produce clear security artefacts that guide operational teams. Candidates must be eligible to obtain … controls across hybrid/on-prem Microsoft and Azure-centric environments. Define/enforce hardening standards (e.g., CIS Benchmarks, Microsoft Security Baselines). Perform threat modelling, risk assessments, and security validation/UAT; support incident response. Maintain SBOMs to support vulnerability management and supply-chain assurance. Integrate ...

throughout the delivery lifecycle, working closely with infrastructure engineers, architects, and project/programme managers. You'll define and enforce secure configuration baselines, conduct threat modelling and risk assessments, integrate monitoring and alerting, and produce clear security artefacts that guide operational teams. Candidates must be eligible to obtain … controls across hybrid/on-prem Microsoft and Azure-centric environments. Define/enforce hardening standards (e.g., CIS Benchmarks, Microsoft Security Baselines). Perform threat modelling, risk assessments, and security validation/UAT; support incident response. Maintain SBOMs to support vulnerability management and supply-chain assurance. Integrate ...

throughout the delivery lifecycle, working closely with infrastructure engineers, architects, and project/programme managers. You'll define and enforce secure configuration baselines, conduct threat modelling and risk assessments, integrate monitoring and alerting, and produce clear security artefacts that guide operational teams. Candidates must be eligible to obtain … controls across hybrid/on-prem Microsoft and Azure-centric environments. Define/enforce hardening standards (e.g., CIS Benchmarks, Microsoft Security Baselines). Perform threat modelling, risk assessments, and security validation/UAT; support incident response. Maintain SBOMs to support vulnerability management and supply-chain assurance. Integrate ...

throughout the delivery lifecycle, working closely with infrastructure engineers, architects, and project/programme managers. You’ll define and enforce secure configuration baselines, conduct threat modelling and risk assessments, integrate monitoring and alerting, and produce clear security artefacts that guide operational teams. Candidates must be eligible to obtain … controls across hybrid/on-prem Microsoft and Azure-centric environments. Define/enforce hardening standards (e.g., CIS Benchmarks, Microsoft Security Baselines). Perform threat modelling, risk assessments, and security validation/UAT; support incident response. Maintain SBOMs to support vulnerability management and supply-chain assurance. Integrate ...

cloud infrastructures. Contribute to blogs and research within the business community. Experience Required The successful candidate will possess proven experience in cybersecurity, security architecture, threat modelling, or related fields within Public Sector and MOD and will have achieved or be working towards Full Membership of CIISEC … NPSA and NCSC security policies, standards and guidance. Have experience building and implementing secure by design principals within the software development lifecycle (SDLC). Threat Modelling - Kill Chain - Attack tree analysis. Working understanding of: Cloud security including Azure, Amazon Web Service, Key Management Systems, Containerisation, Network Security Groups ...

cloud infrastructures. Contribute to blogs and research within the business community. Experience Required The successful candidate will possess proven experience in cybersecurity, security architecture, threat modelling, or related fields within Public Sector and MOD and will have achieved or be working towards Full Membership of CIISEC … NPSA and NCSC security policies, standards and guidance. Have experience building and implementing secure by design principals within the software development lifecycle (SDLC). Threat Modelling - Kill Chain - Attack tree analysis. Working understanding of: Cloud security including Azure, Amazon Web Service, Key Management Systems, Containerisation, Network Security Groups ...

cloud infrastructures. Contribute to blogs and research within the business community. Experience Required The successful candidate will possess proven experience in cybersecurity, security architecture, threat modelling, or related fields within Public Sector and MOD and will have achieved or be working towards Full Membership of CIISEC … NPSA and NCSC security policies, standards and guidance. Have experience building and implementing secure by design principals within the software development lifecycle (SDLC). Threat Modelling – Kill Chain – Attack tree analysis. Certifications: AWS/Azure Security Professional, CCSP, CISSP, CISM, CIISEC, UK Cyber Security Council registration (Chartered ...

candidate will report to the Head of Cyber Security and will lead the Security Engineering function, which covers Identity and Access Management, Cloud Security, Threat Modelling, and Application Security. This is a senior role that will shape Icelands security architecture and ensure that security is embedded … principles and technologies. Experience of working within a predominantly Microsoft environment. Expertise in cloud security (Microsoft Azure; AWS experience desirable). Ability to perform threat modelling and provide secure design guidance for projects and applications. Excellent communication and stakeholder engagement skills. Ability to influence and embed security practices ...

candidate will report to the Head of Cyber Security and will lead the Security Engineering function, which covers Identity and Access Management, Cloud Security, Threat Modelling, and Application Security. This is a senior role that will shape Iceland’s security architecture and ensure that security is embedded … principles and technologies. · Experience of working within a predominantly Microsoft environment. · Expertise in cloud security (Microsoft Azure; AWS experience desirable). · Ability to perform threat modelling and provide secure design guidance for projects and applications. · Excellent communication and stakeholder engagement skills. · Ability to influence and embed security practices ...

. Youll dissect designs, model attack paths, and show engineering teams what good really looks like. Depending on the engagement, you might run a threat model, assess CI/CD pipelines, learn a vendor DSL for a PoC, or build internal tooling. We dont expect you to know everything … just to be curious, practical, and willing to dive in. What Youll Do Threat Modelling & Architecture Reviews: Break down AWS services, map trust boundaries, build attack trees, and define security requirements before code ships. Security Automation: Build IaC-driven checks, Lambda/Step Function tooling, CI/ ...

dissect designs, model attack paths, and show engineering teams what “good” really looks like. Depending on the engagement, you might run a threat model, assess CI/CD pipelines, learn a vendor DSL for a PoC, or build internal tooling. They don’t expect you to know everything — just … curious, practical, and willing to dive in. What You’ll Do Threat Modelling & Architecture Reviews: Break down AWS services, map trust boundaries, build attack trees, and define security requirements before code ships. Security Automation: Build IaC-driven checks, Lambda/Step Function tooling, CI/CD gates ...

security architecture, secure-by-design principles, and engineering-led security integration. You will work directly with Digital Engineering stakeholders to produce security architecture artefacts, threat modelling, design assurance, and reusable patterns that strengthen the programme's security posture. Interviews available immediately, including evenings this week and early next … deliver core security architecture outputs including: Digital Engineering Security Artefacts • Digital Engineering Engagement Report • Security Requirements Specification • Security Principles Framework • Infrastructure Mapping Document • Threat Modelling Report • Security Architecture Design Pack • Air Sector Architecture Alignment Report Reusable & Transferable Capability • Reusable Security Pattern Library • Knowledge Transfer Pack (training materials, handover ...

security architecture, secure-by-design principles, and engineering-led security integration. You will work directly with Digital Engineering stakeholders to produce security architecture artefacts, threat modelling, design assurance, and reusable patterns that strengthen the programme’s security posture. Interviews available immediately, including evenings this week and early next … deliver core security architecture outputs including: Digital Engineering Security Artefacts • Digital Engineering Engagement Report • Security Requirements Specification • Security Principles Framework • Infrastructure Mapping Document • Threat Modelling Report • Security Architecture Design Pack • Air Sector Architecture Alignment Report Reusable & Transferable Capability • Reusable Security Pattern Library • Knowledge Transfer Pack (training materials, handover ...

lead in the build-out of their cloud-native Infrastructure capability. Highly technical position where you will be responsible for not just assessing and threat modelling novel concepts and services to introduce across Security and the wider Tech functions; but leading in the actual design, configuration and implementation. … most ambitious Tech Transformations for one of the most renowned Investment Management firms in the UK. Responsibilities Perform hands-on security threat modelling, risk assessment and vulnerability remediation. Evaluate, architect, implement and support security focused tools and services. Work closely with Development teams to ensure security and privacy ...

Title: Cyber Security Specialist (Threat Modelling Contract) Location: Birmingham (Hybrid, 3 days on-site) Contract: 3 - 6 Months We are seeking an experienced Cyber Security Specialist for a 3 - 6 month hybrid contract in Birmingham. This role is focused on conducting comprehensive threat modelling and risk ...

Responsibilities: Strategic (30%) Define technical security architecture and standards across multi-cloud SaaS platforms Embed security into product development lifecycle and roadmap planning Conduct threat modelling and risk assessments for new features and system changes Evaluate and recommend security technologies and tools Operational (40%) Manage security environments across ...

Secure Development Lifecycle (SDLC) Partner with engineering teams to embed security in the SDLC and DevSecOps practices. Advise and guide on secure coding practices, threat modeling, and architectural reviews. Instrument automated tooling for CI/CD pipelines to improve visibility of security signals and enforcement. Customer & External Engagement Represent ...

Secure Development Lifecycle (SDLC) Partner with engineering teams to embed security in the SDLC and DevSecOps practices. Advise and guide on secure coding practices, threat modeling, and architectural reviews. Instrument automated tooling for CI/CD pipelines to improve visibility of security signals and enforcement. Customer & External Engagement Represent ...

Secure Development Lifecycle (SDLC) Partner with engineering teams to embed security in the SDLC and DevSecOps practices. Advise and guide on secure coding practices, threat modeling, and architectural reviews. Instrument automated tooling for CI/CD pipelines to improve visibility of security signals and enforcement. Customer & External Engagement Represent ...

Secure Development Lifecycle (SDLC) Partner with engineering teams to embed security in the SDLC and DevSecOps practices. Advise and guide on secure coding practices, threat modeling, and architectural reviews. Instrument automated tooling for CI/CD pipelines to improve visibility of security signals and enforcement. Customer & External Engagement Represent ...

Secure Development Lifecycle (SDLC) Partner with engineering teams to embed security in the SDLC and DevSecOps practices. Advise and guide on secure coding practices, threat modeling, and architectural reviews. Instrument automated tooling for CI/CD pipelines to improve visibility of security signals and enforcement. Customer & External Engagement Represent ...