1 to 25 of 135 Threat Modelling Jobs in England

NIST, ISO 27001, CIS). Develop and maintain secure architectural patterns and standards, with a solid working knowledge of cloud security (AWS, Azure, GCP). Apply risk-based and threat-based approaches to evaluate and recommend appropriate and proportionate security technologies and solutions (e.g., SIEM, IAM, CASB, container security). Outline key security components, interfaces, and dependencies. Develop architectural … Document security design principles and provide rationale. Ensure designs align with business objectives, security policies, and industry best practices, with a focus on cloud-native security considerations. Risk and Threat Management: Conduct comprehensive risk assessments and threat modelling, providing detailed analysis and actionable recommendations. Advises clients on risk mitigation strategies and security best practices, and support the More ❯

programmes and new product initiatives Engage in security reviews of third-party vendors, cloud providers, and SaaS platforms to validate compliance with the client’s security standards Assist in threat modelling, risk assessments, and documenting security controls across infrastructure and application layers Participate in incident response efforts and support the identification of root causes and mitigation strategies Requirements … technical stakeholders Exposure to security architecture frameworks (e.g., TOGAF, SABSA) Hands-on experience with CI/CD security, container security, or secure application design Familiarity with vulnerability management and threat modelling techniques Security certifications such as CISSP, CISA, or equivalent (or working towards) Why join us Career coaching, mentoring and access to upskilling throughout your entire FDM career More ❯

part in developing our vulnerability management program, working closely with our operational support, infrastructure, and development teams. Plus, you'll be right in the thick of security event monitoring, threat intelligence, and incident management - keeping us one step ahead! What you'll be doing: Delivering SOC Capabilities: You'll be a key team member in delivering ongoing Security Operations … possible and play a big part in evolving our security tooling and services. Policy & Standards: You'll champion the adoption and adherence to our InfoSec policy, standards, and guidelines. Threat Intelligence: You'll monitor and apply current and emerging threat intelligence, using tools like Google Threat Intelligence to proactively spot and tackle digital threats. Incident Response: You … Management (CSPM) tools. Knowledge of Cloud Workload Protection Platforms (CWPP) for securing containers, serverless workloads, and virtual machines. Working knowledge of DevSecOps methodologies. Ability to contribute to cloud solution threat modelling and secure design reviews. A bit about you: Passion! You're genuinely passionate about your career path and love what you do. Communication skills. You can express More ❯

part in developing our vulnerability management program, working closely with our operational support, infrastructure, and development teams. Plus, you'll be right in the thick of security event monitoring, threat intelligence, and incident management - keeping us one step ahead! What you'll be doing: Delivering SOC Capabilities: You'll be a key team member in delivering ongoing Security Operations … possible and play a big part in evolving our security tooling and services. Policy & Standards: You'll champion the adoption and adherence to our InfoSec policy, standards, and guidelines. Threat Intelligence: You'll monitor and apply current and emerging threat intelligence, using tools like Google Threat Intelligence to proactively spot and tackle digital threats. Incident Response: You … CSPM) tools. Knowledge of Cloud Workload Protection Platforms (CWPP) for securing containers, serverless workloads, and virtual machines. Working knowledge of DevSecOps methodologies . Ability to contribute to cloud solution threat modelling and secure design reviews. A bit about you: Passion! You're genuinely passionate about your career path and love what you do. Communication skills. You can express More ❯

the Executive and project leadership to ensure security is represented in commercial proposals, assurance processes, and delivery planning. Maintain strong relationships with relevant external stakeholders (e.g. NCSC, NPSA), monitoring threat intelligence and security guidance. Operational Security & Risk Management Lead the design, implementation, and monitoring of controls across endpoint security, identity and access management, and cloud infrastructure (e.g., AWS). … for cyber-attacks and disruptions. Support secure architecture and infrastructure reviews across projects and services. Risk Management & Security Engineering Conduct and lead structured technical and procedural risk assessments, including threat modelling and security reviews for new projects or systems. Collaborate with IT and engineering teams to identify, address, and continuously improve security control effectiveness. Oversee the management of More ❯

security and cyber defence. We align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearmans strategy to lead where global complexity creates opportunity. In addition, you will have the opportunity to share and gain intel from the … an access management perspective. Ensure adherence to the change management process when implementing IAM relevant changes to architecture. Perform detailed analysis of application architectures to provide IAM assurance. Understand threat modelling and participate in major incidents responses with IAM components. Review and approve the IAM components of solution designs. Collaborate with cloud infrastructure teams to implement IAM design More ❯

architecture strategy. Act as a trusted security advisor to senior leadership and engineering teams. Guide the design and integration of secure solutions across applications, infrastructure, and data platforms. Perform threat modelling, architecture reviews, and propose mitigation strategies. Ensure alignment with European regulatory standards (e.g., GDPR, PSD2, DORA, NIS2). Embed DevSecOps into SDLC and CI/CD pipelines More ❯

also contribute to security compliance and best practices, ensuring products meet regulatory and industry standards. Key Responsibilities: Identify security requirements and integrate controls into product development. Conduct risk assessments, threat modeling, and vulnerability analysis. Develop and implement risk management strategies using security frameworks. Collaborate with development teams to ensure security best practices and secure-by-design principles. Identify and …/53, OWASP) . Experience with risk management methodologies and compliance with MOD and HMG security standards (JSP, Def Stan 05-138/139). Proficiency in security threat modeling and risk assessments. Knowledge of secure development practices, penetration testing, and vulnerability assessments. Ability to communicate security risks and strategies to technical and non-technical stakeholders. Experience in incident More ❯

also contribute to security compliance and best practices, ensuring products meet regulatory and industry standards. Key Responsibilities: Identify security requirements and integrate controls into product development. Conduct risk assessments, threat modeling, and vulnerability analysis. Develop and implement risk management strategies using security frameworks. Collaborate with development teams to ensure security best practices and secure-by-design principles. Identify and …/53, OWASP) . Experience with risk management methodologies and compliance with MOD and HMG security standards (JSP, Def Stan 05-138/139). Proficiency in security threat modeling and risk assessments. Knowledge of secure development practices, penetration testing, and vulnerability assessments. Ability to communicate security risks and strategies to technical and non-technical stakeholders. Experience in incident More ❯

across technology, data sciences, consulting, and customer obsession to accelerate our clients' businesses through designing the products and services their customers truly value. Job Description As a Senior Engineer - Threat Modelling, you will be part of a cross-functional team delivering digital business transformation solutions to our clients. This role focuses on Security Architecture and Threat Modelling … Collaboration with Engineering, Information Security, Program Management, and Development teams is essential. You will conduct technical architecture reviews to identify security opportunities, threats, and mitigation strategies. Your Impact Conduct threat modeling exercises using established methodologies. Identify potential threats and specify mitigation controls. Manage the lifecycle of threats and controls, ensuring updates. Deliver threat models within deadlines. Provide feedback … to improve threat modeling processes. Present findings to leadership and stakeholders. Qualifications Your Skills & Experience We seek candidates with experience in: Proficiency in GCP (essential) Security architecture principles, frameworks, and best practices Threat modeling methodologies like MITRE ATT&CK, STRIDE, PASTA Cybersecurity experience of 5+ years Security practices including authentication, authorization, logging, encryption, infrastructure security, network segmentation Knowledge More ❯

Serve as a trusted advisor to leadership and technical teams on security best practices. - Develop and enforce security standards and reference architectures for hybrid and cloud-native systems. - Lead threat modelling, architecture reviews, and risk assessments across cloud platforms. - Ensure compliance with regulatory frameworks (PSD2, ISO 27001, PCI DSS, NIST CSF, CSA CCM). - Integrate security into CI More ❯

Certified Cloud Security Professional CISM or SSCP – Highly desirable Bonus Skills & Knowledge Awareness of compliance and risk frameworks such as ISO 27001, NIST, and CIS Benchmarks. Ability to support threat modelling, cloud risk assessment, and incident response planning. Exposure to Infrastructure-as-Code (IaC) security using tools like Terraform, ARM templates, or Bicep. Skilled in translating technical risks More ❯

frameworks (NIST, ISO 27001, TOGAF, SABSA). • Deep understanding of AI/ML concepts, algorithms, models, regulations and controls. • Extensive technical experience in AI/ML Security Architecture • Proven threat modelling, risk analysis, and architectural validations • In-depth knowledge of adversarial machine learning mitigation. • Comprehensive understanding of ethical AI and governance. • Proven AI security tool implementation and management. More ❯

lifecycle (SDLC) and ensure products are built securely Oversee vulnerability management and remediation efforts, including leading responses to pen test findings and security assessments Experience conducting risk assessments and threat modelling for software development and advise where necessary Experience in software security design review Strong knowledge of Agile, DevSecOps, System Engineer and or equivalent Knowledge of security standards More ❯

e.g., XSS, SSRF, CSRF, CORS, SQL Injection, broken authentication/authorization, encryption flaws). Provide expert guidance on secure coding practices, common vulnerability classes (e.g., OWASP Top 10), and threat modeling for modern web applications. Conduct security reviews of design and architecture documents; lead threat modeling exercises using frameworks such as STRIDE, PASTA, MITRE ATT&CK, and DREAD. … Build and refine detection and response capabilities using logs, alerts, and behavioral signals. Lead or support incident response activities, including log analysis, querying, forensic investigation, threat mitigation, and root cause analysis. Conduct internal security reviews, network scans, and targeted penetration tests of applications and infrastructure using common security tooling (e.g., Burp Suite, ZAP, Amass, Nmap). Assess and mitigate … Django, Node.js , React). Expert-level scripting and automation skills (e.g., Python, Bash, PowerShell) for workflow automation, tooling, and log analysis. Proficient in log analysis, SIEM usage/configuration, threat hunting, and querying tools to support detection and response. Familiarity with static and dynamic analysis techniques and vulnerability mitigation. Strong understanding of modern cloud platforms-especially AWS-and cloud More ❯

will be at the forefront of designing, developing, and maintaining secure Azure cloud architectures that meet stringent business and compliance requirements. Your role will involve leading security reviews and threat modeling activities for cloud-based solutions, implementing robust Azure-native security controls such as Microsoft Defender for Cloud, Sentinel, Key Vault, Azure Policy, and RBAC. You will define and More ❯

a strong working knowledge of Defence Standards DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1 . If you're an experienced professional with strong capabilities in threat modelling , risk assessment , and secure systems architecture , we want to hear from you. Role Responsibilities: Integrate security controls throughout the product development lifecycle Conduct detailed threat modelling … NIST frameworks (including NIST 800-30, NIST 800-53) - non-negotiable Working knowledge of DefStan 05-138 (Issue 3) and DefStan 05-139 (Issue 1) is essential Proficiency in threat modelling methodologies and tools (e.g., STRIDE, DREAD, Attack Trees) Familiarity with other standards such as ISO/IEC 27001, ISO 27005, OWASP, and MOD ISN 23/ More ❯

a strong working knowledge of Defence Standards DefStan 05-138 Issue 3 and DefStan 05-139 Issue 1 . If you're an experienced professional with strong capabilities in threat modelling , risk assessment , and secure systems architecture , we want to hear from you. Role Responsibilities: Integrate security controls throughout the product development lifecycle Conduct detailed threat modelling … NIST frameworks (including NIST 800-30, NIST 800-53) - non-negotiable Working knowledge of DefStan 05-138 (Issue 3) and DefStan 05-139 (Issue 1) is essential Proficiency in threat modelling methodologies and tools (e.g., STRIDE, DREAD, Attack Trees) Familiarity with other standards such as ISO/IEC 27001, ISO 27005, OWASP, and MOD ISN 23/ More ❯

delivery of critical systems that protect citizens and national interests. Working with the Principal Security Architect, you will own security architecture for a major portfolio, translate business goals and threat intelligence into practical controls, and mentor SEO level architects to raise capability across multiple programmes. You will engage senior stakeholders, balance risk against usability and cost, and shape patterns … user centred delivery. You will analyse emerging threats, advise on proportional mitigations, and produce or tailor reference patterns covering identity, network segmentation, container security, data protection, and monitoring. By modelling risks with frameworks such as ISO 27005, NIST, or STRIDE, you will justify design choices to technical and non technical audiences and document them for re use. What You … Security Architect strategy, translating them into reusable templates and guardrails. Lead architecture reviews for high risk projects, providing actionable recommendations and tracking remediation through to closure. Perform and interpret threat modelling/pen test results, converting findings into road mapped improvements and measurable risk reductions. Advise on security controls for hybrid and cloud platforms (AWS, Azure, Kubernetes, serverless More ❯

of experience in security architecture to shape and secure cloud environments at scale. Key Responsibilities Architect secure, scalable cloud solutions on AWS aligned with business and compliance needs. Conduct threat modelling, risk assessments, and security reviews across cloud-native platforms. Collaborate with DevOps, engineering, and compliance teams to embed security best practices. Define and maintain security policies, standards More ❯

of experience in security architecture to shape and secure cloud environments at scale. Key Responsibilities Architect secure, scalable cloud solutions on AWS aligned with business and compliance needs. Conduct threat modelling, risk assessments, and security reviews across cloud-native platforms. Collaborate with DevOps, engineering, and compliance teams to embed security best practices. Define and maintain security policies, standards More ❯

should have at least 3 years of experience in system, network or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ), Experience with designing and administering identity management (authentication and authorisation including policy enforcement More ❯

data pipelines. * Participate in enterprise-wide architecture initiatives for AI/ML. Understand the workflow and pipeline architectures of ML and deep learning workloads. * Conduct security risk assessments and threat modelling for AI/ML and other business projects performed thorough design reviews and security assessments of architectures and designs, identifying vulnerabilities, threats, and risks, and providing recommendations … common security vulnerabilities and threats specific to AI/ML, including adversarial attacks, prompt injection, data poisoning and the MITRE ATLAS framework. * Hands on experience using security assessment and threat modelling tools and techniques to evaluate AI/ML systems and identify potential security weaknesses. * Familiarity with current and emerging regulations and standards, such as the EU AI More ❯

and services. Familiarity with security standards and frameworks (e.g., ISO 27001, NIST, CIS). Knowledge of security technologies such as firewalls and web proxies; experience with ZTNA, CTI, and threat modelling is beneficial. Excellent communication and interpersonal skills. Ability to work effectively in a team-oriented environment. Strong problem-solving and analytical skills. Capacity to manage multiple projects More ❯

applications. Deploy and Manage Security Tooling: Select, implement, and operate key tools across GCP , such as Cloud Armor , Cloud Identity , Security Command Center , and VPC Service Controls for ongoing threat detection and response. Integrate Security in SDLC: Collaborate with product and engineering teams to integrate security into every stage of the software development lifecycle. Threat Modeling and Risk … Analysis: Perform structured threat modeling using frameworks such as STRIDE and PASTA to proactively mitigate security risks. Champion Developer Education: Promote secure development practices by educating engineers on cloud and application security fundamentals. Mentor and Lead: Act as a mentor to future hires, helping scale a high-impact cloud security function as the business grows. What you'll bring … with core cloud security components including IAM , WAFs , SIEM , CSPM , and vulnerability scanners. Technical Skills: Proficiency in at least one scripting or programming language (e.g. Python, Go, Bash). Threat Modeling: Practical knowledge of frameworks like STRIDE and PASTA. Education: Bachelor's degree in Computer Science, Information Security, or a related technical field. Collaborative Expertise: Clear and effective communication More ❯