1 to 25 of 29 Threat Modelling Jobs in London

primary security partner for product and engineering teams - ensuring applications are designed, built and maintained with robust security at their core. You will lead threat modelling, manage vulnerability backlogs, support incident response, and help uplift security maturity across development squads. Key Responsibilities Define and implement product security policies … tooling and standards across the SDLC Lead threat modelling for new and existing applications Own the product vulnerability backlog, prioritising and tracking remediation Liaise on bug bounty findings and ensure timely fixes Conduct root cause analysis for security incidents and systemic issues Act as Incident Commander or Investigation ...

privileged access Design secure network architectures covering encryption, key management, and secure connectivity Embed application security principles , including secure APIs, data protection, and threat modelling Ensure systems are designed for security resilience , availability, and risk mitigation Collaborate with engineering, platform, and delivery teams to embed security across … Deep knowledge of IAM , authentication, authorisation, and privileged access management Strong background in network security , encryption, and key management Experience with application security , including threat modelling and secure data flows Ability to design systems with security resilience built in Active SC Clearance Nice-to-Have Skills Hands ...

teams, and strengthening enterprise security posture-particularly across Microsoft 365, Azure, data platforms, and AI-enabled solutions. You will play a key role in threat modelling, risk assessments, guardrail design & implementation, and delivering practical security guidance for engineering, data, and application/product teams. Rationale/deliverables: Contribute … enhanced productivity systems Support the roll-out of the new AI information security control framework Support the Data governance team Key Responsibilities Perform threat modelling (STRIDE), guardrail definition, and security posture assessments across applications, data platforms, APIs, cloud services, and SaaS ecosystems. Identify security control gaps , especially around ...

. Youll dissect designs, model attack paths, and show engineering teams what good really looks like. Depending on the engagement, you might run a threat model, assess CI/CD pipelines, learn a vendor DSL for a PoC, or build internal tooling. We dont expect you to know everything … just to be curious, practical, and willing to dive in. What Youll Do Threat Modelling & Architecture Reviews: Break down AWS services, map trust boundaries, build attack trees, and define security requirements before code ships. Security Automation: Build IaC-driven checks, Lambda/Step Function tooling, CI/ ...

dissect designs, model attack paths, and show engineering teams what “good” really looks like. Depending on the engagement, you might run a threat model, assess CI/CD pipelines, learn a vendor DSL for a PoC, or build internal tooling. They don’t expect you to know everything — just … curious, practical, and willing to dive in. What You’ll Do Threat Modelling & Architecture Reviews: Break down AWS services, map trust boundaries, build attack trees, and define security requirements before code ships. Security Automation: Build IaC-driven checks, Lambda/Step Function tooling, CI/CD gates ...

delivery without owning build or operations. Key Responsibilities Attend regular project and design meetings to understand requirements and delivery milestones. Perform initial and iterative threat modelling for new features, integrations, and architectural changes. Advise on secure architecture design, including IAM, network segmentation, encryption, and data protection. Recommend … being consistently applied. Essential Experience Proven experience as a Security Architect or senior cyber security consultant in digital delivery environments. Strong Secure by Design, threat modelling, and risk-based security expertise. Experience advising product teams in agile, cloud-based delivery contexts. Confident engaging with architects, developers, and delivery ...

testing frameworks The AI Security Engineer is responsible for securing AI platforms and systems against adversarial threats. The role focuses on technical security controls, threat modelling, red teaming, and continuous monitoring of AI systems. Focus of the role Design and implement security controls for AI and LLM systems … Perform AI-specific threat modelling and risk analysis Lead red team and blue team testing of AI platforms Conduct prompt injection and adversarial testing Knowledge & Experience Strong background in security engineering and cloud security Hands-on experience with AI red teaming and adversarial testing Familiarity with AI security ...

IaaS, PaaS, SaaS, CASB, Zero Trust and micro-segmentation. Demonstrate a strong understanding of IAM including RBAC, ABAC, PAM, provisioning, compliance and SSO. Apply threat-modelling approaches including OWASP, PASTA, STRIDE, MITRE ATT&CK, threat intelligence and threat hunting. Desirable Experience Design and assure secure network … architectures and enterprise security solutions. Designing or assuring SOC operations, including monitoring and response. Overseeing penetration testing, vulnerability assessments and remediation lifecycle. Integrating threat intelligence into operations and strategic planning. Essential QualificationsCertified Information Security Manager (CISM)Certified Information Systems Security Professional (CISSP)Security ClearanceSecurity Check (SC) Clearance is required. ...

client audit requests as they relate to AI use at the firm. Perform detailed security analysis of application architectures to provide assurance. Understand threat modelling and participate in major incidents responses with IAM and AI components. Review and approve the IAM components of solution designs. Collaborate with cloud ...

align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearmans strategy to lead where global complexity creates opportunity. In addition, you will have the opportunity to share … adherence to the change management process when implementing IAM relevant changes to architecture. Perform detailed analysis of application architectures to provide IAM assurance. Understand threat modelling and participate in major incidents responses with IAM components. Review and approve the IAM components of solution designs. Collaborate with cloud infrastructure ...

privileged access Experience with network security, encryption, key management, and secure connectivity Knowledge of application security principles, including secure APIs, data protection, and threat modelling Experience designing for security resilience. Desirable Skills: Hands-on experience with cloud security services and tooling (e.g. AWS Security Hub, Azure Defender, Sentinel ...

cloud deployments (private/public). Design and scope IT Health Checks and interpret outcomes. Identify and mitigate security risks in solution architectures. Conduct threat modelling and risk analysis. Design proportional security controls using native cloud technologies. Produce security architecture artefacts including standards and blueprints. What ...

future capabilities Assess solution documentation covering interfaces, data, infrastructure, and dependencies Evaluate technologies and systems for feasibility, relevance, and risk Conduct business impact analysis, threat modelling, and security testing; support remediation actions Ensure compliance with Cyber Essentials, PCI-DSS, GDPR, and other relevant security standards Assure alignment with ...

commit to working in Central London 1 day a week. Job Requirements: Work with project teams to understand product requirements and delivery milestones. Conduct threat modelling to identify security risks across applications, integrations, and cloud-based architectures . Advise on secure-by-design solutions , including access controls, encryption ...

outcomes. About You We're looking for someone with a blend of technical expertise and delivery mindset: Hands-on application security experience: secure coding, threat modelling, SAST/DAST tooling. Strong knowledge of SDLC and CI/CD integration, with experience securing software throughout its lifecycle. Pragmatic, delivery ...

engineering foundation, with practical knowledge of modern application architectures (e.g., microservices, APIs, distributed systems). Proven ability to design and document architectures using visual modelling techniques such as C4, UML, and data flow diagrams. Hands-on experience with at least one major cloud provider, ideally AWS, including Infrastructure … Code, platform services, networking, and security controls. Deep understanding of secure and resilient system design, including authentication patterns, threat modelling, performance considerations, and observability. Familiarity with Ruby, Python, or Java, and modern development practices such as CI/CD, TDD, and containerization. Experience guiding technology decisions, evaluating options ...

services + maintaining a strong security culture. Investigating security incidents and breaches, performing vulnerability scans for releases, vulnerability risk assessments + remediation planning. Conducting threat modelling to identify risks and inform secure design decisions. Providing assurance over patching operations, release notes + change management activities. Assessing external threat ...

services + maintaining a strong security culture. Investigating security incidents and breaches, performing vulnerability scans for releases, vulnerability risk assessments + remediation planning. Conducting threat modelling to identify risks and inform secure design decisions. Providing assurance over patching operations, release notes + change management activities. Assessing external threat ...

clearly communicate complex technical concepts to non-technical stakeholders Desirable: Architecture/diagrams as code (C4, Structurizr, Mermaid, PlantUML) Secure-by-design and threat modelling experience Zero Trust/ZTNA exposure Comfort working alongside Enterprise Architects and formal notations What’s on Offer: Senior, influential role with real ...

security processes, influence the architecture, and partner with Cloud and Data teams. They need someone with 5+ years experience, who has diverse experience across threat modelling, product security and system architecture. Stack: Python, AWS, Linux, SAST This company has a modern culture with evangelizes collaboration and research ...

experience with agents : LangChain, AutoGPT, CrewAI, or custom agent frameworks • Regulated industry background : Financial services, healthcare, or other domains with compliance requirements • Security/threat modelling expertise : Understanding of adversarial AI, prompt injection, or system security • Real-time systems experience : Trading systems, fraud detection, or other low-latency ...

microservices (e.g., Kubernetes, Docker) Build and integrate security solutions for DevSecOps pipelines and collaborate with cross-functional teams to deploy them globally Perform threat modeling for cloud-based workloads and develop corresponding countermeasures Review and assess new third-party cloud and on-premises solutions to identify potential security risks … GitHub Hands-on experience with Infrastructure as Code (IaC) and Policy as Code (PaC) technologies, including Terraform and CloudFormation Demonstrated skills in cloud threat modeling and architectural assessment using tools like IriusRisk Strong knowledge of compliance benchmarks (e.g., CIS, GDPR, PCI-DSS, ISO standards) and industry cloud security standards ...

Secure by Design discovery and assessment activities across digital services Identify security risks, constraints, and dependencies, and translate these into clear, prioritised recommendations. Facilitate threat modelling and risk workshops with multidisciplinary teams. Define pragmatic security control expectations aligned to service risk and context. Produce concise written outputs that ...

modules), and network segmentation for hybrid environments. DevSecOps: Integrating SAST/DAST tools into CI/CD pipelines and automating compliance checks. Security Documentation Threat Modeling: Using frameworks to identify risks in legacy-to-modern transitions. Security Control Sets: Defining controls for data encryption, access management, and audit logging … functional teams (developers, ops, risk owners) to align security with business objectives. Risk Appetite Management: Balancing security requirements with project timelines and budgetary constraints. Threat assessments and risk registers. Security Controls Statement of Applicability . Pre- and post-ITHC compliance reports. UK Government Experience: - Preferred to have 3 years ...

deep expertise in cybersecurity and practical experience in securing AI/ML systems. In this role, you will help clients navigate the rapidly evolving threat landscape of artificial intelligence. You will work across strategy, architecture, and hands-on technical analysis to design resilient systems for high-impact environments. … Responsibilities AI/ML Security Oversight: Evaluate and secure the entire AI lifecycle, including model governance, data pipelines, and deployment patterns. Threat Modeling: Conduct advanced security assessments and risk analysis across cloud, on-premise, and hybrid environments. Risk Mitigation: Advise clients on emerging AI risks such as prompt injection ...