1 to 25 of 39 Remote Threat Modelling Jobs in London

us embed secure-by-design thinking across the BBC. You'll work hands-on with engineering teams, applying InfoSec-led policies and architecture in delivery contexts. You'll support threat modelling, promote secure coding practices, and help scale Secure SDLC across the organisation - without reinventing governance or duplicating policy. It's a high-trust role with real impact … InfoSec on shared tooling, templates and enablement. Help teams adopt secure coding standards and integrate automated security checks (SAST, DAST, dependency scanning) into CI/CD pipelines. Participate in threat modelling using InfoSec-led methodologies and coordinate validation and review workflows. Review technical designs, proposals and code for alignment with security policies, architecture patterns and assurance requirements. Act … credibly - whether explaining risk trade-offs to a squad or feeding technical insight into an assurance board. It's a bonus if you've also: Facilitated or contributed to threat modelling sessions using frameworks like STRIDE or DFDs. Reviewed designs and code with a security lens and an eye for policy alignment. Navigated delivery in regulated, public service More ❯

Working with the development team in embedding security in the SDLC Provide assistance in risk management activities Support security-related incidents Support our log monitoring operations Take part in threat modelling sessions Support the teams in risk analysis of technical vulnerabilities Support our Security Champions Assist in the execution of Threat Hunts, pentests and Threat Modelling … AWS Certified Security Familiarity with TCP/IP, DNS, firewalls, VPNs, and VLANs. Basic experience with SIEMs and security logs Understanding of vulnerability management practices Understanding of penetration testing, Threat Hunting, Red Teaming methodologies Familiarity with application security and OWASP Top Ten Scripting languages Experience with capture-the-flags Familiarity with audit principles and different information security compliance standards More ❯

of applications. Collaborate with empowered teams to ensure secure design, development, implementation, and verification of applications. Provide remediation guidance and recommendations to developers and administrators. Participate in and advance threat modelling practices across the division. Help stakeholders make risk-based decisions. Train developers and create educational presentations. Develop tools and automation supporting responsibilities. What You Bring to The … identify threats. Excellent ability to communicate, verbally and in writing, complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management. Strong experience in threat modelling software systems. Certification in CISSP or CCSP, it's a plus. Strong problem-solving capabilities using various technologies. Capability to research a new topic and to learn More ❯

drive awareness of security from the earliest stages of design through to deployment. You'll help integrate automated security tooling and checks into our CI/CD pipelines, facilitate threat modelling sessions, and review security-sensitive design decisions around authentication, cryptography, and logging. You'll also ensure that tools such as SAST, DAST, and SCA are effective and … in CI/CD Hands-on experience with security tools like SAST, DAST, and SCA Familiar with cloud environments (especially AWS), containers, and microservices Comfortable reviewing technical designs, performing threat modelling, and advising on secure architecture Strong communicator who collaborates well with engineers and promotes secure-by-default practices We might not be right for you if: You More ❯

organisation is seeking a VP-level DFIR Manager to lead its Digital Forensics and Incident Response (DFIR) team. This is a hands-on leadership role focused on incident response, threat detection, and forensics within a complex, regulated environment. You'll be responsible for advancing the organisation's incident response capabilities, leading investigations, and driving threat detection maturity through … development of use cases, threat intelligence, and vulnerability management. Key Responsibilities Lead the DFIR function, overseeing incident detection, investigation, and response activities. Develop and implement IR methodologies (MITRE ATT&CK, Kill Chain, Threat Modelling, Diamond Model). Conduct forensic investigations on systems, networks, and endpoints. Refine threat hunting and threat intelligence capabilities. Support and mature … security monitoring use cases (SIEM, packet inspection, IOCs). Coordinate cross-functional security incident response with SOC, Threat Intelligence, and Red/Blue teams. Engage with technical and business teams on cyber risk reduction strategies. Contribute to vulnerability management and remediation plans. Required Skills & Experience Proven experience managing DFIR or cyber incident response teams. Deep technical knowledge of IR More ❯

development lifecycle and CI/CD processes and working with the IT Infrastructure team on the security elements of migrating on-premise Windows estate to Azure. You'll lead threat modelling and threat hunting activities to proactively discover potential compromises, work with external teams on penetration tests and red team engagements and manage SIEM and XDR tooling More ❯

development lifecycle and CI/CD processes and working with the IT Infrastructure team on the security elements of migrating on-premise Windows estate to Azure. You'll lead threat modelling and threat hunting activities to proactively discover potential compromises, work with external teams on penetration tests and red team engagements and manage SIEM and XDR tooling More ❯

development lifecycle and CI/CD processes and working with the IT Infrastructure team on the security elements of migrating on-premise Windows estate to Azure. You'll lead threat modelling and threat hunting activities to proactively discover potential compromises, work with external teams on penetration tests and red team engagements and manage SIEM and XDR tooling More ❯

privileged-access workflows. Monitoring, Detection & Response - Define audit logging, metrics, and telemetry requirements; integrate with SIEM/SOAR to deliver actionable alerts and playbooks for engineering-led incident response. Threat Modeling & Risk Assessment - Conduct regular architecture and code-level reviews, drive remediation plans, and present risk posture to leadership. Tooling & Automation - Evaluate, select, and integrate security tooling (SAST, DAST … Compliance & Audits - Partner with InfoSec and Legal to prepare evidence, manage technical controls, and remediate audit findings. InfoSec Partnership - Collaborate proactively with the Information Security team on policy development, threat intelligence sharing, incident response, and compliance initiatives, ensuring organisation-wide alignment. Engineering Partnership & Enablement - Work hand-in-hand with engineering squads to raise security awareness, improve secure coding practices … Experience working within high-sensitivity data environments Strong awareness of compliance standards and the requirements on software teams, especially for ISO27001 and SOC2. FedRAMP experience advantageous. Demonstrated experience performing threat modelling, penetration test scoping, and vulnerability management. Deep understanding of IAM concepts, encryption/key-management, and secure network design. Excellent communication skills with ability to translate technical More ❯

Management: Develop and maintain a comprehensive security posture management program to proactively identify and address vulnerabilities. Continuously assess the organization's security posture through vulnerability assessments, penetration testing, and threat modelling. Collaborate with cross-functional teams to implement security best practices and ensure compliance with industry standards and regulations. Cyber Exposure Risk Management: Identify, analyse, and prioritize cyber exposure … configuration management, and secure coding practices. Monitor and respond to emerging threats, ensuring the organization remains resilient against evolving attack vectors. Collaborate with external partners and stakeholders to share threat intelligence and improve the organization's defences. Policy and Compliance: Establish and enforce security policies, standards, and guidelines to ensure compliance with regulatory requirements and industry frameworks (e.g., ISO … for improvement. What You'll Bring: Experience: A depth of experience in cybersecurity, with at least 3 years in a leadership or management role. Proven experience in vulnerability management, threat modelling, and incident response. Strong understanding of security frameworks, compliance standards, and best practices. Education:Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field. More ❯

security and cyber defence. We align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearmans strategy to lead where global complexity creates opportunity. In addition, you will have the opportunity to share and gain intel from the … an access management perspective. Ensure adherence to the change management process when implementing IAM relevant changes to architecture. Perform detailed analysis of application architectures to provide IAM assurance. Understand threat modelling and participate in major incidents responses with IAM components. Review and approve the IAM components of solution designs. Collaborate with cloud infrastructure teams to implement IAM design More ❯

an ad-hoc basis until the move has been completed Maintain Nessus vulnerability management, update systems, run scans and provide reports Cover email security using Mimecast Enterprise Real world threat modelling and incident response (mainly L3/L4 when required) Make suggestions and influence various areas of the business/group from a security perspective Automate tasks and … ideal) Microsoft Defender for EDR/XDR/MDR Nessus for vulnerability management Mimecast for email security SCCM/Intune for patch management L3/L4 Incident Response experience Threat Intelligence/modelling experience Automating tasks using PowerShell, Python etc What’s in it for you? In return you’ll be joining a well established organisation at an More ❯

effectiveness. Deliver security architecture for cloud deployments (private/public). Design and scope IT Health Checks and interpret outcomes. Identify and mitigate security risks in solution architectures. Conduct threat modelling and risk analysis. Design proportional security controls using native cloud technologies. Produce security architecture artefacts including standards and blueprints. What You'll Bring Prior and proven experience More ❯

effectiveness. Deliver security architecture for cloud deployments (private/public). Design and scope IT Health Checks and interpret outcomes. Identify and mitigate security risks in solution architectures. Conduct threat modelling and risk analysis. Design proportional security controls using native cloud technologies. Produce security architecture artefacts including standards and blueprints. What You'll Bring Prior and proven experience More ❯

should have at least 3 years of experience in system, network or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ), Experience with designing and administering identity management (authentication and authorisation including policy enforcement More ❯

Significant experience in Financial Services or Insurance, including PCI-compliant environments. Expert knowledge of network and cloud security using Azure, Hands-on experience with application security, data protection, and threat modelling. Confident communicator, able to influence across technical and business functions. Track record in risk assessment, vulnerability management and secure architecture delivery. Knowledge of DevSecOps, SIEM, IAM, DLP, and More ❯

advancing purple team maturity, the ideal candidate will bring deep technical acumen, a transformation mindset, and a proven ability to lead and inspire high-performing teams in a dynamic, threat-informed environment. RESPONSIBILITIES Technical Leadership & Execution - Personally lead and execute advanced penetration tests, red/purple team exercises, and adversary emulation campaigns across cloud, application, and infrastructure layers. - Identify … vulnerabilities to simulate real-world attack scenarios, validate detection and response capabilities, and uncover control gaps. - Develop and maintain a Purple Team playbook tailored to business-specific technologies and threat models. - Integrate offensive findings into SOC tuning, detection engineering, and control validation workflows. Program Ownership - Own and evolve the offensive security roadmap, including internal testing services, external bug bounty … engineers and red teamers. - Lead the transformation from traditional pentesting to intelligence-driven, continuous offensive security. - Foster a culture of innovation, experimentation, and continuous learning. Collaboration & Influence - Partner with Threat Intelligence, SOC, and Engineering teams to contextualize findings and drive remediation. - Communicate technical findings clearly to both technical and executive audiences. - Influence security architecture and product design through early More ❯

and services. Familiarity with security standards and frameworks (e.g., ISO 27001, NIST, CIS). Knowledge of security technologies such as firewalls and web proxies; experience with ZTNA, CTI, and threat modelling is beneficial. Excellent communication and interpersonal skills. Ability to work effectively in a team-oriented environment. Strong problem-solving and analytical skills. Capacity to manage multiple projects More ❯

and data teams. Collaborating with Cloud and Application Security Engineers to embed security throughout system lifecycles. Partnering with technical and data architects to ensure architectural alignment and integration. Leading threat modelling activities and ensuring outputs are reflected in system designs. Ensuring our security architecture, and the controls that implement it, align to the threats we face and our … Kubernetes Service) and data platforms (e.g. Databricks, Snowflake, Dagster). Proven understanding of security risk management. Excellent understanding of common security controls, in particular cloud security controls. Understanding of threat modelling. Knowledge of ISO 27001 and other commonly used security standards. Understanding of modern cloud technologies. Exposure to Agile working. Ability to translate between technical and non-technical teams. More ❯

best practices, and support enterprise-wide Azure security initiatives. Key Responsibilities Design and implement secure architectures within Microsoft Azure, ensuring alignment with business and compliance requirements. Conduct Azure-specific threat modelling, risk assessments, and security reviews across infrastructure and applications. Collaborate with cloud engineering, DevOps, and compliance teams to embed security into the Azure development lifecycle. Define and More ❯

with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage confidently with both engineers and More ❯

SLAs and KPIs Drive secure architecture standards and embed security controls into DevOps pipelines Oversee implementation and optimisation of security tooling (SAST, DAST, SCA, container security) Champion secure coding, threat modelling, and DevSecOps maturity improvements Manage budgets, profitability, and resource utilisation for your function Mentor and develop high-performing engineering and testing teams Key Responsibilities Support sales with More ❯

SLAs and KPIs Drive secure architecture standards and embed security controls into DevOps pipelines Oversee implementation and optimisation of security tooling (SAST, DAST, SCA, container security) Champion secure coding, threat modelling, and DevSecOps maturity improvements Manage budgets, profitability, and resource utilisation for your function Mentor and develop high-performing engineering and testing teams Key Responsibilities Support sales with More ❯

NIST. Implement third-party security tools and assist in incident response, working with the CSOC team on Cloud threats and events. Build and enforce Cloud-native security tools, conduct threat modelling, and architectural reviews to improve security practices. Support risk, compliance, and governance initiatives, promote Cloud security, and identify platform improvements. Map attack paths and lead the implementation More ❯

cybersecurity and data privacy controls across all AI workflows, including encryption, anonymisation, and access logging. Collaborate with CISO: Work closely with the Chief Information Security Officer (CISO) function on threat modelling, security reviews, and AI-specific control design. Enterprise Integration: Integrate with enterprise Identity and Access Management (IAM) systems, enforcing Role-Based Access Control (RBAC) and least privilege More ❯