1 to 25 of 90 Permanent Threat Modelling Jobs in the UK

play a critical role in designing, assuring, and delivering secure solutions across our client engagements. You will champion Secure by Design principles and lead threat modelling activities to ensure risks are identified and mitigated early in the lifecycle. Working closely with stakeholders, you will define security architectures, ensure … Design - Embed security into every stage of the solution lifecycle, ensuring systems are designed with security controls from the outset rather than retrofitted. Threat Modelling - Lead and facilitate threat modelling exercises (e.g. STRIDE), identifying vulnerabilities and defining mitigations early in delivery Risk Assessment - Identify, assess ...

position offering the opportunity to work with a diverse portfolio of clients, helping them strengthen their security posture and manage risk in an evolving threat landscape. You will play a key role in delivering security advisory services, conducting assessments, and supporting organisations in aligning with industry standards and best … practices. The role will also involve supporting clients with modern security challenges including threat modelling, secure-by-design practices, and emerging AI security considerations. Key Responsibilities Provide expert guidance on information security strategies, frameworks, and best practices Conduct security risk assessments, gap analyses, and audits Support clients ...

roadmap, backlog and design decisions. Work with colleagues across product, development, and networks & infrastructure to embed security across the product lifecycle. Carry out threat modelling, secure design reviews and technical risk assessments for new and existing product capabilities. Assign pragmatic risk levels and support sensible prioritisation of remediation … software-led environment. Good understanding of how product and development teams operate, including how security considerations are balanced alongside product delivery. Strong experience of threat modelling, secure design review, vulnerability assessment and remediation prioritisation. The judgement to assess exploitability and business impact pragmatically Practical experience applying security across ...

roadmap, backlog and design decisions. Work with colleagues across product, development, and networks & infrastructure to embed security across the product lifecycle. Carry out threat modelling, secure design reviews and technical risk assessments for new and existing product capabilities. Assign pragmatic risk levels and support sensible prioritisation of remediation … software-led environment. Good understanding of how product and development teams operate, including how security considerations are balanced alongside product delivery. Strong experience of threat modelling, secure design review, vulnerability assessment and remediation prioritisation. The judgement to assess exploitability and business impact pragmatically Practical experience applying security across ...

roadmap, backlog and design decisions. Work with colleagues across product, development, and networks & infrastructure to embed security across the product lifecycle. Carry out threat modelling, secure design reviews and technical risk assessments for new and existing product capabilities. Assign pragmatic risk levels and support sensible prioritisation of remediation … software-led environment. Good understanding of how product and development teams operate, including how security considerations are balanced alongside product delivery. Strong experience of threat modelling, secure design review, vulnerability assessment and remediation prioritisation. The judgement to assess exploitability and business impact pragmatically Practical experience applying security across ...

engineering teams to embed automated security testing and guardrails into development workflows. Define, implement, and maintain secure development standards, including secure coding guidelines, threat modelling practices, and minimum-security requirements for applications and APIs. Partner with engineering, platform, and product teams to embed secure-by-design principles into … development team, providing hands-on technical leadership across design, development, and operation. Perform deep-dive security activities for the team, including threat modelling, code-level reviews, and vulnerability triage/remediation support. Oversee and coordinate third-party application security reviews, ensuring consistent assessment standards and effective risk management ...

engineering teams to embed automated security testing and guardrails into development workflows. Define, implement, and maintain secure development standards, including secure coding guidelines, threat modelling practices, and minimum-security requirements for applications and APIs. Partner with engineering, platform, and product teams to embed secure-by-design principles into … development team, providing hands-on technical leadership across design, development, and operation. Perform deep-dive security activities for the team, including threat modelling, code-level reviews, and vulnerability triage/remediation support. Oversee and coordinate third-party application security reviews, ensuring consistent assessment standards and effective risk management ...

alignment with industry frameworks and government standards. You will work closely with engineering, delivery, and governance teams to define and document architectural patterns, lead threat modelling activity, and provide hands-on guidance across cloud workloads and infrastructure. Key Responsibilities Design and own end-to-end security architecture across … programme objectives. Develop and maintain architectural artefacts including HLDs, LLDs, and security design documentation in line with standards and wider government frameworks. Lead threat modelling and risk assessment activities across cloud workloads, identifying security gaps and providing actionable remediation guidance. Ensure adherence to relevant security frameworks including NCSC ...

risks and benefits of competing Security design options. Comfortable working on multiple challenging projects simultaneously. Mandatory skills Experience require with security consultancy delivery (e.g. threat modelling, secure design, driving decisions) Experience with cloud-native platforms and modern architectures Developing a more security-led perspective, rather than primarily infrastructure … practical application Gaining further exposure to security standards and regulatory frameworks (e.g. PCI DSS, data protection) Strengthening end-to-end security design capability (e.g. threat modelling, control coverage) Providing clearer examples of individual contribution and ownership in security decisions Any experience of these would be really useful Awareness ...

primary security resource for development teams, providing technical advice on vulnerability fixes and secure coding practices (e.g., adherence to the OWASP Top 10). Threat Modelling: Conduct formal threat modelling exercises for new features and application architectures to proactively identify and mitigate design flaws. B. Systems ...

primary security resource for development teams, providing technical advice on vulnerability fixes and secure coding practices (e.g., adherence to the OWASP Top 10). Threat Modelling: Conduct formal threat modelling exercises for new features and application architectures to proactively identify and mitigate design flaws. B. Systems ...

architectures aligned to business and technical requirements. Collaborate with multidisciplinary teams to ensure security considerations are embedded across the entire delivery lifecycle. Conduct security threat modelling, risk assessments, and security architecture reviews for critical systems and services. Develop and maintain security reference architectures, standards, principles, and best practices. … Security Architect within Central Government, Defence, or highly regulated environments. Strong understanding of enterprise security architecture principles, methodologies, and frameworks. Hands-on experience performing threat modelling, security risk assessments, and secure solution assurance. Experience designing secure cloud and hybrid architectures using Microsoft Azure and/or AWS. Strong ...

security testing methodologies and tooling Embed security into CI/CD pipelines and DevSecOps practices Influence secure‐by‐design engineering approaches across teams Lead threat modelling and communicate risks effectively Mentor engineers and support capability growth within the function Shape how security is implemented across modern, scalable platforms … secure development and testing practices Integrate security tooling into continuous delivery pipelines Work closely with engineering teams to ensure security is embedded early Lead threat modelling exercises across systems and architectures Support adoption of security frameworks and compliance standards Mentor and develop engineers within the security capability Stay ...

cloud infrastructures. Contribute to blogs and research within the business community. Experience Required The successful candidate will possess proven experience in cybersecurity, security architecture, threat modelling, or related fields within Public Sector and MOD and will have achieved or be working towards Full Membership of CIISEC … NPSA and NCSC security policies, standards and guidance. Have experience building and implementing secure by design principals within the software development lifecycle (SDLC). Threat Modelling - Kill Chain - Attack tree analysis. Working understanding of: Cloud security including Azure, Amazon Web Service, Key Management Systems, Containerisation, Network Security Groups ...

capabilities (eg SAST, DAST, SCA, container and cloud security tooling) Define and implement secure engineering standards, including secure coding, infrastructure-as-code security, and threat modelling practices Partner with Vulnerability Management and broader security teams to ensure effective identification, prioritisation, and remediation of risks in line with agreed … DevSecOps environments Experience embedding security into CI/CD pipelines (eg using AWS, Azure, or GitHub-based workflows) Strong knowledge of secure development practices, threat modelling, and vulnerability management Solid understanding of modern software engineering practices and cloud-native architectures Why Join? Be part of a long-term ...

capabilities (eg SAST, DAST, SCA, container and cloud security tooling) Define and implement secure engineering standards, including secure coding, infrastructure-as-code security, and threat modelling practices Partner with Vulnerability Management and broader security teams to ensure effective identification, prioritisation, and remediation of risks in line with agreed … DevSecOps environments Experience embedding security into CI/CD pipelines (eg using AWS, Azure, or GitHub-based workflows) Strong knowledge of secure development practices, threat modelling, and vulnerability management Solid understanding of modern software engineering practices and cloud-native architectures Why Join? Be part of a long-term ...

capabilities (eg SAST, DAST, SCA, container and cloud security tooling) Define and implement secure engineering standards, including secure coding, infrastructure-as-code security, and threat modelling practices Partner with Vulnerability Management and broader security teams to ensure effective identification, prioritisation, and remediation of risks in line with agreed … DevSecOps environments Experience embedding security into CI/CD pipelines (eg using AWS, Azure, or GitHub-based workflows) Strong knowledge of secure development practices, threat modelling, and vulnerability management Solid understanding of modern software engineering practices and cloud-native architectures Why Join? Be part of a long-term ...

deployment/integration of security capabilities into engineering teams within the product domain. • You will drive security initiatives such as developing security requirements, threat modelling, strengthening application security, vulnerability reduction, etc., with the engineering teams. • Reducing friction is paramount and we are all about fast feedback within existing … console for a developer to check. • Support teams in a collaborative manner in matters of mobile application, web application, cloud and data security, with threat modelling, risk treatment and security advice across all security domains. If you can raise a PR to fix a security issue, do so. ...

cloud infrastructures. Contribute to blogs and research within the Cyberfort community. Experience Required The successful candidate will possess proven experience in cybersecurity, security architecture, threat modelling, or related fields within Public Sector and MOD and will have achieved or be working towards Full Membership of CIISEC … NPSA and NCSC security policies, standards and guidance. Have experience building and implementing secure by design principals within the software development lifecycle (SDLC). Threat Modelling – Kill Chain – Attack tree analysis. Certifications: AWS/Azure Security Professional, CCSP, CISSP, CISM, CIISEC, UK Cyber Security Council registration (Chartered ...

candidate will report to the Head of Cyber Security and will lead the Security Engineering function, which covers Identity and Access Management, Cloud Security, Threat Modelling, and Application Security. This is a senior role that will shape Icelands security architecture and ensure that security is embedded … principles and technologies. Experience of working within a predominantly Microsoft environment. Expertise in cloud security (Microsoft Azure; AWS experience desirable). Ability to perform threat modelling and provide secure design guidance for projects and applications. Excellent communication and stakeholder engagement skills. Ability to influence and embed security practices ...

into complex IT and digital initiatives Advise clients on cyber risk, governance and regulatory compliance frameworks including: ISO 27001 NIST GDPR PCI-DSS Conduct threat modelling and identify security vulnerabilities within solution designs Recommend pragmatic risk mitigation strategies to technical and non-technical stakeholders Support the implementation … IDAM Privileged Access Management (PAM) Single Sign-On (SSO) Network Security Encryption technologies Understanding of infrastructure, architecture methodologies and secure design principles Experience with threat modelling and reference architecture development Excellent stakeholder engagement and communication skills Ability to learn quickly and adapt within fast-paced environments Desirable Experience ...

including ISO 27001, NIST, GDPR, and PCI-DSS Communicate security risks, secure design principles, and mitigation strategies to technical and non-technical stakeholders Conduct threat modelling and support development of secure reference architectures Identify vulnerabilities within systems and articulate associated risks Research and solve complex security challenges through … Experience applying security technologies including PAM, SSO, IDAM/IAM, network security, and encryption Understanding of IT infrastructure, architecture, and solution design Experience with threat modelling and secure-by-design approaches Hands-on experience in Network and/or Cloud Security SABSA, CISSP, or similar certification Current ...

part of a bigger team, working with a group of a Senior Security Architects and Digital Engineering stakeholders to produce security architecture artifacts, threat modelling, design assurance, and reusable patterns that strengthen the programme’s security posture. Key Responsibilities: You will lead and deliver core security architecture outputs … including: Digital Engineering Security Artifacts and Engagement Report Security Requirements Specification Security Principles Framework Infrastructure Mapping Document & Security Architecture Design Pack Threat Modelling Report Reusable Security Pattern Library Knowledge Transfer Pack (training materials, handover content, recorded walkthroughs) We are looking for someone with: Extensive Security Architecture/Security ...

embed security into lifecycle governance Define and implement a modern DevSecOps tooling strategy (CI/CD, SAST/DAST, SCM, automation) Drive secure coding, threat modelling, and supply chain security practices (SBOM, provenance, signing) Develop KPIs, metrics, and maturity models to track and continuously improve SDLC performance Build … NIST SSDF, OWASP SAMM/ASVS, ISO 27034) Strong understanding of modern engineering practices (Agile, CI/CD, cloud, automation) Expertise in application security, threat modelling, and secure coding standards Experience implementing tooling ecosystems (e.g. SAST, DAST, SCA, pipeline automation) A track record of influencing senior stakeholders ...

guardrails into CI/CD pipelines in partnership with engineering and platform teams. Defining and maintaining secure development standards, secure coding guidelines, and threat-modelling practices. Providing practical, risk-based security guidance to engineering, product, and architecture teams. Working with our Vulnerability Lead to drive identification, triage … into CI/CD pipelines (eg, GitHub, AWS DevOps). Strong understanding of Agile, DevOps, and cloud-native architectures. Practical experience with secure coding, threat modelling, and vulnerability management. Strong problem-solving skills and the ability to prioritise risk in line with business needs. ...