1 to 25 of 28 Permanent Threat Modelling Jobs in the North of England

expertise and excellence, working collaboratively across government to deliver holistic, customer centric cyber security services. This includes consultancy support that continually evolves to emerging technologies and the ever-changing threat and risk landscape. It is an exciting time to be part of our active and encouraging Cybersecurity and Architecture communities, working within HMRC and across HMG. As an Enterprise … TOGAF and SABSA and Framework adoption such as those in NIST 2.0. Security Tooling Roadmaps: Create detailed roadmaps for security tooling, incorporating vendor investment tracking, horizon scanning, and global threat landscape changes, and communicate these to stakeholders. Baseline Establishment and Design Patterns: Establish baselines for current security technologies and develop design patterns to support solution architects in implementing effective … DNS, NAC, NSPM, and architectures like SASE and Zero Trust. Application Security: Experience with SAST, DAST, RAST, IAST tools, integrating security into SDLC processes, OWASP, API security design, robust threat modelling, and containerization security. Data Security: Skilled in implementing information protection tools, key and secrets management, data loss prevention, and protective marking and classification capabilities. Cyber Security Operations More ❯

part in developing our vulnerability management program, working closely with our operational support, infrastructure, and development teams. Plus, you'll be right in the thick of security event monitoring, threat intelligence, and incident management - keeping us one step ahead! What you'll be doing: Delivering SOC Capabilities: You'll be a key team member in delivering ongoing Security Operations … possible and play a big part in evolving our security tooling and services. Policy & Standards: You'll champion the adoption and adherence to our InfoSec policy, standards, and guidelines. Threat Intelligence: You'll monitor and apply current and emerging threat intelligence, using tools like Google Threat Intelligence to proactively spot and tackle digital threats. Incident Response: You … Management (CSPM) tools. Knowledge of Cloud Workload Protection Platforms (CWPP) for securing containers, serverless workloads, and virtual machines. Working knowledge of DevSecOps methodologies. Ability to contribute to cloud solution threat modelling and secure design reviews. A bit about you: Passion! You're genuinely passionate about your career path and love what you do. Communication skills. You can express More ❯

part in developing our vulnerability management program, working closely with our operational support, infrastructure, and development teams. Plus, you'll be right in the thick of security event monitoring, threat intelligence, and incident management - keeping us one step ahead! What you'll be doing: Delivering SOC Capabilities: You'll be a key team member in delivering ongoing Security Operations … possible and play a big part in evolving our security tooling and services. Policy & Standards: You'll champion the adoption and adherence to our InfoSec policy, standards, and guidelines. Threat Intelligence: You'll monitor and apply current and emerging threat intelligence, using tools like Google Threat Intelligence to proactively spot and tackle digital threats. Incident Response: You … CSPM) tools. Knowledge of Cloud Workload Protection Platforms (CWPP) for securing containers, serverless workloads, and virtual machines. Working knowledge of DevSecOps methodologies . Ability to contribute to cloud solution threat modelling and secure design reviews. A bit about you: Passion! You're genuinely passionate about your career path and love what you do. Communication skills. You can express More ❯

delivery of critical systems that protect citizens and national interests. Working with the Principal Security Architect, you will own security architecture for a major portfolio, translate business goals and threat intelligence into practical controls, and mentor SEO level architects to raise capability across multiple programmes. You will engage senior stakeholders, balance risk against usability and cost, and shape patterns … user centred delivery. You will analyse emerging threats, advise on proportional mitigations, and produce or tailor reference patterns covering identity, network segmentation, container security, data protection, and monitoring. By modelling risks with frameworks such as ISO 27005, NIST, or STRIDE, you will justify design choices to technical and non technical audiences and document them for re use. What You … Security Architect strategy, translating them into reusable templates and guardrails. Lead architecture reviews for high risk projects, providing actionable recommendations and tracking remediation through to closure. Perform and interpret threat modelling/pen test results, converting findings into road mapped improvements and measurable risk reductions. Advise on security controls for hybrid and cloud platforms (AWS, Azure, Kubernetes, serverless More ❯

Security at Heywood, your role will be to develop, shape and update the Company’s information security capability, ensuring our hybrid cloud environment remains secure against an ever-changing threat landscape. Key responsibilities include: Information security strategy Continue to develop the Information Security Strategy, ensuring alignment to the Company’s IT strategy and business goals and create the required … Information Security Management System (“ISMS”) Responsible for the Company’s information security capabilities, including the technical training and awareness of colleagues, ensuring it remains prepared against an ever-changing threat landscape Work with the other department heads to develop a security community and security conscious culture. Operational input Contribute to design and architectural decisions and improve the approach to … the Company’s threat modelling Lead on information security incidents and work directly with internal teams and external parties on containment and mitigation activities, as well as preparing for incidents by running threat simulations, tabletop and red team exercises Assess emerging and potential security threats using the Cyber Risk Management Framework and act proactively to mitigate relevant More ❯

company’s information security strategy and operations. You’ll play a key role in ensuring the organisation’s hybrid cloud environment is secure, compliant, and resilient against an evolving threat landscape. Key Responsibilities Strategic Leadership Develop and maintain the Information Security Strategy aligned with IT and wider business goals Build and implement policies, procedures, and board-level metrics to … organisation’s Cyber Risk Management Framework Drive a security-aware culture across departments through training, communication, and engagement Operational Security Oversight Support architectural decisions and strengthen the company’s threat modelling approach Lead incident response efforts and run simulations, red team exercises, and readiness activities Conduct proactive assessments of emerging threats and implement mitigation strategies Oversee vulnerability management More ❯

and public cloud data centers. What you'll Need to Succeed: Strong foundations in software engineering. Minimum of 7 years of technical experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security. Minimum 2 years experience with Software Development Life Cycle in one or more … cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.) Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Strong background in threat modeling. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10). Familiarity with automated dynamic scanners, fuzzers, and proxy tools. An analytical mind for problem solving More ❯

I am hiring a Lead DevSecOps Consultant on behalf of an exciting consultancy specialising in specialising in cyber security solutions. Their expertise includes risk and threat assessments, ensuring robust security measures for existing and new technologies. They promote a security-focused mindset within DevOps teams, coordinate penetration testing, and document security risks. They foster effective teamwork and manage client … Guide your team in creating forward-thinking approaches to security for various projects, integrating cutting-edge technologies to establish resilient and efficient practices. Proactive Risk Management -Perform assessments and modelling to identify potential threats and implement tailored safeguards for projects and clients. Collaborative Engagement and Leadership - Enhance security awareness and help to develop both the technical and soft skills … Essential: Minimum of 3 years experience in team leadership within cyber security Minimum 5 years experience in DevSecOps or a similar technically focused role Strong leadership skills Expertise in Threat Modelling Strong knowledge of Cloud and Infrastructure Security Experience with compliance of Frameworks and Standards such as ISO 27001, NIST, GDPR etc. Solution oriented mindset Strong interpersonal skills More ❯

security designs as they pertain to the cyber domain. Decomposing cyber and security requirements down to the system control level. Conducting cyber and information security risk assessment activities including threat modelling, vulnerability analysis and analysis of mitigations. Scoping and managing security verification & validation activities and remedial action plans. Coordinating with product engineers, system architects, and developers to provide More ❯

commercial awareness, assessing supplier proposals and driving cost-effective security solutions Ability to integrate security with software innovation while ensuring adherence to organisational standards Expertise in security methodologies, including threat modelling and risk assessment Deep understanding of technology trends and industry standards in information security Proven track record of delivering security-focused assets, including incident reports, secure coding More ❯

engineering partners with cutting-edge tools, techniques, and methodologies to naturally build secure products. What you'll Need to Succeed/Role Requirements: Strong foundations in secure design reviews, threat modeling experience, code reviews, pen-testing Minimum of 3 years of technical experience with any combination of the following: threat modeling experience, secure coding, identity management and authentication … of security principles, compliance regulations, and change management. Experience in running assessments using OWASP MASVS and ASVS. Working knowledge on exploiting and fixing application vulnerabilities. Proven expertise in architectural threat modeling and conducting secure design reviews. In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10 or SANS top 25). Familiarity with automated dynamic scanners, fuzzers More ❯

of security in at least one of the following areas: IP networking & OT On-premises architecture and Virtualization Cloud platforms and Containerization Databases and LLMs Mobile Technologies & Application security Threat modeling techniques to identify security threats to systems, leading to the definition of Security requirements. Managing security requirements through the delivery and operational life cycle of a system. Provision … of authoritative specialist security advice in: Risk and threat-based mitigation to system designs. Control frameworks such as NIST, ISO, CIS. Protective monitoring, Authentication and authorization best practices. Develop excellent working relationships with key stakeholders, peers and subordinates. Communicating effectively verbally and in writing, demonstrated through: Effectively explain complex technical solutions to a non-technical audience. Writing meaningfully to More ❯

Threat Hunter UK (Manchester, Cheltenham or London) We are seeking a highly capable and hands-on Threat Hunter to design and lead a professional threat hunting capability focused on identifying sophisticated adversaries through hypothesis-driven analysis and automation. You will be responsible for proactively detecting and analysing advanced threats across the customers environment. Ensuring our threat models and threat hunts are tightly aligned to industry risks to the customer. This is a high-impact role with significant autonomy. You'll need to think critically, and hunt methodically. As a Threat Hunter, you will actively search for cyber threats that evade traditional security solutions. Your role will involve conducting in-depth analysis, identifying indicators … of compromise (IOCs), and working cross-functionally with the Security Operations Centre Analysts, Detection Engineers, Privacy Team and Engineering Team to mitigate risks. Summary Threat Detection and Monitoring: Design, build, and own a formal threat hunting program with a strong emphasis on hypothesis-based hunting methodologies. Use threat intelligence, MITRE ATT&CK, and risk models to form More ❯

Event Hub Practical experience with Infrastructure as Code tools like Terraform and Bicep Excellent communication skills and the ability to support and mentor junior colleagues Desirable Skills Experience with threat modelling Background working on globally distributed systems Exposure to financial services or highly regulated environments Who Should Apply: This role is suited to individuals seeking a challenging, high More ❯

Event Hub Practical experience with Infrastructure as Code tools like Terraform and Bicep Excellent communication skills and the ability to support and mentor junior colleagues Desirable Skills Experience with threat modelling Background working on globally distributed systems Exposure to financial services or highly regulated environments Who Should Apply: This role is suited to individuals seeking a challenging, high More ❯

Event Hub Practical experience with Infrastructure as Code tools like Terraform and Bicep Excellent communication skills and the ability to support and mentor junior colleagues Desirable Skills Experience with threat modelling Background working on globally distributed systems Exposure to financial services or highly regulated environments Who Should Apply: This role is suited to individuals seeking a challenging, high More ❯

Event Hub Practical experience with Infrastructure as Code tools like Terraform and Bicep Excellent communication skills and the ability to support and mentor junior colleagues Desirable Skills Experience with threat modelling Background working on globally distributed systems Exposure to financial services or highly regulated environments Who Should Apply: This role is suited to individuals seeking a challenging, high More ❯

Event Hub Practical experience with Infrastructure as Code tools like Terraform and Bicep Excellent communication skills and the ability to support and mentor junior colleagues Desirable Skills Experience with threat modelling Background working on globally distributed systems Exposure to financial services or highly regulated environments Who Should Apply: This role is suited to individuals seeking a challenging, high More ❯

Event Hub Practical experience with Infrastructure as Code tools like Terraform and Bicep Excellent communication skills and the ability to support and mentor junior colleagues Desirable Skills Experience with threat modelling Background working on globally distributed systems Exposure to financial services or highly regulated environments Who Should Apply: This role is suited to individuals seeking a challenging, high More ❯

and controls. Your work will directly impact our global user base Focusing on Automation. Developing automated, scalable security solutions. Efficiency is key Administering HashiCorp Vault for secrets management Performing threat modeling and analysis to identify and mitigate security risks Managing PKI, TLS, and GPG infrastructure Applying cryptography and security design principles to cloud environments Documenting playbooks, procedures, and architecture … of working with consumer products, web apps, and mobile apps Proficiency in understanding authentication, authorization, and cryptography, with familiarity around modern security standards and best practices. Proficiency in data modelling of roles, permissions, and capabilities Experience with OAuth 2.0 nuances, best practices, and shortcomings Experience securely running and operating web applications, web services, and service-oriented architecture in production More ❯

and controls. Your work will directly impact our global user base Focusing on Automation. Developing automated, scalable security solutions. Efficiency is key Administering HashiCorp Vault for secrets management Performing threat modeling and analysis to identify and mitigate security risks Managing PKI, TLS, and GPG infrastructure Applying cryptography and security design principles to cloud environments Documenting playbooks, procedures, and architecture … of working with consumer products, web apps, and mobile apps Proficiency in understanding authentication, authorization, and cryptography, with familiarity around modern security standards and best practices. Proficiency in data modelling of roles, permissions, and capabilities Experience with OAuth 2.0 nuances, best practices, and shortcomings Experience securely running and operating web applications, web services, and service-oriented architecture in production More ❯

instrumental in driving SOC maturity, optimizing license consumption, and enhancing security visibility across the enterprise. Key Responsibilities Lead the investigation and resolution of high-severity security incidents Conduct proactive threat hunting using Microsoft Sentinel and the Defender suite Develop and fine-tune analytic rules, detection use-cases, and SOAR playbooks Monitor and optimise license consumption across Microsoft security tools … performance of Microsoft security tools Mentor junior SOC analysts and contribute to internal capability development Maintain and enhance incident response playbooks, processes, and documentation Produce regular performance metrics and threat intelligence summaries Required Skills & Experience 5+ years in cybersecurity, with at least 2+ years at SOC Level 3 or senior analyst level Strong expertise in Microsoft Azure , including security … understanding of log management (onboarding, parsing, retention strategies) Demonstrated ability to build and manage detection use cases aligned with evolving threats Familiarity with the MITRE ATT&CK framework and threat modeling Solid understanding of Windows, Linux, networking, and endpoint security Skilled in threat intelligence, digital forensics, and advanced incident handling Experience with SOAR platforms and security automation Excellent More ❯

Our Needs Fluent in English - both written and spoken Demonstrable experience as a Security Architect or similar role Strong knowledge of security standards, protocols, and best practices Experience with threat modelling, risk assessment, and incident response Familiarity with security tools (e.g., Snyk, OWASP ZAP) Excellent communication and collaboration skills Self-learner and ability to execute tasks without supervision … Ability to maintain the highest level of professionalism Activities Assess and design secure system architectures Define and enforce security policies and best practices Conduct threat modelling and risk assessments Collaborate with development teams to ensure secure coding practices Review and recommend security tools and technologies Respond to security incidents and perform root cause analysis Acquired Experiences and Demonstrable More ❯

solutions from design through to delivery. Develop reusable security patterns, architecture principles, and frameworks. Drive security architecture across digital programmes such as ITSM (ServiceNow) and back-office modernisation. Conduct threat modelling , risk analysis, and define security requirements for systems including remote access (VPNs) and secure OT-to-IT data exchange. Ensure compliance with industry standards such as ISO27001 More ❯

applying security technologies to architectures and solution designs, such as Privilege Access Management, SSO, IDAM, Network security and encryption Understanding of IT infrastructure, technical concepts, and design methodologies Understand threat modelling and development of reference architecture Ability to learn and adapt quickly Preferred hands on experience in Network and/or Cloud security Ideally hold SABSA/TOGAF More ❯