25 of 25 Contract Threat Modelling Jobs in the UK

PAM) for enhanced access control. Define RBAC models, identity life cycle processes, and access governance standards. 3. Security Architecture & Compliance Lead security-by-design for all SailPoint deployments. Conduct threat modelling, risk assessments, and security impact analyses for IAM solutions. Establish and enforce IAM security policies, authentication and authorization models, and encryption standards. Ensure solutions comply with applicable … integration with Azure AD and MFA tools (eg, DUO Security). Strong understanding of IAM security architecture, governance, and compliance frameworks (GDPR, ISO 27001, WCAG 2.2). Skilled in threat modelling, risk assessment, and vulnerability management for IAM systems. Good-to-Have Skills Experience in higher education or public sector environments. Familiarity with other IAM platforms, directory services More ❯

controls, and ensuring adherence to security policies. Drive the selection and integration of security technologies and services within cloud ecosystems (AWS, Azure, GCP preferred). Risk & Compliance Management: Lead threat modeling, risk assessments, and security posture management across cloud environments. Ensure architectural designs meet stringent regulatory compliance requirements relevant to the financial industry in Europe (e.g., data residency, privacy More ❯

architecture strategy. Act as a trusted security advisor to senior leadership and engineering teams. Guide the design and integration of secure solutions across applications, infrastructure, and data platforms. Perform threat modelling, architecture reviews, and propose mitigation strategies. Ensure alignment with European regulatory standards (e.g., GDPR, PSD2, DORA, NIS2). Embed DevSecOps into SDLC and CI/CD pipelines More ❯

an ad-hoc basis until the move has been completed Maintain Nessus vulnerability management, update systems, run scans and provide reports Cover email security using Mimecast Enterprise Real world threat modelling and incident response (mainly L3/L4 when required) Make suggestions and influence various areas of the business/group from a security perspective Automate tasks and … ideal) Microsoft Defender for EDR/XDR/MDR Nessus for vulnerability management Mimecast for email security SCCM/Intune for patch management L3/L4 Incident Response experience Threat Intelligence/modelling experience Automating tasks using PowerShell, Python etc What’s in it for you? In return you’ll be joining a well established organisation at an More ❯

of experience in security architecture to shape and secure cloud environments at scale. Key Responsibilities Architect secure, scalable cloud solutions on AWS aligned with business and compliance needs. Conduct threat modelling, risk assessments, and security reviews across cloud-native platforms. Collaborate with DevOps, engineering, and compliance teams to embed security best practices. Define and maintain security policies, standards More ❯

development and testing offerings. o Represent the function in client engagements, pre-sales discussions, and technical assessments. o Design and present tailored solutions based on customer-specific challenges and threat landscapes. o Collaborate on statements of work (SOWs) and influence product roadmaps. * Service Delivery Assurance o Oversee performance and quality of services delivered, ensuring SLA and KPI compliance. o … exposure, and accelerate secure delivery. o Collaborate with enterprise architects, engineering leads, and product owners to ensure security is embedded from ideation through to deployment and maintenance. o Champion threat modelling and secure design practices, ensuring development teams proactively identify and mitigate risks during the design phase. o Mentor and upskill engineering teams on secure coding, architectural risk More ❯

of Azure and Microsoft 365 cloud security controls and best practices. Deep understanding of cloud security architecture , the shared responsibility model, and infrastructure-as-code security principles. Experience with threat modelling, incident response, and forensic analysis in cloud environments. Familiarity with container security, Kubernetes, and hybrid or multi-cloud deployments is advantageous. Preferred certifications: Google Professional Cloud Security More ❯

and services. Familiarity with security standards and frameworks (e.g., ISO 27001, NIST, CIS). Knowledge of security technologies such as firewalls and web proxies; experience with ZTNA, CTI, and threat modelling is beneficial. Excellent communication and interpersonal skills. Ability to work effectively in a team-oriented environment. Strong problem-solving and analytical skills. Capacity to manage multiple projects More ❯

best practices, and support enterprise-wide Azure security initiatives. Key Responsibilities Design and implement secure architectures within Microsoft Azure, ensuring alignment with business and compliance requirements. Conduct Azure-specific threat modelling, risk assessments, and security reviews across infrastructure and applications. Collaborate with cloud engineering, DevOps, and compliance teams to embed security into the Azure development lifecycle. Define and More ❯

RAG pipelines, agentic workflows and document intelligence systems Embed cybersecurity and data privacy controls across all AI workflows (e.g., encryption, anonymisation, access logging) Collaborate with the CISO function on threat modeling, security reviews, and AI-specific control design. Integrate with enterprise IAM systems, enforcing RBAC, least privilege Conduct vulnerability scans, pen-test remediation, and support internal and regulatory audits More ❯

RAG pipelines, agentic workflows and document intelligence systems Embed cybersecurity and data privacy controls across all AI workflows (e.g., encryption, anonymisation, access logging) Collaborate with the CISO function on threat modeling, security reviews, and AI-specific control design. Integrate with enterprise IAM systems, enforcing RBAC, least privilege Conduct vulnerability scans, pen-test remediation, and support internal and regulatory audits More ❯

work across architecture, engineering, and compliance teams to ensure secure-by-design principles are embedded throughout the Azure environment. Key Responsibilities: Design and implement secure Azure cloud architectures Lead threat modelling, risk assessments, and security reviews Define and enforce cloud security policies and governance Integrate security into CI/CD pipelines and DevOps practices Provide guidance on Azure More ❯

Please be aware that RRP is non contractual and subject to review. Main duties of the job As a Senior Cyber Security Advisor, you will: Conduct security assessments and threat modelling, articulate cyber risk and recommend mitigating controls to ensure systems are designed securely. Provide specialist cyber security guidance aligned to NHSE security policy and industry best practice More ❯

and deploy detection logic across SIEM, EDR and cloud security platforms. Build detections aligned with frameworks such as MITRE ATT&CK and continuously tune for accuracy and performance. Conduct threat modelling and participate in purple team exercises to assess and improve detection effectiveness. Use Detection-as-Code principles to manage detection rules via version control, CI/CD … pipelines and automated testing frameworks. Reduce false positives through tuning, enrichment and contextual awareness. Skills Expertise in detection engineering, threat hunting, or a related Cyber Security field. Proficiency in Sentinel, KQL, XDR and Splunk is required. Experience with SIEM platforms (e.g. Splunk, Sentinel, Elastic), EDR tools (e.g. CrowdStrike, SentinelOne), and/or cloud-native security services (e.g. AWS GuardDuty … GCP Chronicle). Ability to create and iterate on detection content (e.g. SIEM rules, correlation searches and detection-as-code signatures) to proactively identify malicious behaviour and improve threat visibility and reduce false positives Familiarity with MITRE ATT&CK framework and threat detection lifecycle. More ❯

securing cloud-first strategies, ensuring robust architecture and compliance across a complex digital estate. Key Responsibilities Design and implement secure Azure architectures aligned with business and regulatory requirements. Lead threat modelling, risk assessments, and security reviews across cloud and hybrid environments. Collaborate with engineering, DevOps, and compliance teams to embed security best practices. Define and enforce security policies More ❯

cybersecurity and data privacy controls across all AI workflows, including encryption, anonymisation, and access logging. Collaborate with CISO: Work closely with the Chief Information Security Officer (CISO) function on threat modelling, security reviews, and AI-specific control design. Enterprise Integration: Integrate with enterprise Identity and Access Management (IAM) systems, enforcing Role-Based Access Control (RBAC) and least privilege More ❯

cybersecurity and data privacy controls across all AI workflows, including encryption, anonymisation, and access logging. Collaborate with CISO: Work closely with the Chief Information Security Officer (CISO) function on threat modelling, security reviews, and AI-specific control design. Enterprise Integration: Integrate with enterprise Identity and Access Management (IAM) systems, enforcing Role-Based Access Control (RBAC) and least privilege More ❯

of experience in cloud or information security. Proven experience securing Google Cloud Platform (GCP) environments. Strong understanding of cloud security principles and native controls. Experience with incident response and threat modelling. Relevant certifications such as: Google Professional Cloud Security Engineer Azure Security Engineer Associate (AZ-500) Certified Cloud Security Professional (CCSP) Key Attributes Strong verbal and written communication skills. More ❯

of experience in cloud or information security. Proven experience securing Google Cloud Platform (GCP) environments. Strong understanding of cloud security principles and native controls. Experience with incident response and threat modelling. Relevant certifications such as: Google Professional Cloud Security Engineer Azure Security Engineer Associate (AZ-500) Certified Cloud Security Professional (CCSP) Key Attributes Strong verbal and written communication skills. More ❯

practices into DevOps workflows (e.g., SAST, DAST, SCA, secrets management).* Collaborate with development, operations, and security teams to implement and ensure secure coding and deployment practices.* Advise on threat modeling, risk assessments, and vulnerability management.* Provide expert guidance on cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes).* Develop and enforce security policies, standards, and best More ❯

services and best practices. Solid understanding of cloud security principles, including shared responsibility model, cloud native security controls, and infrastructure as code security. Experience with security incident response and threat modelling. Google Professional Cloud Security Engineer Azure Security Engineer Associate (AZ-500) Certified Cloud Security Professional (CCSP) This is very much a hands-on role requiring GCP and Azure More ❯

services and best practices. Solid understanding of cloud security principles, including shared responsibility model, cloud native security controls, and infrastructure as code security. Experience with security incident response and threat modelling. Google Professional Cloud Security Engineer Azure Security Engineer Associate (AZ-500) Certified Cloud Security Professional (CCSP) This is very much a hands-on role requiring GCP and Azure More ❯

Business to identify and mitigate risks. Translate complex technical risks into business-friendly language for executive audiences. Improve and evolve security risk assessment methodologies for advanced AI systems. Develop threat models and propose compensatory controls. Present findings to internal governance groups and help shape AI risk frameworks. Required Skills & Experience 10+ years of professional experience, including demonstrable AI/ More ❯

and the measurement of controls. Experience of IT Security documentation (policies, standards, processes, procedures and patterns). Experience of IT Health Check and Vulnerability Assessments Experience of risk and threat modelling. Qualifications: accreditation/assurances CISM/XCCP/ISO 27001 To apply, please submit your most recent CV for review. More ❯

role requires deep expertise in SIEM platforms, including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling. You will be instrumental in building and optimizing our detection and response strategies. Job Duties SIEM Engineering & Management Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel, Defender … Chronicle). Onboard and normalize log sources across cloud and on-prem environments. Develop and optimize analytical rules for threat detection, anomaly detection, and behavioural analysis. Skills Must be able to obtain SC Clearance or already hold SC clearance. SIEM Expertise: Hands-on experience with at least two of the following: Splunk IBM QRadar Microsoft Defender for Endpoint Microsoft More ❯