15 of 15 Contract Threat Modelling Jobs in London

primary security partner for product and engineering teams - ensuring applications are designed, built and maintained with robust security at their core. You will lead threat modelling, manage vulnerability backlogs, support incident response, and help uplift security maturity across development squads. Key Responsibilities Define and implement product security policies … tooling and standards across the SDLC Lead threat modelling for new and existing applications Own the product vulnerability backlog, prioritising and tracking remediation Liaise on bug bounty findings and ensure timely fixes Conduct root cause analysis for security incidents and systemic issues Act as Incident Commander or Investigation ...

privileged access Design secure network architectures covering encryption, key management, and secure connectivity Embed application security principles , including secure APIs, data protection, and threat modelling Ensure systems are designed for security resilience , availability, and risk mitigation Collaborate with engineering, platform, and delivery teams to embed security across … Deep knowledge of IAM , authentication, authorisation, and privileged access management Strong background in network security , encryption, and key management Experience with application security , including threat modelling and secure data flows Ability to design systems with security resilience built in Active SC Clearance Nice-to-Have Skills Hands ...

teams, and strengthening enterprise security posture-particularly across Microsoft 365, Azure, data platforms, and AI-enabled solutions. You will play a key role in threat modelling, risk assessments, guardrail design & implementation, and delivering practical security guidance for engineering, data, and application/product teams. Rationale/deliverables: Contribute … enhanced productivity systems Support the roll-out of the new AI information security control framework Support the Data governance team Key Responsibilities Perform threat modelling (STRIDE), guardrail definition, and security posture assessments across applications, data platforms, APIs, cloud services, and SaaS ecosystems. Identify security control gaps , especially around ...

delivery without owning build or operations. Key Responsibilities Attend regular project and design meetings to understand requirements and delivery milestones. Perform initial and iterative threat modelling for new features, integrations, and architectural changes. Advise on secure architecture design, including IAM, network segmentation, encryption, and data protection. Recommend … being consistently applied. Essential Experience Proven experience as a Security Architect or senior cyber security consultant in digital delivery environments. Strong Secure by Design, threat modelling, and risk-based security expertise. Experience advising product teams in agile, cloud-based delivery contexts. Confident engaging with architects, developers, and delivery ...

privileged access Experience with network security, encryption, key management, and secure connectivity Knowledge of application security principles, including secure APIs, data protection, and threat modelling Experience designing for security resilience. Desirable Skills: Hands-on experience with cloud security services and tooling (e.g. AWS Security Hub, Azure Defender, Sentinel ...

commit to working in Central London 1 day a week. Job Requirements: Work with project teams to understand product requirements and delivery milestones. Conduct threat modelling to identify security risks across applications, integrations, and cloud-based architectures . Advise on secure-by-design solutions , including access controls, encryption ...

outcomes. About You We're looking for someone with a blend of technical expertise and delivery mindset: Hands-on application security experience: secure coding, threat modelling, SAST/DAST tooling. Strong knowledge of SDLC and CI/CD integration, with experience securing software throughout its lifecycle. Pragmatic, delivery ...

services + maintaining a strong security culture. Investigating security incidents and breaches, performing vulnerability scans for releases, vulnerability risk assessments + remediation planning. Conducting threat modelling to identify risks and inform secure design decisions. Providing assurance over patching operations, release notes + change management activities. Assessing external threat ...

services + maintaining a strong security culture. Investigating security incidents and breaches, performing vulnerability scans for releases, vulnerability risk assessments + remediation planning. Conducting threat modelling to identify risks and inform secure design decisions. Providing assurance over patching operations, release notes + change management activities. Assessing external threat ...

microservices (e.g., Kubernetes, Docker) Build and integrate security solutions for DevSecOps pipelines and collaborate with cross-functional teams to deploy them globally Perform threat modeling for cloud-based workloads and develop corresponding countermeasures Review and assess new third-party cloud and on-premises solutions to identify potential security risks … GitHub Hands-on experience with Infrastructure as Code (IaC) and Policy as Code (PaC) technologies, including Terraform and CloudFormation Demonstrated skills in cloud threat modeling and architectural assessment using tools like IriusRisk Strong knowledge of compliance benchmarks (e.g., CIS, GDPR, PCI-DSS, ISO standards) and industry cloud security standards ...

Secure by Design discovery and assessment activities across digital services Identify security risks, constraints, and dependencies, and translate these into clear, prioritised recommendations. Facilitate threat modelling and risk workshops with multidisciplinary teams. Define pragmatic security control expectations aligned to service risk and context. Produce concise written outputs that ...

modules), and network segmentation for hybrid environments. DevSecOps: Integrating SAST/DAST tools into CI/CD pipelines and automating compliance checks. Security Documentation Threat Modeling: Using frameworks to identify risks in legacy-to-modern transitions. Security Control Sets: Defining controls for data encryption, access management, and audit logging … functional teams (developers, ops, risk owners) to align security with business objectives. Risk Appetite Management: Balancing security requirements with project timelines and budgetary constraints. Threat assessments and risk registers. Security Controls Statement of Applicability . Pre- and post-ITHC compliance reports. UK Government Experience: - Preferred to have 3 years ...

Responsibilities: Security Policy Development: Define and implement robust security policies and tooling across the product lifecycle, ensuring security is integrated from the ground up. Threat Modeling Leadership: Lead threat modeling sessions for both new and existing applications, guiding teams to ensure documented and actionable outputs. Vulnerability Management: Oversee … Incident Commander during incident response efforts, including facilitating tabletop exercises to enhance our incident readiness. Skills & Experience: Expertise: Deep knowledge in vulnerability management, threat modeling, security architecture, and secure software development lifecycle (SDLC) practices. Incident Response Skills: Strong background in incident response, root cause analysis, and managing bug bounty ...

support Central Government on a high-profile contract. This role is ideal for someone with deep expertise in AI security, risk management, and threat mitigation, particularly in government or highly regulated environments. The Role You will play a critical role in ensuring AI systems are secure, compliant, and resilient … with Secure by Design principles Defining and implementing AI governance, risk management, and mitigation strategies, following GDS (Government Digital Service) and NIST frameworks Conducting threat modeling, vulnerability assessments, and security audits for AI systems Advising stakeholders on secure AI development practices, prompt engineering, and safe AI agent deployment Supporting ...

security architecture posture (Entra ID/OIDC, encryption, key management, network zoning, data protection). Produce a high-level design (HLD) with C4 diagrams, threat model (e.g., STRIDE), privacy/data handling assessment, and decision logs (ADRs). Build the architecture runway for Phase 2, with principles, patterns, guardrails … estimated remediation effort. Deliverables (by end of the audit) HLD with current vs target C4 diagrams. Threat model and NFR catalogue with measurable acceptance criteria. Architectural risk/assumptions/issues log and ADRs. Option analysis with cost/benefit and effort estimates. Phased roadmap, integration inventory, and high ...