1 to 25 of 39 Threat Modelling Jobs in London

play a critical role in designing, assuring, and delivering secure solutions across our client engagements. You will champion Secure by Design principles and lead threat modelling activities to ensure risks are identified and mitigated early in the lifecycle. Working closely with stakeholders, you will define security architectures, ensure … Design - Embed security into every stage of the solution lifecycle, ensuring systems are designed with security controls from the outset rather than retrofitted. Threat Modelling - Lead and facilitate threat modelling exercises (e.g. STRIDE), identifying vulnerabilities and defining mitigations early in delivery Risk Assessment - Identify, assess ...

engineering teams to embed automated security testing and guardrails into development workflows. Define, implement, and maintain secure development standards, including secure coding guidelines, threat modelling practices, and minimum-security requirements for applications and APIs. Partner with engineering, platform, and product teams to embed secure-by-design principles into … development team, providing hands-on technical leadership across design, development, and operation. Perform deep-dive security activities for the team, including threat modelling, code-level reviews, and vulnerability triage/remediation support. Oversee and coordinate third-party application security reviews, ensuring consistent assessment standards and effective risk management ...

capabilities (eg SAST, DAST, SCA, container and cloud security tooling) Define and implement secure engineering standards, including secure coding, infrastructure-as-code security, and threat modelling practices Partner with Vulnerability Management and broader security teams to ensure effective identification, prioritisation, and remediation of risks in line with agreed … DevSecOps environments Experience embedding security into CI/CD pipelines (eg using AWS, Azure, or GitHub-based workflows) Strong knowledge of secure development practices, threat modelling, and vulnerability management Solid understanding of modern software engineering practices and cloud-native architectures Why Join? Be part of a long-term ...

deployment/integration of security capabilities into engineering teams within the product domain. • You will drive security initiatives such as developing security requirements, threat modelling, strengthening application security, vulnerability reduction, etc., with the engineering teams. • Reducing friction is paramount and we are all about fast feedback within existing … console for a developer to check. • Support teams in a collaborative manner in matters of mobile application, web application, cloud and data security, with threat modelling, risk treatment and security advice across all security domains. If you can raise a PR to fix a security issue, do so. ...

into complex IT and digital initiatives Advise clients on cyber risk, governance and regulatory compliance frameworks including: ISO 27001 NIST GDPR PCI-DSS Conduct threat modelling and identify security vulnerabilities within solution designs Recommend pragmatic risk mitigation strategies to technical and non-technical stakeholders Support the implementation … IDAM Privileged Access Management (PAM) Single Sign-On (SSO) Network Security Encryption technologies Understanding of infrastructure, architecture methodologies and secure design principles Experience with threat modelling and reference architecture development Excellent stakeholder engagement and communication skills Ability to learn quickly and adapt within fast-paced environments Desirable Experience ...

delivery without owning build or operations. Key Responsibilities Attend regular project and design meetings to understand requirements and delivery milestones. Perform initial and iterative threat modelling for new features, integrations, and architectural changes. Advise on secure architecture design, including IAM, network segmentation, encryption, and data protection. Recommend … being consistently applied. Essential Experience Proven experience as a Security Architect or senior cyber security consultant in digital delivery environments. Strong Secure by Design, threat modelling, and risk-based security expertise. Experience advising product teams in agile, cloud-based delivery contexts. Confident engaging with architects, developers, and delivery ...

embed security into lifecycle governance Define and implement a modern DevSecOps tooling strategy (CI/CD, SAST/DAST, SCM, automation) Drive secure coding, threat modelling, and supply chain security practices (SBOM, provenance, signing) Develop KPIs, metrics, and maturity models to track and continuously improve SDLC performance Build … NIST SSDF, OWASP SAMM/ASVS, ISO 27034) Strong understanding of modern engineering practices (Agile, CI/CD, cloud, automation) Expertise in application security, threat modelling, and secure coding standards Experience implementing tooling ecosystems (e.g. SAST, DAST, SCA, pipeline automation) A track record of influencing senior stakeholders ...

guardrails into CI/CD pipelines in partnership with engineering and platform teams. Defining and maintaining secure development standards, secure coding guidelines, and threat-modelling practices. Providing practical, risk-based security guidance to engineering, product, and architecture teams. Working with our Vulnerability Lead to drive identification, triage … into CI/CD pipelines (eg, GitHub, AWS DevOps). Strong understanding of Agile, DevOps, and cloud-native architectures. Practical experience with secure coding, threat modelling, and vulnerability management. Strong problem-solving skills and the ability to prioritise risk in line with business needs. ...

equivalent experience Experience applying cyber security principles across the systems or product engineering lifecycle Knowledge of cyber risk management and vulnerability management Experience with threat modelling frameworks such as MITRE ATT and CK, DEF3ND, or EMB3D Awareness of industrial control systems or operational technology environments Working knowledge … subject to required skills, your application to our client in conjunction with this vacancy only. Key Skills Product Cyber Security Specialist, Cyber Risk Management, Threat Modelling, NIST CSF, Industrial Control Systems, Secure by Design, Defence ...

software, infrastructure, and platform engineering teams to improve security across systems and workflows Contribute across a broad range of security initiatives, including detection, hardening, threat analysis, infrastructure protection, and secure engineering practices Investigate vulnerabilities, suspicious activity, and emerging threats, helping drive remediation and operational improvements Build scalable solutions that … improve visibility, detection quality, and security operations efficiency Support security architecture and threat modelling discussions, helping teams make pragmatic, risk-aware decisions Evaluate new attack techniques, tooling, and security research, translating relevant findings into actionable engineering improvements Help strengthen security awareness and engineering best practices across the wider ...

OEMs, ground handling, avionics suppliers Safety‐critical OT networks and mission‐critical control systems Technical Delivery Perform and/or lead: OT penetration testing Threat modelling and risk assessments Security architecture review for aviation technologies Compliance assessments and gap analyses (Part‐IS, 62443, NIS2 where applicable) Oversee technical … networks, architectures, and protocols Security risk assessment in safety‐critical environments Hands‐on cyber security experience, such as: Penetration testing (OT preferred) Threat modelling Incident response Architecture review Comfortable providing client‐facing advisory services. Experience working in or with regulated environments. Ability to simplify complex cyber concepts ...

business acquisition-focused role responsible for building pipeline, generating revenue, and winning new customers for cybersecurity services including VAPT, Red Teaming, Product Security, Threat Modelling, and Vulnerability Management. The ideal candidate will have experience selling cybersecurity services or technology solutions and be comfortable engaging with enterprise … tenders, and customer due diligence requests Promote and sell services including: VAPT (Web, Mobile, API, Cloud, Infrastructure) Red Teaming/Adversary Simulation Vulnerability Management Threat Modelling Product Security/Secure SDLC Advisory Develop repeat business and cross-sell opportunities within customer accounts Maintain accurate CRM updates, pipeline forecasts ...

Threat & Adversarial AI Expert 6 Months Contract + Extension London Based 2 days in the office £500 to £600 a day Inside IR35 A pioneering financial institution is seeking an experienced Threat & Adversarial AI Expert to join their cybersecurity team. You will act as the primary architect … safety for the firm's generative AI ecosystem, ensuring agentic capabilities remain resilient against an evolving global threat landscape. As a Threat AI Expert, you will lead the organisation's Generative AI security strategy. Key responsibilities include: Advanced Threat Modelling: Leading structured sessions using STRIDE ...

Threat & Adversarial AI Expert 6 Months Contract + Extension London Based 2 days in the office £500 to £600 a day Inside IR35 A pioneering financial institution is seeking an experienced Threat & Adversarial AI Expert to join their cybersecurity team. You will act as the primary architect … safety for the firm's generative AI ecosystem, ensuring agentic capabilities remain resilient against an evolving global threat landscape. As a Threat AI Expert, you will lead the organisation's Generative AI security strategy. Key responsibilities include: Advanced Threat Modelling: Leading structured sessions using STRIDE ...

Midlands. Practitioner CERT capabilities and several team management experience is required – meaning you will be technically capable and experienced within Incident Response & Detection, Threat Intelligence & Hunting, Vulnerability Management, Attack Surface Reduction, Cyber Analysis, etc. You will also have large team leadership and motivation experience in some … monitoring and detecting cyber security threats and incidents in real-time. Collaborate with teams to conduct incident investigations and develop response plans. Lead proactive threat hunting initiatives. Manage vulnerability assessments and penetration testing programs. Develop and maintain threat intelligence capabilities. Essential experience includes: Extensive experience in managing cyber ...

architecture patterns, reference models, and solution blueprints. Lead security design for Base Metals OEMS platforms, ensuring alignment with performance, resilience, and regulatory requirements. Perform threat modelling, security risk assessments, and architecture reviews. Integrate security into DevOps pipelines, promoting DevSecOps best practices. Collaborate with engineering, infrastructure, and business teams ...

Familiarity with AI-assisted security tools, machine learning concepts for detection, or data-driven security analytics. Understanding of how AI can be applied to threat detection, anomaly detection, investigation support, and security operations automation. Awareness of emerging AI-driven attack techniques, including adversarial AI and automated exploitation methods. Familiarity … engineering and security teams to integrate AI-enabled security capabilities into operational processes. Support incident investigations using advanced analytics, AI-assisted tooling, and structured threat analysis techniques. Conduct threat modelling and security architecture reviews with a focus on emerging AI-enabled risks and system complexity. Identify vulnerabilities ...

person clients call when they need to understand how to modernise their security architecture, navigate a compliance challenge, or respond to an evolving threat landscape. You will own relationships with a portfolio of blue-chip enterprise clients , guiding them on their journey toward Zero Trust, SASE, and SSE adoption … clarity. Serve as a trusted thought partner as clients navigate regulatory compliance requirements, security frameworks (e.g. NIST, ISO 27001, NIS2, DORA), and evolving threat environments. Identify and shape new opportunities within existing accounts, recognising client challenges and translating them into well-formed propositions. Technical Leadership Provide authoritative guidance ...

remediation tracking, and clear reporting aligned to regulatory expectations. Security Architecture & Change Enablement • Act as a security architect for projects and change initiatives. • Perform threat modelling where appropriate and define proportionate, practical controls across endpoints, cloud, identity, and data. Collaboration & Continuous Improvement • Partner with IT and Engineering teams ...

business, regulatory and operational requirements Apply TOGAF, SABSA and ArchiMate across architecture artefacts and governance Design secure AWS, hybrid and cloud-native architectures Conduct threat modelling, risk assessments and security design reviews Define security patterns, standards and reference architectures Support assurance, governance, audit and secure-by-design delivery ...

deployment and tuning (Defender for Endpoint, CrowdStrike), Intune/Jamf device management, privileged access workstations, JIT/JEA models - API and application security: threat modelling (STRIDE/PASTA), OAuth 2.0/OIDC implementation review, secrets management (Key Vault, HashiCorp Vault), and secure SDLC integration - PKI, certificate lifecycle automation … automation and IaC: Python, PowerShell, Terraform, Bicep, or Sentinel analytics rules - you codify controls, you do not document them - MITRE ATT&CK coverage mapping; threat hunting, adversary emulation, and proactive gap analysis against realistic TTPs - Cloud infrastructure - Azure preferred, AWS considered; IAM, managed services, automated and auditable deployment pipelines ...

error-free ingestion. Use Case & Detection Content Development Design, implement, test, and tune detection use cases based on attacker techniques (MITRE ATT&CK), threat intelligence, and risk appetite. Build correlation rules, anomaly-based detections, dashboards, and alerting workflows. Regularly review detection efficacy and reduce false positives through tuning … understanding of log formats (JSON, syslog, XML, CEF, etc.) and ingestion technologies (Syslog, API, Event Hubs, Kafka, Agents). Practical knowledge of detection engineering, threat modelling, and attacker behaviour analysis. Experience building and tuning correlation rules, searches, and dashboards. Familiarity with SOAR platforms and automation workflows. Security Knowledge ...

error-free ingestion. Use Case & Detection Content Development Design, implement, test, and tune detection use cases based on attacker techniques (MITRE ATT&CK), threat intelligence, and risk appetite. Build correlation rules, anomaly-based detections, dashboards, and alerting workflows. Regularly review detection efficacy and reduce false positives through tuning … understanding of log formats (JSON, syslog, XML, CEF, etc.) and ingestion technologies (Syslog, API, Event Hubs, Kafka, Agents). Practical knowledge of detection engineering, threat modelling, and attacker behaviour analysis. Experience building and tuning correlation rules, searches, and dashboards. Familiarity with SOAR platforms and automation workflows. Security Knowledge ...

that will fundamentally change how their Application Security is Delivered within the SDLC. Early Phases of the Programme have already defined the Target Architecture, Threat Model & Prompt Engineering Strategy . The Next Stage is to Transform this Foundation into a Production - Grade Capability Used Daily by Engineering Teams , enabling … Agent Behaviours Policy Frameworks & Guardrails Tool Schemas & Execution Constraints Implement Protections Against: Prompt Injection Jailbreak Attempts Unsafe Tool Execution Ensure Alignment with Defined AASA Threat Model & Governance Standards Evaluation, Metrics & Assurance: Build & Maintain a Full Evaluation Framework , including: Golden Datasets & Regression Test Suites Precision/Recall Measurement for Vulnerability ...

driving the technical remediation follow-up. Cloud Security Guardrails : Provide hands-on security guidance for cloud platforms, specifically across Salesforce, Azure, and AWS. Threat Modelling : Act as the technical security authority within project streams, identifying threats early in the design phase. Required Technical Skills & Experience: Deep AppSec Background ...