1 to 25 of 78 Threat Modelling Jobs in England

product teams to ensure security is integrated into design and development activities. Provide architectural guidance across agile sprints and feature releases. Security Risk & Threat Analysis Conduct threat modelling independently across application and platform designs. Perform risk assessments to identify vulnerabilities and architectural weaknesses. Design appropriate security controls … Practice, supporting the maturity of the clients security architecture capability. Help identify capability gaps and support the development of consistent approaches across teams, including: Threat modelling frameworks Secure development lifecycle practices Security architecture standards Provide ad-hoc security architecture support across other programmes where needed. Essential Skills & Experience ...

appetite, and regulatory requirements. Solution Delivery : Provide architectural guidance during project lifecycle (HLD/LLD), review designs, and ensure solutions meet security requirements. Risk & Threat Management : Conduct threat modelling, assess vulnerabilities, and ensure appropriate mitigating controls are designed and implemented. Governance & Standards : Define and maintain security policies …/LLD, patterns, data flows). Hands on understanding of cloud environments (Azure/AWS/GCP), networks, applications, and data protection. Familiarity with threat modelling, risk assessment, and regulatory compliance. Excellent communication skills, able to explain complex security topics to technical and non-technical audiences. Technical standards ...

/Hybrid/Remote The ideal candidate will have an active Security clearance and a strong background in Cyber Security Assurance within a high-threat government environment. Skills and experience. Experience in producing GovAssure and Secure-By-Design assessments, including Risk Assessment Papers, Risk Treatment Plans, Risk Business Cases … Management Plans. Knowledge and experience with security architecture and Security Information and Event Management (SIEM) tools, such as Splunk, Defender, Sentinel, ELK, and Tenable Threat Modelling System solutions. Extensive understanding of cybersecurity threats, attack vectors, vulnerabilities, and security controls. Demonstrable knowledge of cybersecurity frameworks and standards, including ...

security professionals who want to transition into a GenAI-focused career path and develop deep expertise in securing AI/ML systems. Key Responsibilities Threat Analysis and Vulnerability Assessment Conduct regular threat modelling and vulnerability assessments across AI/ML systems, including data pipelines, model APIs … skills in Python and Bash Strong knowledge of cloud technologies, specifically AWS and Azure Strong understanding of API development and API security Experience with threat modelling, penetration testing, and vulnerability assessments Familiarity with secure software development practices (OWASP, DevSecOps) Interest in or exposure to data science ...

secure architecture patterns across cloud, infrastructure, applications, and data platforms. Provide architectural security guidance throughout the project lifecycle , including HLD and LLD reviews. Conduct threat modelling, vulnerability assessments, and risk analysis , ensuring appropriate mitigation strategies. Define and maintain security standards, policies, and guardrails aligned to regulatory obligations such … high-quality architecture documentation (HLD, LLD, security patterns, data flows). Hands-on understanding of cloud environments (Azure, AWS, or GCP) . Knowledge of threat modelling, risk assessment, and regulatory compliance frameworks . Strong communication skills with the ability to explain complex security concepts to both technical ...

deployment and tuning (Defender for Endpoint, CrowdStrike), Intune/Jamf device management, privileged access workstations, JIT/JEA models API and application security: threat modelling (STRIDE/PASTA), OAuth 2.0/OIDC implementation review, secrets management (Key Vault, HashiCorp Vault), and secure SDLC integration PKI, certificate lifecycle automation … automation and IaC: Python, PowerShell, Terraform, Bicep, or Sentinel analytics rules - you codify controls, you do not document them MITRE ATT&CK coverage mapping; threat hunting, adversary emulation, and proactive gap analysis against realistic TTPs Cloud infrastructure - Azure preferred, AWS considered; IAM, managed services, automated and auditable deployment pipelines ...

security risks, issues, and mitigation plans throughout the delivery lifecycle. Ensure security requirements are captured, validated, and integrated into design and delivery documentation. Support threat modelling, risk assessments, and security reviews. Maintain and update assurance artefacts, including design documentation, risk registers, and compliance checklists. Facilitate security sign … governance processes. Strong communication and stakeholder engagement skills. Ability to interpret technical documentation and translate security requirements into actionable tasks. Desirable Skills Experience with threat modelling tools and techniques. Knowledge of cloud security (AWS, Azure, GCP). Understanding of regulatory and compliance frameworks. Background in cyber security ...

teams, and strengthening enterprise security posture-particularly across Microsoft 365, Azure, data platforms, and AI-enabled solutions. You will play a key role in threat modelling, risk assessments, guardrail design & implementation, and delivering practical security guidance for engineering, data, and application/product teams. Rationale/deliverables: Contribute … enhanced productivity systems Support the roll-out of the new AI information security control framework Support the Data governance team Key Responsibilities Perform threat modelling (STRIDE), guardrail definition, and security posture assessments across applications, data platforms, APIs, cloud services, and SaaS ecosystems. Identify security control gaps , especially around ...

. Youll dissect designs, model attack paths, and show engineering teams what good really looks like. Depending on the engagement, you might run a threat model, assess CI/CD pipelines, learn a vendor DSL for a PoC, or build internal tooling. We dont expect you to know everything … just to be curious, practical, and willing to dive in. What Youll Do Threat Modelling & Architecture Reviews: Break down AWS services, map trust boundaries, build attack trees, and define security requirements before code ships. Security Automation: Build IaC-driven checks, Lambda/Step Function tooling, CI/ ...

delivery without owning build or operations. Key Responsibilities Attend regular project and design meetings to understand requirements and delivery milestones. Perform initial and iterative threat modelling for new features, integrations, and architectural changes. Advise on secure architecture design, including IAM, network segmentation, encryption, and data protection. Recommend … being consistently applied. Essential Experience Proven experience as a Security Architect or senior cyber security consultant in digital delivery environments. Strong Secure by Design, threat modelling, and risk-based security expertise. Experience advising product teams in agile, cloud-based delivery contexts. Confident engaging with architects, developers, and delivery ...

strategic change projects; define and implement security standards across the full software development lifecycle; develop API security standards and secure integration patterns and conduct threat modelling and risk assessments for new technology implementations. Location/WFH: There's a hybrid work from home model with three days … office with rooftop bar. About you: You have an in depth knowledge of application security and secure software development You have experience of conducting threat modelling, security risk assessments and architecture reviews You're collaborative and pragmatic with great communication skills Apply now to find out more about ...

associated guidelines. Ensuring alignment of security risk assessments to UK Defence policies and standards, such as GovS 007: Security and DEFSTAN norms. Performing threat modelling and assessment utilising STRIDE-LM and MITRE ATT&CK frameworks, integrating results into risk assessment reports. Conducting Business Resilience and Single Point … NIST guidelines like 800-30 and 800-53. Solid understanding and experience with UK Defence security frameworks and relevant policies. Experience in conducting threat modelling and assessments using frameworks such as MITRE ATT&CK and STRIDE-LM. Experience in reconciling information security risk against critical asset ...

help embed secure development practices across their software and related hardware products. Youll work closely with engineers and leadership to drive secure SDLC, lead threat modelling, assess vulnerabilities, and support alignment with the EU Cyber Resilience Act. Key experience: Product Security/Application Security/Secure SDL Familiarity … with threat modelling and vulnerability assessments Good understanding of software principles Secure coding principles/OWASP Ability to engage with software teams and speak their language Hands-on, engineering-facing role with real influence across product development. ...

Analyst with expertise across Microsoft Security stack, including Microsoft XDR, Microsoft Defender, Sentinel, and the wider M365 security ecosystem. You'll be handling IR, threat detection, threat hunting, lead complex investigations and develop advanced detection content. What you'll do: Lead and manage high-severity security incidents from … identification through containment, eradication, recovery, and post-incident reporting Perform advanced threat hunting using Microsoft Defender XDR, Sentinel, KQL, and other telemetry sources to identify emerging threats, anomalous behaviour, and undetected malicious activity Develop, tune, and maintain Sentinel analytics rules, workbooks, playbooks (Logic Apps), and custom detection use cases ...

define and implement the reference architectures, toolchains and technical baselines that enable end-to-end traceability across the Digital Thread - from security objectives and threat modelling through to verification, validation and assurance evidence. This role replaces document-centric practices with authoritative, model-based security engineering across the full … product lifecycle. Key Responsibilities Deliver and continuously improve Product Security digital toolchains, including: Threat & risk modelling (STRIDE, STPA-Sec, TARA, attack trees) Security requirements & controls modelling SBOM & vulnerability management Cryptography & key management governance Configuration/change control Verification & validation orchestration Security/assurance case evidence Define Product ...

define and implement the reference architectures, toolchains and technical baselines that enable end-to-end traceability across the Digital Thread - from security objectives and threat modelling through to verification, validation and assurance evidence. This role replaces document-centric practices with authoritative, model-based security engineering across the full … product lifecycle. Key Responsibilities Deliver and continuously improve Product Security digital toolchains, including: Threat & risk modelling (STRIDE, STPA-Sec, TARA, attack trees) Security requirements & controls modelling SBOM & vulnerability management Cryptography & key management governance Configuration/change control Verification & validation orchestration Security/assurance case evidence Define Product ...

client audit requests as they relate to AI use at the firm. Perform detailed security analysis of application architectures to provide assurance. Understand threat modelling and participate in major incidents responses with IAM and AI components. Review and approve the IAM components of solution designs. Collaborate with cloud ...

Responsibilities Design end-to-end API security architecture across cloud and on-premise environments. Define API security standards covering authentication, authorization, encryption, and threat protection. Lead architectural reviews, threat modelling, and risk assessments for API integrations. Select, architect, and optimize API gateways, WAFs, and security controls. Develop … patterns). Nice to Have Certifications: CISSP, CCSP, GIAC, SABSA. Experience with DevSecOps, container security, and microservices architecture. Knowledge of SIEM, API analytics, and threat intelligence. ...

align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearmans strategy to lead where global complexity creates opportunity. In addition, you will have the opportunity to share … adherence to the change management process when implementing IAM relevant changes to architecture. Perform detailed analysis of application architectures to provide IAM assurance. Understand threat modelling and participate in major incidents responses with IAM components. Review and approve the IAM components of solution designs. Collaborate with cloud infrastructure ...

application architecture and CI/CD pipelines Support compliance initiatives including GDPR, HIPAA, PCI DSS, and SOC 2 Conduct data-focused risk assessments and threat modelling Monitor and respond to data-related security incidents and alerts Develop and maintain data protection standards, policies, and technical documentation Stay current ...

privileged access Experience with network security, encryption, key management, and secure connectivity Knowledge of application security principles, including secure APIs, data protection, and threat modelling Experience designing for security resilience. Desirable Skills: Hands-on experience with cloud security services and tooling (e.g. AWS Security Hub, Azure Defender, Sentinel ...

cloud deployments (private/public). Design and scope IT Health Checks and interpret outcomes. Identify and mitigate security risks in solution architectures. Conduct threat modelling and risk analysis. Design proportional security controls using native cloud technologies. Produce security architecture artefacts including standards and blueprints. What ...

World Class Defence Organisation based in Stevenage, Hertfordshire is currently looking to recruit 8x SOC Threat Detection Analyst subcontractors on an initial 6 month contract. This role can start on an SC Security Clearance basis, however DV Clearance will be required down the line. This role would suit someone … from a Cyber Security Analyst, SOC Analyst or Threat Detection Analyst background. Hourly Rate: 45ph - 85 per hour. There are 8 positions being recruited across the mid-senior level. Overtime rate of time and a quarter. Contract Duration: 6 Months initially and long-term thereafter. Shift pattern ...

identity management (e.g., Entra ID), and secure application development. Deliver clear cybersecurity advice to technical and non-technical stakeholders on Azure security best practices, threat protection, and compliance. Champion 'Secure by Design' across IT infrastructure, emphasizing Azure Defender, Sentinel, and application security controls. What were looking for Expertise … application security (e.g., OWASP, DevSecOps), and network segmentation. Strong knowledge of Azure-specific security tools (e.g., Azure Security Center, Key Vault, Policy, Private Link), threat modelling, secure SDLC, and assurance processes. Experience delivering "secure by design" in regulated sectors (e.g., finance, healthcare, critical infrastructure), including Azure compliance certifications ...

based at Warminster working in a hybrid style. Key Responsibilities: Developing, contributing and management of the security vision, security architecture specifications, security architecture analysis, threat-modelling, security requirements, security standards and design patterns, reference architectures, security strategies and roadmaps Advising internal and customer leadership on Cybersecurity issues, systems ...