23 of 23 Threat Modelling Jobs in the West Midlands

steps Act as an escalation point for Tier 1 analysts, guiding initial response actions and validating escalations Participate in on-call or out-of-hours technical support where appropriate Threat Intelligence and Analysis: Perform in-depth analysis of suspicious activity, identifying indicators of compromise and attribution patterns Lead threat intelligence sharing within the organisation and with external partners … Mentor Tier 1 staff in interpreting threat data and logs during investigations Security Monitoring and Detection Engineering: Conduct continuous security monitoring of network traffic, endpoints, and critical systems Proactively tune and improve SIEM rules, alerts, and correlation logic to reduce false positives and increase detection fidelity Support onboarding of new data sources into SIEM and help define parsing, enrichment … Coordinate and support risk-based prioritisation of vulnerability remediation efforts Support vulnerability lifecycle management, including exception handling, patch validation, and reporting Provide vulnerability remediation guidance based on CVSS scores, threat context and business impacts Collaboration and knowledge sharing: Act as a technical mentor to Tier 1 analysts, supporting their development and escalation handling Work closely with other IT teams More ❯

technology capabilities into business products and services, with a focus on ensuring the security of gas operations Define and document security architecture blueprints for new systems and applications, including threat modelling and risk assessments Establish security standards, best practices, and design patterns to support cloud, physical and operational technologies Collaborate with development teams to integrate security controls into … application design Lead security architecture reviews and provide expert technical guidance on complex security challenges Keep up-to date with the latest security threat assessment frameworks such as OWASP, MITRE ATT&CK Assess security posture against industry regulations and compliance requirements Identify and mitigate security risks associated with new technologies and initiatives Perform security assessments to identify vulnerabilities Communicate More ❯

technology capabilities into business products and services, with a focus on ensuring the security of gas operations Define and document security architecture blueprints for new systems and applications, including threat modelling and risk assessments Establish security standards, best practices, and design patterns to support cloud, physical and operational technologies Collaborate with development teams to integrate security controls into … application design Lead security architecture reviews and provide expert technical guidance on complex security challenges Keep up-to date with the latest security threat assessment frameworks such as OWASP, MITRE ATT&CK Assess security posture against industry regulations and compliance requirements Identify and mitigate security risks associated with new technologies and initiatives Perform security assessments to identify vulnerabilities Communicate More ❯

as a security architect in a SAFe or agile product environment. Deep knowledge of security risk identification , mitigation , and regulatory compliance (DPA 2018, GDPR, PCI DSS). Understanding of threat models, TTPs, and attack surfaces relevant to UK financial services. Hands-on experience in designing and delivering secure platforms and services. Familiarity with Zero Trust Architecture principles. Highly Desirable More ❯

or data leakage. • Integrate cloud-native security tools ( AWS Macie) for data discovery and classification. Security Monitoring & SIEM: • Integrate with SIEM platforms e.g., Splunk for real-time monitoring and threat detection. • Integrate logs and telemetry from Pega CRM, telephony/contact center platforms, and cloud data services. • Define correlation rules and alerts for proactive incident detection and response. Application … Security: • Conduct secure code reviews, threat modelling, and vulnerability assessments. • Work with development and operations teams to integrate security into the SDLC and CI/CD pipelines. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

is embedded throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance throughout product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application-level vulnerabilities through static … for this role, you should have: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modelling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. More ❯

will be able to demonstrate significant experience in working with senior stakeholders and within a Global team. You will have expertise in Network Security Architecture, with particular emphasis assessing threat landscapes, performing risk and impact assessment, defining security network zones, applying security tools and controls and managing any residual risk, both at a program and individual project level. Key … and governance improvements. Promote and support the embedding of security best practice in network architecture development processes to improve standardization. Track developments and changes in the digital business and threat environments to ensure that they are adequately addressed in security strategy plans and architecture artifacts. Monitor trends in information security and incorporate into Security Architecture Strategy. Work closely with … conduct security assessments of existing and prospective vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data. Conduct or facilitate threat modelling of network services and applications that ties to the risk, data and industry drivers associated with the service or application. Establish and deliver methods and tools which More ❯

stakeholders to embed security throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards across web, mobile, and cloud-native applications. Provide security guidance during product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application vulnerabilities through static/… code analysis and runtime protection. Qualifications: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modeling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools like SAST, DAST, IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. Strong understanding of cloud More ❯

embed security throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards and frameworks across web, mobile, and cloud-native applications. Provide security guidance during product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application vulnerabilities through static/… code analysis and runtime protection. Qualifications: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modeling methodologies such as STRIDE and architectural risk analysis. Hands-on experience with tools like SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode, or similar. Strong understanding More ❯

security cases ️ Leading risk assessments, managing mitigation controls, and contributing to DPIAs ? Supporting HMG Secure-by-Design assurance across the entire delivery lifecycle ?️ Feeding into control design activities—DevSecOps, threat modelling, workshops, and design reviews ? Managing and coordinating penetration testing and remediation efforts ? Leading security incident response for the programme, from detection to resolution ? Running tailored security awareness More ❯

stakeholders to embed security throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards across web, mobile, and cloud-native applications. Provide security guidance during product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead the implementation of DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application vulnerabilities through analysis, code … tools for analysis and runtime protection. Qualifications: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding practices. Familiarity with threat modeling methodologies like STRIDE. Hands-on experience with tools such as SAST/DAST/IAST, Snyk, SonarQube, Burp Suite, Veracode. Strong understanding of cloud platforms and modern architectures. More ❯

stakeholders to embed security throughout the SDLC. Main Responsibilities: Define and enforce secure architecture standards across web, mobile, and cloud-native applications. Provide security guidance during product development, including threat modeling, secure coding, design reviews, and architecture assessments. Lead DevSecOps practices, integrating security into CI/CD pipelines. Identify and remediate application vulnerabilities through static/dynamic analysis, manual … code analysis and runtime protection. Requirements: Proven experience in application security architecture. Deep knowledge of OWASP Top 10, SANS CWE Top 25, and secure coding best practices. Familiarity with threat modeling methods like STRIDE and architectural risk analysis. Hands-on experience with SAST/DAST/IAST tools such as Snyk, SonarQube, Burp Suite, Veracode. Strong understanding of cloud More ❯

our IT and Operational Technology (OT) environments. This is a hands-on, technically rich role where you will work with a wide range of security tools and collaborate with threat intelligence, vulnerability management, and incident response teams. You will engineer solutions to mitigate threats, automate detection and response, and ensure our systems remain secure, resilient, and compliant. Why you … a dynamic and impactful role that offers technical depth, cross-functional collaboration, and the chance to shape Cadent’s cyber resilience. Technical Challenge – Work with advanced SIEM, SOAR, and threat detection tools across IT and OT environments. Strategic Contribution – Influence the development of new controls and support the delivery of Cadent’s cyber security strategy. Cross-Team Collaboration – Partner … with threat intelligence, vulnerability analysts, and incident responders to enhance our defences. Continuous Improvement – Engineer solutions for unpatchable vulnerabilities and automate detection and response processes. National Impact – Help protect the systems that keep gas flowing to millions of homes and businesses. What you'll bring: You are a technically skilled and security-focused professional with a strong understanding of More ❯

our IT and Operational Technology (OT) environments. This is a hands-on, technically rich role where you will work with a wide range of security tools and collaborate with threat intelligence, vulnerability management, and incident response teams. You will engineer solutions to mitigate threats, automate detection and response, and ensure our systems remain secure, resilient, and compliant. Why you … a dynamic and impactful role that offers technical depth, cross-functional collaboration, and the chance to shape Cadent's cyber resilience. Technical Challenge - Work with advanced SIEM, SOAR, and threat detection tools across IT and OT environments. Strategic Contribution - Influence the development of new controls and support the delivery of Cadent's cyber security strategy. Cross-Team Collaboration - Partner … with threat intelligence, vulnerability analysts, and incident responders to enhance our defences. Continuous Improvement - Engineer solutions for unpatchable vulnerabilities and automate detection and response processes. National Impact - Help protect the systems that keep gas flowing to millions of homes and businesses. What you'll bring: You are a technically skilled and security-focused professional with a strong understanding of More ❯

domains as required across the business to continually improve the quality and potential of security solutions Demonstrable level of expertise of service management that may include compliance, standards, risk, threat modelling, metric implementation, and maturity model management Collaborates with both enterprise and solution architects, bringing managed security services to life, sharing knowledge and bringing specific expertise into decision More ❯

global regulatory standards (IEC 62443, IEC 61850, IEC 62351, NERC CIP) into product requirements, and lead technical strategy planning, architecture reviews, and security certification efforts. Guide engineering teams through threat modeling, secure coding, SDLC best practices, and CIE adoption to mitigate cyber-physical risks affecting safety, reliability, or operations. Define and support embedded and software-based security features using … initiatives with PSL, product management, compliance, field operations, and R&D to align cybersecurity objectives and ensure systems meet resilience and compliance expectations. Monitor cybersecurity trends, ICS/OT threat landscapes, and emerging technologies, recommending tools and methods to enhance product security posture. Partner with PSL, incident response and product security teams to support vulnerability remediation, post-incident analysis … system development (C/C++, RTOS), as well as Linux/Windows platforms. Strong hands-on background in PKI, identity management, network security appliances, and security monitoring. Proficient in threat modeling, risk/vulnerability assessment, and using forensic/security analysis tools.. Excellent communication and stakeholder engagement skills, able to translate technical content for non-technical audiences. Exposure to More ❯

of emerging threats, exploits, and attack methodologies to improve testing capabilities. To be considered: Extensive experience in penetration testing, red teaming, and security consulting. Strong knowledge of attack techniques, threat modelling, and exploit development. Certifications such as CREST CRT/CCS, OSCP, OSEP, or CISSP are highly desirable. Proven ability to lead and deliver high-impact security engagements. More ❯

feasibility analyses for future projects. Resolve software issues and suggest improvements. Lead and review work of other developers. Assist in developing user manuals. Translate security requirements into design, conduct threat modeling, and address security in software acceptance. Collaborate effectively with team members. YSI is an Equal Opportunity Employer. All qualified applicants will receive consideration without regard to race, color More ❯