1 to 25 of 95 Threat Modelling Jobs in London

Application Security Engineer to embed secure development practices across its software delivery lifecycle. This role is critical in reducing application-layer risks, implementing secure coding standards, and ensuring that threat modelling and architecture reviews are consistently applied across all development efforts. You will work closely with engineering, and platform teams to integrate security into CI/CD pipelines … pipelines and development workflows. Implement and manage SAST, DAST, and SCA tools to detect vulnerabilities early in the lifecycle Conduct secure code reviews and support developers in remediating findings. Threat Modelling & Architecture Review Lead threat modelling sessions using standard methodologies to identify design flaws Review application architectures to ensure alignment with security objectives and mitigation of … common threats. Maintain and update reference architectures based on threat modelling insights. Tooling & Automation Deploy and manage application security tools and integrate them with existing platforms. Automate security tasks using scripting (e.g., Python, PowerShell) or SOAR platforms. Governance & Compliance Ensure alignment with ISO 27001, FCA, and NIST standards. Contribute to audit readiness and support compliance automation platforms such More ❯

us embed secure-by-design thinking across the BBC. You'll work hands-on with engineering teams, applying InfoSec-led policies and architecture in delivery contexts. You'll support threat modelling, promote secure coding practices, and help scale Secure SDLC across the organisation - without reinventing governance or duplicating policy. It's a high-trust role with real impact … InfoSec on shared tooling, templates and enablement. Help teams adopt secure coding standards and integrate automated security checks (SAST, DAST, dependency scanning) into CI/CD pipelines. Participate in threat modelling using InfoSec-led methodologies and coordinate validation and review workflows. Review technical designs, proposals and code for alignment with security policies, architecture patterns and assurance requirements. Act … credibly - whether explaining risk trade-offs to a squad or feeding technical insight into an assurance board. It's a bonus if you've also: Facilitated or contributed to threat modelling sessions using frameworks like STRIDE or DFDs. Reviewed designs and code with a security lens and an eye for policy alignment. Navigated delivery in regulated, public service More ❯

strategy across infrastructure, applications, and data. Lead hands-on development of security roadmaps, maturity models, and control frameworks tailored to Fuse's risk profile. Directly contribute to architecture reviews, threat modelling sessions, and key design decisions across product and platform teams. Build and mentor a high-performing security team, including hiring, coaching, and managing performance. Develop KPIs and … data protection, access control, and insider risk. Ensure compliance with SOC 2, ISO 27001, GDPR, and other relevant frameworks. Oversee security audits and third-party risk programs. Risk Management & Threat Intelligence Lead threat modelling, risk assessments, and security reviews of critical systems; design and deliver security awareness training programs for all employees to promote a culture of … proactive risk management. Build threat intelligence capabilities to stay ahead of emerging risks. Balance risk management with product and engineering velocity. Incident Response & Resilience Own response plans for high-severity threats and incidents. Build robust detection, containment, and remediation processes. Drive business continuity and disaster recovery strategy. Technology & Infrastructure Security Partner with engineering to embed security in the SDLC More ❯

architectural guidance for cryptographic key management, signing workflows, and secure APIs. Evaluate and enhance security of components related to digital asset management, identity systems, or transaction flows. Risk Management & Threat Modelling Conduct comprehensive threat modelling and risk assessments, especially around distributed or high-value transaction systems. Define controls for securing sensitive operations such as wallet integrations … off-chain/on-chain data flows, and internal tooling. Develop and manage internal threat intelligence processes to proactively identify and mitigate emerging risks. Security Operations & Incident Response Lead response to advanced threats and incidents, including analysis, containment, and remediation. Build and optimise detection mechanisms and playbooks for novel attack vectors, including abuse prevention and fraud detection. Governance, Compliance More ❯

part of our culture and success. How will you contribute? Secure SDLC Support : Assist in integrating security practices into the software development lifecycle, including design reviews and backlog grooming. Threat Modelling : Participate in structured threat modelling exercises with guidance from senior team members. Vulnerability Triage : Work with engineering teams to review findings from SAST, SCA, DAST … Experience working in SaaS, multi-tenant cloud environments. Knowledge of machine learning security (AI/ML model risks, LLM security best practices). Familiarity with attack surface management and threat intelligence. Relevant certifications (e.g., Security+, SSCP, GSEC) are a plus but not required. What do we offer? We value our people and offer a competitive salary along with company More ❯

Working with the development team in embedding security in the SDLC Provide assistance in risk management activities Support security-related incidents Support our log monitoring operations Take part in threat modelling sessions Support the teams in risk analysis of technical vulnerabilities Support our Security Champions Assist in the execution of Threat Hunts, pentests and Threat Modelling … AWS Certified Security Familiarity with TCP/IP, DNS, firewalls, VPNs, and VLANs. Basic experience with SIEMs and security logs Understanding of vulnerability management practices Understanding of penetration testing, Threat Hunting, Red Teaming methodologies Familiarity with application security and OWASP Top Ten Scripting languages Experience with capture-the-flags Familiarity with audit principles and different information security compliance standards More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current: Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing: Perform ad-hoc security assessments and provide expert More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current : Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing : Perform ad-hoc security assessments and provide expert More ❯

Actively contribute to the adoption of secure by design practices, with technical delivery teams for both existing systems and new systems, e.g. use of internal or external guidance, leading Threat Modelling activity. Nurture the use of secure technical practices to deliver technical excellence. Support experimentation and innovation in solving problems Supervise third parties in their deliveries related to … Functional knowledge and experience 7+ years of increasing responsibility in technical engineering or information security roles, security architecture preferred. Experience of enterprise architecture frameworks and their application Experience in threat modelling/design pattern development Proven Experience in designing and applying security controls into distributed systems (on premises and cloud) Thorough understanding of the latest security principles, techniques More ❯

Drive the integration of security into every stage of the Software Development Lifecycle (SDLC). Design, implement, and manage security controls to ensure secure product design, development, and deployment. Threat Analysis and Mitigation : Collaborate with cross-functional teams to perform threat modelling, identify security risks, and implement effective countermeasures. Proactively assess the security posture of applications through … vulnerability scanning solutions. Strong grasp of secure coding practices and proficiency in integrating security into the Software Development Lifecycle (SDLC). Technical Knowledge and Implementation experience: Direct experience with threat modelling, security reviews, and penetration testing. Proven ability to secure cloud-native architectures, containerization technologies, and Infrastructure as Code (IaC) environments. Familiarity with industry standards and frameworks such More ❯

to be the engineer that can dissect designs, model attack paths, and give hands-on examples to teams of what good looks like. On any given engagement you might threat model, assess pipelines, learn a DSL from a security vendor so that you can complete a proof of concept, or build toolkit to help your team. We don't … expect you to know it all. Responsibilities: Threat modelling & architecture reviews - break down new AWS-backed services, map trust boundaries, build attack trees, and define security requirements before a single line of code is merged. Security automation - write and maintain IaC-driven checks, custom Lambda/Step-Functions, CI/CD gates, and CSPM rules so that secure … About the candidate: Must-haves A minimum Bachelor's degree (2.1 or higher) is required in Computer Science, or in a Technology-related field Deep AWS internals knowledge Proven threat-modelling chops (STRIDE, attack-trees, or other methodologies ). Strong coding ability in at least one language (Python, Go, Rust, etc.). CI/CD security automation (GitHub More ❯

of applications. Collaborate with empowered teams to ensure secure design, development, implementation, and verification of applications. Provide remediation guidance and recommendations to developers and administrators. Participate in and advance threat modelling practices across the division. Help stakeholders make risk-based decisions. Train developers and create educational presentations. Develop tools and automation supporting responsibilities. What You Bring to The … identify threats. Excellent ability to communicate, verbally and in writing, complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management. Strong experience in threat modelling software systems. Certification in CISSP or CCSP, it's a plus. Strong problem-solving capabilities using various technologies. Capability to research a new topic and to learn More ❯

implement scalable security mechanisms and tooling across diverse customer environments and architectures. • Engage directly with CISOs, enterprise architects, and security executives to co-develop secure-by-design solutions. • Lead threat modelling, posture review, and detection design efforts targeting systemic risk. • Build automation and detection systems directly or in collaboration with engineering teams to reduce manual effort and accelerate … regulated or high-trust environments such as finance, energy, or government • Prior experience designing or contributing to security automation mechanisms at scale • Strong understanding of cloud-native security principles, threat modelling, and secure design patterns • Demonstrated ability to collaborate and deliver results across organisational and technical boundaries Amazon is an equal opportunities employer. We believe passionately that employing More ❯

drive awareness of security from the earliest stages of design through to deployment. You'll help integrate automated security tooling and checks into our CI/CD pipelines, facilitate threat modelling sessions, and review security-sensitive design decisions around authentication, cryptography, and logging. You'll also ensure that tools such as SAST, DAST, and SCA are effective and … in CI/CD Hands-on experience with security tools like SAST, DAST, and SCA Familiar with cloud environments (especially AWS), containers, and microservices Comfortable reviewing technical designs, performing threat modelling, and advising on secure architecture Strong communicator who collaborates well with engineers and promotes secure-by-default practices We might not be right for you if: You More ❯

that requires a higher level of resolution. Assist with Problem and Change management support for the resolution of incidents. Proactively identify opportunities of improvement from a technical perspective. Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring Pre-requisites: Experience of 9-12 years in advanced security technologies Strong security More ❯

organisation is seeking a VP-level DFIR Manager to lead its Digital Forensics and Incident Response (DFIR) team. This is a hands-on leadership role focused on incident response, threat detection, and forensics within a complex, regulated environment. You'll be responsible for advancing the organisation's incident response capabilities, leading investigations, and driving threat detection maturity through … development of use cases, threat intelligence, and vulnerability management. Key Responsibilities Lead the DFIR function, overseeing incident detection, investigation, and response activities. Develop and implement IR methodologies (MITRE ATT&CK, Kill Chain, Threat Modelling, Diamond Model). Conduct forensic investigations on systems, networks, and endpoints. Refine threat hunting and threat intelligence capabilities. Support and mature … security monitoring use cases (SIEM, packet inspection, IOCs). Coordinate cross-functional security incident response with SOC, Threat Intelligence, and Red/Blue teams. Engage with technical and business teams on cyber risk reduction strategies. Contribute to vulnerability management and remediation plans. Required Skills & Experience Proven experience managing DFIR or cyber incident response teams. Deep technical knowledge of IR More ❯

development lifecycle and CI/CD processes and working with the IT Infrastructure team on the security elements of migrating on-premise Windows estate to Azure. You'll lead threat modelling and threat hunting activities to proactively discover potential compromises, work with external teams on penetration tests and red team engagements and manage SIEM and XDR tooling More ❯

development lifecycle and CI/CD processes and working with the IT Infrastructure team on the security elements of migrating on-premise Windows estate to Azure. You'll lead threat modelling and threat hunting activities to proactively discover potential compromises, work with external teams on penetration tests and red team engagements and manage SIEM and XDR tooling More ❯

development lifecycle and CI/CD processes and working with the IT Infrastructure team on the security elements of migrating on-premise Windows estate to Azure. You'll lead threat modelling and threat hunting activities to proactively discover potential compromises, work with external teams on penetration tests and red team engagements and manage SIEM and XDR tooling More ❯

NIST, ISO 27001, CIS). Develop and maintain secure architectural patterns and standards, with a solid working knowledge of cloud security (AWS, Azure, GCP). Apply risk-based and threat-based approaches to evaluate and recommend appropriate and proportionate security technologies and solutions (e.g., SIEM, IAM, CASB, container security). Outline key security components, interfaces, and dependencies. Develop architectural … Document security design principles and provide rationale. Ensure designs align with business objectives, security policies, and industry best practices, with a focus on cloud-native security considerations. Risk and Threat Management: Conduct comprehensive risk assessments and threat modelling, providing detailed analysis and actionable recommendations. Advises clients on risk mitigation strategies and security best practices, and support the More ❯

privileged-access workflows. Monitoring, Detection & Response - Define audit logging, metrics, and telemetry requirements; integrate with SIEM/SOAR to deliver actionable alerts and playbooks for engineering-led incident response. Threat Modeling & Risk Assessment - Conduct regular architecture and code-level reviews, drive remediation plans, and present risk posture to leadership. Tooling & Automation - Evaluate, select, and integrate security tooling (SAST, DAST … Compliance & Audits - Partner with InfoSec and Legal to prepare evidence, manage technical controls, and remediate audit findings. InfoSec Partnership - Collaborate proactively with the Information Security team on policy development, threat intelligence sharing, incident response, and compliance initiatives, ensuring organisation-wide alignment. Engineering Partnership & Enablement - Work hand-in-hand with engineering squads to raise security awareness, improve secure coding practices … Experience working within high-sensitivity data environments Strong awareness of compliance standards and the requirements on software teams, especially for ISO27001 and SOC2. FedRAMP experience advantageous. Demonstrated experience performing threat modelling, penetration test scoping, and vulnerability management. Deep understanding of IAM concepts, encryption/key-management, and secure network design. Excellent communication skills with ability to translate technical More ❯

Management: Develop and maintain a comprehensive security posture management program to proactively identify and address vulnerabilities. Continuously assess the organization's security posture through vulnerability assessments, penetration testing, and threat modelling. Collaborate with cross-functional teams to implement security best practices and ensure compliance with industry standards and regulations. Cyber Exposure Risk Management: Identify, analyse, and prioritize cyber exposure … configuration management, and secure coding practices. Monitor and respond to emerging threats, ensuring the organization remains resilient against evolving attack vectors. Collaborate with external partners and stakeholders to share threat intelligence and improve the organization's defences. Policy and Compliance: Establish and enforce security policies, standards, and guidelines to ensure compliance with regulatory requirements and industry frameworks (e.g., ISO … for improvement. What You'll Bring: Experience: A depth of experience in cybersecurity, with at least 3 years in a leadership or management role. Proven experience in vulnerability management, threat modelling, and incident response. Strong understanding of security frameworks, compliance standards, and best practices. Education:Bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field. More ❯

security and cyber defence. We align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearmans strategy to lead where global complexity creates opportunity. In addition, you will have the opportunity to share and gain intel from the … an access management perspective. Ensure adherence to the change management process when implementing IAM relevant changes to architecture. Perform detailed analysis of application architectures to provide IAM assurance. Understand threat modelling and participate in major incidents responses with IAM components. Review and approve the IAM components of solution designs. Collaborate with cloud infrastructure teams to implement IAM design More ❯

the Executive and project leadership to ensure security is represented in commercial proposals, assurance processes, and delivery planning. Maintain strong relationships with relevant external stakeholders (e.g. NCSC, NPSA), monitoring threat intelligence and security guidance. Operational Security & Risk Management Lead the design, implementation, and monitoring of controls across endpoint security, identity and access management, and cloud infrastructure (e.g., AWS). … for cyber-attacks and disruptions. Support secure architecture and infrastructure reviews across projects and services. Risk Management & Security Engineering Conduct and lead structured technical and procedural risk assessments, including threat modelling and security reviews for new projects or systems. Collaborate with IT and engineering teams to identify, address, and continuously improve security control effectiveness. Oversee the management of More ❯

an ad-hoc basis until the move has been completed Maintain Nessus vulnerability management, update systems, run scans and provide reports Cover email security using Mimecast Enterprise Real world threat modelling and incident response (mainly L3/L4 when required) Make suggestions and influence various areas of the business/group from a security perspective Automate tasks and … ideal) Microsoft Defender for EDR/XDR/MDR Nessus for vulnerability management Mimecast for email security SCCM/Intune for patch management L3/L4 Incident Response experience Threat Intelligence/modelling experience Automating tasks using PowerShell, Python etc What’s in it for you? In return you’ll be joining a well established organisation at an More ❯