1 to 25 of 47 Permanent Threat Modelling Jobs in the UK

resilient to evolving cyber and information threats. Key Responsibilities Identify, interpret, and integrate security requirements throughout the product and system development lifecycle . Lead threat modelling and risk assessments , applying recognised frameworks such as ISO/IEC 27001, NIST 800-30/53, and ISO 31000. … configure industry-standard threat-modelling tools (e.g., STRIDE-based tools, attack-tree tooling). Provide expert advice on secure architectures, ensuring risks are understood, prioritised, and mitigated. Ensure compliance with MOD and HMG standards, including JSPs, Def Stan 05-138/05-139 , and ISN 23/ ...

early. You'll work closely with Software Development teams to ensure application-based vulnerabilities are understood, prioritised, and remediated effectively. You'll contribute to threat modelling, penetration testing, secure design reviews, and the continuous improvement of security testing methodologies. The role also plays a key part in enhancing … SECURITY SPECIALIST ESSENTIAL SKILLS: * Hands-on experience with static and dynamic application security testing tools * Strong understanding of OWASP principles and their use within threat modelling * Experience conducting and reporting on web application penetration testing * Knowledge of software development practices and common programming languages * Working knowledge ...

cloud infrastructures. Contribute to blogs and research within the business community. Experience Required The successful candidate will possess proven experience in cybersecurity, security architecture, threat modelling, or related fields within Public Sector and MOD and will have achieved or be working towards Full Membership of CIISEC … NPSA and NCSC security policies, standards and guidance. Have experience building and implementing secure by design principals within the software development lifecycle (SDLC). Threat Modelling - Kill Chain - Attack tree analysis. Working understanding of: Cloud security including Azure, Amazon Web Service, Key Management Systems, Containerisation, Network Security Groups ...

. Youll dissect designs, model attack paths, and show engineering teams what good really looks like. Depending on the engagement, you might run a threat model, assess CI/CD pipelines, learn a vendor DSL for a PoC, or build internal tooling. We dont expect you to know everything … just to be curious, practical, and willing to dive in. What Youll Do Threat Modelling & Architecture Reviews: Break down AWS services, map trust boundaries, build attack trees, and define security requirements before code ships. Security Automation: Build IaC-driven checks, Lambda/Step Function tooling, CI/ ...

dissect designs, model attack paths, and show engineering teams what “good” really looks like. Depending on the engagement, you might run a threat model, assess CI/CD pipelines, learn a vendor DSL for a PoC, or build internal tooling. They don’t expect you to know everything — just … curious, practical, and willing to dive in. What You’ll Do Threat Modelling & Architecture Reviews: Break down AWS services, map trust boundaries, build attack trees, and define security requirements before code ships. Security Automation: Build IaC-driven checks, Lambda/Step Function tooling, CI/CD gates ...

testing frameworks The AI Security Engineer is responsible for securing AI platforms and systems against adversarial threats. The role focuses on technical security controls, threat modelling, red teaming, and continuous monitoring of AI systems. Focus of the role Design and implement security controls for AI and LLM systems … Perform AI-specific threat modelling and risk analysis Lead red team and blue team testing of AI platforms Conduct prompt injection and adversarial testing Knowledge & Experience Strong background in security engineering and cloud security Hands-on experience with AI red teaming and adversarial testing Familiarity with AI security ...

cryptography) Solid understanding of IAM concepts (RBAC, ABAC, PAM, SSO) Strong analytical skills with the ability to interpret complex technical information Good understanding of threat modelling and threat intelligence methodologies (OWASP, STRIDE, MITRE) For more details, please reach out to . Reasonable Adjustments: Respect and equality ...

IaaS, PaaS, SaaS, CASB, Zero Trust and micro-segmentation. Demonstrate a strong understanding of IAM including RBAC, ABAC, PAM, provisioning, compliance and SSO. Apply threat-modelling approaches including OWASP, PASTA, STRIDE, MITRE ATT&CK, threat intelligence and threat hunting. Desirable Experience Design and assure secure network … architectures and enterprise security solutions. Designing or assuring SOC operations, including monitoring and response. Overseeing penetration testing, vulnerability assessments and remediation lifecycle. Integrating threat intelligence into operations and strategic planning. Essential QualificationsCertified Information Security Manager (CISM)Certified Information Systems Security Professional (CISSP)Security ClearanceSecurity Check (SC) Clearance is required. ...

client audit requests as they relate to AI use at the firm. Perform detailed security analysis of application architectures to provide assurance. Understand threat modelling and participate in major incidents responses with IAM and AI components. Review and approve the IAM components of solution designs. Collaborate with cloud ...

align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearmans strategy to lead where global complexity creates opportunity. In addition, you will have the opportunity to share … adherence to the change management process when implementing IAM relevant changes to architecture. Perform detailed analysis of application architectures to provide IAM assurance. Understand threat modelling and participate in major incidents responses with IAM components. Review and approve the IAM components of solution designs. Collaborate with cloud infrastructure ...

world national security impact, while enjoying hybrid working and strong professional development opportunities. Skills Secure architecture design and secure-by-design principles Risk assessment, threat modelling, and vulnerability management Security frameworks: ISO 27001, NIST 800-30/53, OWASP Cloud security architecture (AWS, Azure, GCP) Incident response, penetration ...

cloud deployments (private/public). Design and scope IT Health Checks and interpret outcomes. Identify and mitigate security risks in solution architectures. Conduct threat modelling and risk analysis. Design proportional security controls using native cloud technologies. Produce security architecture artefacts including standards and blueprints. What ...

cloud deployments (private/public). Design and scope IT Health Checks and interpret outcomes. Identify and mitigate security risks in solution architectures. Conduct threat modelling and risk analysis. Design proportional security controls using native cloud technologies. Produce security architecture artefacts including standards and blueprints. What ...

Design Familiarity with: JSP440, JSP604/453, JSP490 Supplier Chain Assurance GDPR, PCI DSS, ICO ISO 27001, NIST CSF, CIS Controls v8 Skills in: Threat modelling (kill chain, attack trees, etc.) Cloud security (AWS, Azure), containerisation, firewalls Secure SDLC HLD/LLD review ITHC scoping and remediation Certifications ...

principles, standards and patterns Design and assure security controls for new and existing systems, platforms and integrations Conduct security architecture reviews, risk assessments and threat modelling Provide pragmatic guidance to engineering teams, architects and third-party suppliers Ensure alignment between security architecture, enterprise architecture and technology roadmaps Support ...

delivering high-quality cyber risk assessments and assurance in complex digital environments, preferably in government or critical infrastructure. Strong knowledge of cyber risk management, threat modelling, security architecture, and IT Health Checks, including experience with SaaS and cloud security. Skilled at applying cyber security standards, regulatory frameworks ...

portfolio of assignments, advising on risk, architecture, and secure delivery for nationally critical systems. Key responsibilities include • Engaging directly with client teams to understand threat landscape, risk appetite, and delivery constraints • Defining and documenting proportionate security architectures aligned to business outcomes • Leading threat modelling and security design ...

reviewing and identifying security control gaps in design documents, providing recommendations for amendments and mitigation. We are looking for: Strong experience of performing threat modelling exercises Experience of reviewing high/low level architecture definition documents for compliance against security policies and standards Knowledge of technology risk ...

performance optimization across environments. Ensure cloud architectures support observability, fault tolerance, and high availability. Data Engineering & Intelligent Systems Guide the engineering team in data modelling, data access patterns, and efficient use of databases (MSSQL, PostgreSQL, MySQL). Work with data engineers to enable secure, efficient data movement between systems … reliable data sources and APIs. Security Engineering & Governance Partner with security engineers to integrate security throughout the software lifecycle (shift-left security, secure coding, threat modelling). Own the implementation of secure authentication/authorization practices, audit logging, encryption at rest/in transit, and other application security ...

products and components. Examples of the tasks, include, but are not limited to; assessment to latest cybersecurity standards, penetration testing (IoT and WebApp), threat modelling, firmware investigation, code analysis etc. This service will be provided to external clients, who will predominantly be manufacturers of wired and wireless … related controls (encryption, digital signatures, secure boot, access control, password management). Understanding how to implement security activities such as vulnerability and patch management, threat intelligence etc. Hands-on practical knowledge with reverse engineering and/or vulnerability testing tools and techniques. Experience in common scripting languages such ...

clicks. As a Cloud Security Engineer you will design AWS cloud solutions, implement and manage security controls between AWS and Kubernetes EKS environments, conduct threat modelling, code review and penetration testing on the AWS infrastructure, configure and manage web application firewall rules and automate security checks and repetitive ...

risk assessments and developing risk treatment plans. Design & implement security technology, services and solutions Deliver security consultancy into projects, ensuring secure by design Conduct threat modelling, risk assessments and control gap analysis Produce and maintain security standards, patterns, and operational documentation Monitor and recommend security improvements to systems ...

ensure compliance and security standard processes. Evaluate and integrate new identity tools, authentication platforms and access capabilities. Drive continuous improvement through risk assessments, threat modelling, and automation. What you'll need to succeed Strong practical experience in designing and running Identity and Access Management (IAM) solutions for both ...

range of other perks Your role: As a Test Engineer you'll play a key role in building security into applications, carrying out threat modelling and risk assessments during the design phase to ensure solutions are secure by default. You'll help define security requirements for new features ...

fixes to reduce manual work Work with engineering teams to fix vulnerabilities at pace Operate and improve cloud security tooling, including Wiz Support audits, threat modelling and security reviews Mentor junior DevSecOps engineers and support skill development Qualifications What we’d love you to bring: Strong hands ...