25 of 25 Contract Threat Modelling Jobs in the UK

Architect) to support public sector digital and technology programmes by embedding security early in project lifecycles. The role focuses on defining security requirements, conducting threat modelling, and advising delivery teams on proportionate, technically sound security controls. You will work closely with technical design and delivery teams, operating independently … prem, and application environments. Key Responsibilities Draft and define security requirements aligned to the Cyber Assessment Framework (CAF) Facilitate and participate in group threat-modelling sessions with technical delivery teams Produce clear threat statements as outputs of threat-modelling activities Undertake independent research to: Identify ...

primary security partner for product and engineering teams - ensuring applications are designed, built and maintained with robust security at their core. You will lead threat modelling, manage vulnerability backlogs, support incident response, and help uplift security maturity across development squads. Key Responsibilities Define and implement product security policies … tooling and standards across the SDLC Lead threat modelling for new and existing applications Own the product vulnerability backlog, prioritising and tracking remediation Liaise on bug bounty findings and ensure timely fixes Conduct root cause analysis for security incidents and systemic issues Act as Incident Commander or Investigation ...

privileged access Design secure network architectures covering encryption, key management, and secure connectivity Embed application security principles , including secure APIs, data protection, and threat modelling Ensure systems are designed for security resilience , availability, and risk mitigation Collaborate with engineering, platform, and delivery teams to embed security across … Deep knowledge of IAM , authentication, authorisation, and privileged access management Strong background in network security , encryption, and key management Experience with application security , including threat modelling and secure data flows Ability to design systems with security resilience built in Active SC Clearance Nice-to-Have Skills Hands ...

teams, and strengthening enterprise security posture-particularly across Microsoft 365, Azure, data platforms, and AI-enabled solutions. You will play a key role in threat modelling, risk assessments, guardrail design & implementation, and delivering practical security guidance for engineering, data, and application/product teams. Rationale/deliverables: Contribute … enhanced productivity systems Support the roll-out of the new AI information security control framework Support the Data governance team Key Responsibilities Perform threat modelling (STRIDE), guardrail definition, and security posture assessments across applications, data platforms, APIs, cloud services, and SaaS ecosystems. Identify security control gaps , especially around ...

delivery without owning build or operations. Key Responsibilities Attend regular project and design meetings to understand requirements and delivery milestones. Perform initial and iterative threat modelling for new features, integrations, and architectural changes. Advise on secure architecture design, including IAM, network segmentation, encryption, and data protection. Recommend … being consistently applied. Essential Experience Proven experience as a Security Architect or senior cyber security consultant in digital delivery environments. Strong Secure by Design, threat modelling, and risk-based security expertise. Experience advising product teams in agile, cloud-based delivery contexts. Confident engaging with architects, developers, and delivery ...

privileged access Experience with network security, encryption, key management, and secure connectivity Knowledge of application security principles, including secure APIs, data protection, and threat modelling Experience designing for security resilience. Desirable Skills: Hands-on experience with cloud security services and tooling (e.g. AWS Security Hub, Azure Defender, Sentinel ...

World Class Defence Organisation based in Stevenage, Hertfordshire is currently looking to recruit 8x SOC Threat Detection Analyst subcontractors on an initial 6 month contract. This role can start on an SC Security Clearance basis, however DV Clearance will be required down the line. This role would suit someone … from a Cyber Security Analyst, SOC Analyst or Threat Detection Analyst background. Hourly Rate: £45ph - £85 per hour. There are 8 positions being recruited across the mid-senior level. Overtime rate of time and a quarter. Contract Duration: 6 Months initially and long-term thereafter. Shift pattern ...

industries Ability to produce high-quality architectural documentation Confidence engaging with senior stakeholders and regulatory bodies Familiarity with NIST, SANS, ITU frameworks Experience in threat modelling, risk assessment, and audit engagement Technical areas you'll influence: Application security & secure SDLC Network/app segmentation & micro-segmentation Zone-based … architectures and secure legacy migration WAAP, NGFW, NIDS/NIPS, DDoS protection API gateways, reverse proxies, AuthN/AuthZ Architecture modelling tools (BizzDesign, Archi, UML) Working across hybrid legacy and modern networking landscapes Preferred qualifications: Degrees in Cybersecurity, Computer Science, Software Engineering, or related fields Architecture certifications such ...

commit to working in Central London 1 day a week. Job Requirements: Work with project teams to understand product requirements and delivery milestones. Conduct threat modelling to identify security risks across applications, integrations, and cloud-based architectures . Advise on secure-by-design solutions , including access controls, encryption ...

outcomes. About You We're looking for someone with a blend of technical expertise and delivery mindset: Hands-on application security experience: secure coding, threat modelling, SAST/DAST tooling. Strong knowledge of SDLC and CI/CD integration, with experience securing software throughout its lifecycle. Pragmatic, delivery ...

security practices across CI/CD and operational environments. Experience required: Hands on experience working with SIEM technologies and security monitoring Awareness of modern threat models (eg. MITRE ATT&CK) Understanding of CI/CD pipelines and security controls within DevOps environments Building and maintaining SOC detections ...

through to commissioning and in-service support. Role Overview You will act as the cyber security assurance lead, providing technical leadership across: Security architecture Threat & risk assessment Standards & compliance Security testing & validation Assurance documentation You'll work closely with product, delivery, and customer security teams to ensure security … support) Engage with customer security teams to align on strategy, assurance, and risk appetite Define security requirements and design secure architectures (zones & conduits) Perform threat modelling and risk assessments; define appropriate controls Define and oversee security testing, including FAT, SAT, and penetration testing Assess third-party components against ...

Define and maintain engineering and architectural standards, patterns, and best practices. Conduct option evaluations, risk assessments, and make informed technology recommendations. API, Integration & Data Modelling Design API ecosystems including versioning, discovery, governance, throttling, and security. Define schemas, data contracts, and integration patterns for internal and external systems. Promote consistent … point of contact for architectural decision-making. Security, Compliance & Quality Assurance Ensure secure-by-design principles across all solutions. Support threat modelling, risk assessments, and compliance with security and data protection requirements. Drive non-functional requirement definition (performance, scalability, availability, resilience). Support test strategy and quality engineering ...

services + maintaining a strong security culture. Investigating security incidents and breaches, performing vulnerability scans for releases, vulnerability risk assessments + remediation planning. Conducting threat modelling to identify risks and inform secure design decisions. Providing assurance over patching operations, release notes + change management activities. Assessing external threat ...

services + maintaining a strong security culture. Investigating security incidents and breaches, performing vulnerability scans for releases, vulnerability risk assessments + remediation planning. Conducting threat modelling to identify risks and inform secure design decisions. Providing assurance over patching operations, release notes + change management activities. Assessing external threat ...

fundamentally different remit. Key Responsibilities Embed Secure by Design principles across system, software and infrastructure development Support delivery teams with security requirements definition, threat modelling and risk assessment Interpret and apply relevant defence and government security policies and standards Identify security risks early and support proportionate mitigation strategies ...

production rollout. Define secure user journeys for remote password reset and identity verification. Ensure alignment to enterprise security standards, compliance and threatmodelling outputs. Produce architecture artefacts (HLD, LLD, patterns, data flows, integration specs). Guide engineers during build and validate controls in testing. Essential Experience Strong background ...

security testing including SAST, DAST, and penetration testing. Understanding of authentication and authorization frameworks (OAuth, JWT, SAML) and familiarity with secure coding practices and threat modelling Experience in test automation tools, frameworks, and practices. The successful candidate will have experience working in a fast-paced and multi-vendor ...

microservices (e.g., Kubernetes, Docker) Build and integrate security solutions for DevSecOps pipelines and collaborate with cross-functional teams to deploy them globally Perform threat modeling for cloud-based workloads and develop corresponding countermeasures Review and assess new third-party cloud and on-premises solutions to identify potential security risks … GitHub Hands-on experience with Infrastructure as Code (IaC) and Policy as Code (PaC) technologies, including Terraform and CloudFormation Demonstrated skills in cloud threat modeling and architectural assessment using tools like IriusRisk Strong knowledge of compliance benchmarks (e.g., CIS, GDPR, PCI-DSS, ISO standards) and industry cloud security standards ...

Role: Lead each project and programme with Secure by Design Identify security risks, constraints, and dependencies, and translate these into clear, prioritised recommendations. Facilitate threat modelling and risk workshops with multidisciplinary teams. Define pragmatic security control expectations aligned to service risk and context. Produce concise written outputs that ...

Secure by Design discovery and assessment activities across digital services Identify security risks, constraints, and dependencies, and translate these into clear, prioritised recommendations. Facilitate threat modelling and risk workshops with multidisciplinary teams. Define pragmatic security control expectations aligned to service risk and context. Produce concise written outputs that ...

modules), and network segmentation for hybrid environments. DevSecOps: Integrating SAST/DAST tools into CI/CD pipelines and automating compliance checks. Security Documentation Threat Modeling: Using frameworks to identify risks in legacy-to-modern transitions. Security Control Sets: Defining controls for data encryption, access management, and audit logging … functional teams (developers, ops, risk owners) to align security with business objectives. Risk Appetite Management: Balancing security requirements with project timelines and budgetary constraints. Threat assessments and risk registers. Security Controls Statement of Applicability . Pre- and post-ITHC compliance reports. UK Government Experience: - Preferred to have 3 years ...

Responsibilities: Security Policy Development: Define and implement robust security policies and tooling across the product lifecycle, ensuring security is integrated from the ground up. Threat Modeling Leadership: Lead threat modeling sessions for both new and existing applications, guiding teams to ensure documented and actionable outputs. Vulnerability Management: Oversee … Incident Commander during incident response efforts, including facilitating tabletop exercises to enhance our incident readiness. Skills & Experience: Expertise: Deep knowledge in vulnerability management, threat modeling, security architecture, and secure software development lifecycle (SDLC) practices. Incident Response Skills: Strong background in incident response, root cause analysis, and managing bug bounty ...

support Central Government on a high-profile contract. This role is ideal for someone with deep expertise in AI security, risk management, and threat mitigation, particularly in government or highly regulated environments. The Role You will play a critical role in ensuring AI systems are secure, compliant, and resilient … with Secure by Design principles Defining and implementing AI governance, risk management, and mitigation strategies, following GDS (Government Digital Service) and NIST frameworks Conducting threat modeling, vulnerability assessments, and security audits for AI systems Advising stakeholders on secure AI development practices, prompt engineering, and safe AI agent deployment Supporting ...

security architecture posture (Entra ID/OIDC, encryption, key management, network zoning, data protection). Produce a high-level design (HLD) with C4 diagrams, threat model (e.g., STRIDE), privacy/data handling assessment, and decision logs (ADRs). Build the architecture runway for Phase 2, with principles, patterns, guardrails … estimated remediation effort. Deliverables (by end of the audit) HLD with current vs target C4 diagrams. Threat model and NFR catalogue with measurable acceptance criteria. Architectural risk/assumptions/issues log and ADRs. Option analysis with cost/benefit and effort estimates. Phased roadmap, integration inventory, and high ...