1 to 25 of 124 Permanent Threat Modelling Jobs in England

a strong working knowledge of Defence Standards DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1 . If you're an experienced professional with strong capabilities in threat modelling , risk assessment , and secure systems architecture , we want to hear from you. Role Responsibilities: Integrate security controls throughout the product development lifecycle Conduct detailed threat modelling … NIST frameworks (including NIST 800-30, NIST 800-53) - non-negotiable Working knowledge of DefStan 05-138 (Issue 3) and DefStan 05-139 (Issue 1) is essential Proficiency in threat modelling methodologies and tools (e.g., STRIDE, DREAD, Attack Trees) Familiarity with other standards such as ISO/IEC 27001, ISO 27005, OWASP, and MOD ISN 23/ More ❯

a strong working knowledge of Defence Standards DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1 . If you're an experienced professional with strong capabilities in threat modelling , risk assessment , and secure systems architecture , we want to hear from you. Role Responsibilities: Integrate security controls throughout the product development lifecycle Conduct detailed threat modelling … NIST frameworks (including NIST 800-30, NIST 800-53) - non-negotiable Working knowledge of DefStan 05-138 (Issue 3) and DefStan 05-139 (Issue 1) is essential Proficiency in threat modelling methodologies and tools (e.g., STRIDE, DREAD, Attack Trees) Familiarity with other standards such as ISO/IEC 27001, ISO 27005, OWASP, and MOD ISN 23/ More ❯

intersection of Salesforce development and security engineering . You'll play a critical role in enhancing the security posture of our Salesforce platform-contributing directly to secure code practices, threat modelling, and security testing across our CI/CD pipeline. This role is ideal for someone with engineering roots who has evolved into the security space and is … to assess and uplift Salesforce security maturity. Own and improve pipeline security including static code analysis (SAST), dynamic application security testing (DAST), dependency checks, and secure deployment patterns. Conduct threat modelling for Salesforce-based estates, identifying and mitigating risks early in the development lifecycle. Perform and refine security tests across APIs and applications within the Salesforce environment. Work … how engineering and security intersect. Strong grasp of secure coding practices and experience running DAST/SAST on Salesforce environments. Exposure to or working knowledge of DSOMM , OWASP, and threat modelling methodologies. Experience integrating security into CI/CD pipelines , especially in complex enterprise platforms. Ability to approach platform security from an engineering-first mindset , not just compliance. More ❯

us embed secure-by-design thinking across the BBC. You'll work hands-on with engineering teams, applying InfoSec-led policies and architecture in delivery contexts. You'll support threat modelling, promote secure coding practices, and help scale Secure SDLC across the organisation - without reinventing governance or duplicating policy. It's a high-trust role with real impact … InfoSec on shared tooling, templates and enablement. Help teams adopt secure coding standards and integrate automated security checks (SAST, DAST, dependency scanning) into CI/CD pipelines. Participate in threat modelling using InfoSec-led methodologies and coordinate validation and review workflows. Review technical designs, proposals and code for alignment with security policies, architecture patterns and assurance requirements. Act … credibly - whether explaining risk trade-offs to a squad or feeding technical insight into an assurance board. It's a bonus if you've also: Facilitated or contributed to threat modelling sessions using frameworks like STRIDE or DFDs. Reviewed designs and code with a security lens and an eye for policy alignment. Navigated delivery in regulated, public service More ❯

strategy across infrastructure, applications, and data. Lead hands-on development of security roadmaps, maturity models, and control frameworks tailored to Fuse's risk profile. Directly contribute to architecture reviews, threat modelling sessions, and key design decisions across product and platform teams. Build and mentor a high-performing security team, including hiring, coaching, and managing performance. Develop KPIs and … data protection, access control, and insider risk. Ensure compliance with SOC 2, ISO 27001, GDPR, and other relevant frameworks. Oversee security audits and third-party risk programs. Risk Management & Threat Intelligence Lead threat modelling, risk assessments, and security reviews of critical systems; design and deliver security awareness training programs for all employees to promote a culture of … proactive risk management. Build threat intelligence capabilities to stay ahead of emerging risks. Balance risk management with product and engineering velocity. Incident Response & Resilience Own response plans for high-severity threats and incidents. Build robust detection, containment, and remediation processes. Drive business continuity and disaster recovery strategy. Technology & Infrastructure Security Partner with engineering to embed security in the SDLC More ❯

architectural guidance for cryptographic key management, signing workflows, and secure APIs. Evaluate and enhance security of components related to digital asset management, identity systems, or transaction flows. Risk Management & Threat Modelling Conduct comprehensive threat modelling and risk assessments, especially around distributed or high-value transaction systems. Define controls for securing sensitive operations such as wallet integrations … off-chain/on-chain data flows, and internal tooling. Develop and manage internal threat intelligence processes to proactively identify and mitigate emerging risks. Security Operations & Incident Response Lead response to advanced threats and incidents, including analysis, containment, and remediation. Build and optimise detection mechanisms and playbooks for novel attack vectors, including abuse prevention and fraud detection. Governance, Compliance More ❯

part of our culture and success. How will you contribute? Secure SDLC Support : Assist in integrating security practices into the software development lifecycle, including design reviews and backlog grooming. Threat Modelling : Participate in structured threat modelling exercises with guidance from senior team members. Vulnerability Triage : Work with engineering teams to review findings from SAST, SCA, DAST … Experience working in SaaS, multi-tenant cloud environments. Knowledge of machine learning security (AI/ML model risks, LLM security best practices). Familiarity with attack surface management and threat intelligence. Relevant certifications (e.g., Security+, SSCP, GSEC) are a plus but not required. What do we offer? We value our people and offer a competitive salary along with company More ❯

Working with the development team in embedding security in the SDLC Provide assistance in risk management activities Support security-related incidents Support our log monitoring operations Take part in threat modelling sessions Support the teams in risk analysis of technical vulnerabilities Support our Security Champions Assist in the execution of Threat Hunts, pentests and Threat Modelling … AWS Certified Security Familiarity with TCP/IP, DNS, firewalls, VPNs, and VLANs. Basic experience with SIEMs and security logs Understanding of vulnerability management practices Understanding of penetration testing, Threat Hunting, Red Teaming methodologies Familiarity with application security and OWASP Top Ten Scripting languages Experience with capture-the-flags Familiarity with audit principles and different information security compliance standards More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current: Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing: Perform ad-hoc security assessments and provide expert More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current : Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing : Perform ad-hoc security assessments and provide expert More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current : Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing : Perform ad-hoc security assessments and provide expert More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current : Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing : Perform ad-hoc security assessments and provide expert More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current : Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing : Perform ad-hoc security assessments and provide expert More ❯

expertise to help security and engineering teams across the enterprise embed security into the product development lifecycles. This role is the key advisor on AppSec standards, secure development practices, threat modelling, and security tooling (e.g. SAST, DAST, SCA, IaC scanning, container security, etc.), ensuring consistency and maturity in how applications are built and maintained. By aligning teams with … e.g. vulnerability MTTR, scan coverage, risk acceptance trends) and report findings to leadership and the Global Cyber Council. Coordinate secure architecture reviews for critical application initiatives and provide consultative threat modelling support to large cross brand projects. Continuous Improvement & Innovation: Know the latest on emerging application security technologies, industry best practices, and threat trends. Evaluate new tools More ❯

engineering principles in the context of safety-critical systems and regulated environments. Demonstrated experience leading the development of cybersecurity assurance artefacts for certification programmes. Practical understanding of airworthiness risk modelling, threat identification, attack surface reduction, and aircraft-level threat scenarios. Ability to produce certification-ready documentation aligned to EASA/UK CAA guidance, including traceability to compliance … objectives. Strong communication and interpersonal skills, with the ability to translate complex cybersecurity concepts for engineering, safety, and programme stakeholders. Knowledge of aerospace cybersecurity policy, risk management, and threat intelligence as applied to aircraft development environments. Collaborative and detail-oriented, able to work across international teams and regulatory boundaries. Desired skills Experience supporting cybersecurity assurance within other EASA/… responding to regulatory audits, design reviews, and certification authority engagements. Understanding aircraft production and supply chain security, including configuration management, supplier assurance, and design data integrity. Exposure to digital threat modelling techniques tailored to aerospace domains (MITRE ATT&CK for ICS/Aerospace, STRIDE-LM). Ability to contribute to internal capability development, methodology refinement, and knowledge transfer More ❯

delivery of critical systems that protect citizens and national interests. Working with the Principal Security Architect, you will own security architecture for a major portfolio, translate business goals and threat intelligence into practical controls, and mentor SEO level architects to raise capability across multiple programmes. You will engage senior stakeholders, balance risk against usability and cost, and shape patterns … user centred delivery. You will analyse emerging threats, advise on proportional mitigations, and produce or tailor reference patterns covering identity, network segmentation, container security, data protection, and monitoring. By modelling risks with frameworks such as ISO 27005, NIST, or STRIDE, you will justify design choices to technical and non technical audiences and document them for re use. What You … Security Architect strategy, translating them into reusable templates and guardrails. Lead architecture reviews for high risk projects, providing actionable recommendations and tracking remediation through to closure. Perform and interpret threat modelling/pen test results, converting findings into road mapped improvements and measurable risk reductions. Advise on security controls for hybrid and cloud platforms (AWS, Azure, Kubernetes, serverless More ❯

Drive the integration of security into every stage of the Software Development Lifecycle (SDLC). Design, implement, and manage security controls to ensure secure product design, development, and deployment. Threat Analysis and Mitigation : Collaborate with cross-functional teams to perform threat modelling, identify security risks, and implement effective countermeasures. Proactively assess the security posture of applications through … vulnerability scanning solutions. Strong grasp of secure coding practices and proficiency in integrating security into the Software Development Lifecycle (SDLC). Technical Knowledge and Implementation experience: Direct experience with threat modelling, security reviews, and penetration testing. Proven ability to secure cloud-native architectures, containerization technologies, and Infrastructure as Code (IaC) environments. Familiarity with industry standards and frameworks such More ❯

to be the engineer that can dissect designs, model attack paths, and give hands-on examples to teams of what good looks like. On any given engagement you might threat model, assess pipelines, learn a DSL from a security vendor so that you can complete a proof of concept, or build toolkit to help your team. We don't … expect you to know it all. Responsibilities: Threat modelling & architecture reviews - break down new AWS-backed services, map trust boundaries, build attack trees, and define security requirements before a single line of code is merged. Security automation - write and maintain IaC-driven checks, custom Lambda/Step-Functions, CI/CD gates, and CSPM rules so that secure … About the candidate: Must-haves A minimum Bachelor's degree (2.1 or higher) is required in Computer Science, or in a Technology-related field Deep AWS internals knowledge Proven threat-modelling chops (STRIDE, attack-trees, or other methodologies ). Strong coding ability in at least one language (Python, Go, Rust, etc.). CI/CD security automation (GitHub More ❯

of applications. Collaborate with empowered teams to ensure secure design, development, implementation, and verification of applications. Provide remediation guidance and recommendations to developers and administrators. Participate in and advance threat modelling practices across the division. Help stakeholders make risk-based decisions. Train developers and create educational presentations. Develop tools and automation supporting responsibilities. What You Bring to The … identify threats. Excellent ability to communicate, verbally and in writing, complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management. Strong experience in threat modelling software systems. Certification in CISSP or CCSP, it's a plus. Strong problem-solving capabilities using various technologies. Capability to research a new topic and to learn More ❯

implement scalable security mechanisms and tooling across diverse customer environments and architectures. • Engage directly with CISOs, enterprise architects, and security executives to co-develop secure-by-design solutions. • Lead threat modelling, posture review, and detection design efforts targeting systemic risk. • Build automation and detection systems directly or in collaboration with engineering teams to reduce manual effort and accelerate … regulated or high-trust environments such as finance, energy, or government • Prior experience designing or contributing to security automation mechanisms at scale • Strong understanding of cloud-native security principles, threat modelling, and secure design patterns • Demonstrated ability to collaborate and deliver results across organisational and technical boundaries Amazon is an equal opportunities employer. We believe passionately that employing More ❯

Our Needs Fluent in English - both written and spoken Demonstrable experience as a Security Architect or similar role Strong knowledge of security standards, protocols, and best practices Experience with threat modelling, risk assessment, and incident response Familiarity with security tools (e.g., Snyk, OWASP ZAP) Excellent communication and collaboration skills Self-learner and ability to execute tasks without supervision … Ability to maintain the highest level of professionalism Activities Assess and design secure system architectures Define and enforce security policies and best practices Conduct threat modelling and risk assessments Collaborate with development teams to ensure secure coding practices Review and recommend security tools and technologies Respond to security incidents and perform root cause analysis Acquired Experiences and Demonstrable More ❯

on after. With you, we'll be a Product Security team of 4, sitting within a larger InfoSec team of 18. Our current projects include ongoing security assessments and threat models of new, in-house created AI-based systems, improving our security tools - such as SAST and SCA, refining a SLSA strategy, helping to roll out an upcoming bounty … product teams and third-party assessors when the situation calls for it Weighing in on technical architecture discussions, ensuring security is considered from the very inception of new features Threat modelling upcoming features, providing a more technical and hands-on steer when necessary to illustrate security concerns with proposed feature implementations Overseeing secure engineering training programmes, keeping our … learn the other too Fundamental networking and OS knowledge - you should know how to debug a failing DNS connection, comfortable with command line tools, and broader computing principles Comfortable threat modelling, assessing the balance between features and security. Being able to explain the trade-offs to less technical stakeholders Basic scripting knowledge - we have some in-house tools More ❯

drive awareness of security from the earliest stages of design through to deployment. You'll help integrate automated security tooling and checks into our CI/CD pipelines, facilitate threat modelling sessions, and review security-sensitive design decisions around authentication, cryptography, and logging. You'll also ensure that tools such as SAST, DAST, and SCA are effective and … in CI/CD Hands-on experience with security tools like SAST, DAST, and SCA Familiar with cloud environments (especially AWS), containers, and microservices Comfortable reviewing technical designs, performing threat modelling, and advising on secure architecture Strong communicator who collaborates well with engineers and promotes secure-by-default practices We might not be right for you if: You More ❯

that requires a higher level of resolution. Assist with Problem and Change management support for the resolution of incidents. Proactively identify opportunities of improvement from a technical perspective. Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring Pre-requisites: Experience of 9-12 years in advanced security technologies Strong security More ❯

organisation is seeking a VP-level DFIR Manager to lead its Digital Forensics and Incident Response (DFIR) team. This is a hands-on leadership role focused on incident response, threat detection, and forensics within a complex, regulated environment. You'll be responsible for advancing the organisation's incident response capabilities, leading investigations, and driving threat detection maturity through … development of use cases, threat intelligence, and vulnerability management. Key Responsibilities Lead the DFIR function, overseeing incident detection, investigation, and response activities. Develop and implement IR methodologies (MITRE ATT&CK, Kill Chain, Threat Modelling, Diamond Model). Conduct forensic investigations on systems, networks, and endpoints. Refine threat hunting and threat intelligence capabilities. Support and mature … security monitoring use cases (SIEM, packet inspection, IOCs). Coordinate cross-functional security incident response with SOC, Threat Intelligence, and Red/Blue teams. Engage with technical and business teams on cyber risk reduction strategies. Contribute to vulnerability management and remediation plans. Required Skills & Experience Proven experience managing DFIR or cyber incident response teams. Deep technical knowledge of IR More ❯