26 to 50 of 95 Threat Modelling Jobs in London

effectiveness. Deliver security architecture for cloud deployments (private/public). Design and scope IT Health Checks and interpret outcomes. Identify and mitigate security risks in solution architectures. Conduct threat modelling and risk analysis. Design proportional security controls using native cloud technologies. Produce security architecture artefacts including standards and blueprints. What You'll Bring Prior and proven experience More ❯

effectiveness. Deliver security architecture for cloud deployments (private/public). Design and scope IT Health Checks and interpret outcomes. Identify and mitigate security risks in solution architectures. Conduct threat modelling and risk analysis. Design proportional security controls using native cloud technologies. Produce security architecture artefacts including standards and blueprints. What You'll Bring Prior and proven experience More ❯

should have at least 3 years of experience in system, network or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ), Experience with designing and administering identity management (authentication and authorisation including policy enforcement More ❯

Significant experience in Financial Services or Insurance, including PCI-compliant environments. Expert knowledge of network and cloud security using Azure, Hands-on experience with application security, data protection, and threat modelling. Confident communicator, able to influence across technical and business functions. Track record in risk assessment, vulnerability management and secure architecture delivery. Knowledge of DevSecOps, SIEM, IAM, DLP, and More ❯

The Role We are seeking a seasoned Senior Cyber Security Consultant with a background in SOC engineering tools plus one of Cloud Security, Identity and Access Management (IAM) or Threat Modelling. In this role, you will work with cross-functional teams to deliver cutting-edge security solutions that address the evolving threat landscape, helping organisations to safeguard their … and other monitoring tools. Provide technical guidance to engineering teams on secure design and implementation. Develop playbooks and automation scripts to enhance SOC efficiency and incident response capabilities. Integrate threat intelligence feeds into SOC workflows for real-time monitoring and response. Conduct regular tool performance reviews and implement upgrades or replacements as necessary. Skills Extensive experience in SOC tools … engineering plus one of Cloud Security, Identity & Access Management (IAM) or threat modelling. Hands-on experience with SOC tools, including SIEM, SOAR and EDR solutions. Strong experience in securing cloud platforms (AWS, Azure, GCP) and understanding of their native security services (preferred). Knowledge of IAM principles, tools (e.g., Okta, Azure AD, CyberArk), and frameworks (preferred). Proficiency in More ❯

advancing purple team maturity, the ideal candidate will bring deep technical acumen, a transformation mindset, and a proven ability to lead and inspire high-performing teams in a dynamic, threat-informed environment. RESPONSIBILITIES Technical Leadership & Execution - Personally lead and execute advanced penetration tests, red/purple team exercises, and adversary emulation campaigns across cloud, application, and infrastructure layers. - Identify … vulnerabilities to simulate real-world attack scenarios, validate detection and response capabilities, and uncover control gaps. - Develop and maintain a Purple Team playbook tailored to business-specific technologies and threat models. - Integrate offensive findings into SOC tuning, detection engineering, and control validation workflows. Program Ownership - Own and evolve the offensive security roadmap, including internal testing services, external bug bounty … engineers and red teamers. - Lead the transformation from traditional pentesting to intelligence-driven, continuous offensive security. - Foster a culture of innovation, experimentation, and continuous learning. Collaboration & Influence - Partner with Threat Intelligence, SOC, and Engineering teams to contextualize findings and drive remediation. - Communicate technical findings clearly to both technical and executive audiences. - Influence security architecture and product design through early More ❯

of Azure and Microsoft 365 cloud security controls and best practices. Deep understanding of cloud security architecture , the shared responsibility model, and infrastructure-as-code security principles. Experience with threat modelling, incident response, and forensic analysis in cloud environments. Familiarity with container security, Kubernetes, and hybrid or multi-cloud deployments is advantageous. Preferred certifications: Google Professional Cloud Security More ❯

and services. Familiarity with security standards and frameworks (e.g., ISO 27001, NIST, CIS). Knowledge of security technologies such as firewalls and web proxies; experience with ZTNA, CTI, and threat modelling is beneficial. Excellent communication and interpersonal skills. Ability to work effectively in a team-oriented environment. Strong problem-solving and analytical skills. Capacity to manage multiple projects More ❯

including hiring, mentoring and performance management Defining and delivering the security engineering roadmap aligned to technology strategy and enterprise risk appetite Developing talent in line with G-Research values, modelling leadership behaviours, coaching teams to their strengths and fostering a supportive environment Security architecture and engineering Driving secure design and implementation across on-premises and cloud environments Overseeing advanced … security capabilities such as endpoint protection, identity and access management, encryption, network and application security Leading threat modelling and vulnerability management efforts Governance, risk and compliance Aligning security engineering with internal controls, regulatory obligations and industry best practice Supporting audits, assessments and compliance initiatives in collaboration with the CTO, operations and engineering teams Incident response and resilience Contributing … and care for others Preferred Professional certifications such as CISSP, CISM or GIAC. Exposure to privacy regulations, such as GDPR and CCPA, and financial compliance requirements Experience with insider threat programs, data loss prevention (DLP) and zero-trust security models Behavioural Competencies Strategic mindset with a hands-on approach to execution Strong interpersonal and stakeholder engagement skills High level More ❯

the enterprise-wide security architecture blueprint across corporate and product domains. Drive the Trainline Zero Trust initiative, spanning identity, device, network, and application layers. Lead secure design reviews and threat modelling for key product and infrastructure initiatives. Develop reference architectures and reusable security design patterns. Collaborate with the IAM Engineer to architect enterprise identity and access management Enforce … secure configurations across SaaS, endpoint, and MDM platforms (e.g., CrowdStrike, Jamf, Intune). Evaluate and guide SaaS tool usage, integrations, and risk mitigation. Design and maintain DLP, insider threat, and device posture enforcement capabilities. Collaborate with product and platform engineering teams to embed security into the SDLC and CI/CD. Define security controls for cloud-native services in More ❯

and data teams. Collaborating with Cloud and Application Security Engineers to embed security throughout system lifecycles. Partnering with technical and data architects to ensure architectural alignment and integration. Leading threat modelling activities and ensuring outputs are reflected in system designs. Ensuring our security architecture, and the controls that implement it, align to the threats we face and our … Kubernetes Service) and data platforms (e.g. Databricks, Snowflake, Dagster). Proven understanding of security risk management. Excellent understanding of common security controls, in particular cloud security controls. Understanding of threat modelling. Knowledge of ISO 27001 and other commonly used security standards. Understanding of modern cloud technologies. Exposure to Agile working. Ability to translate between technical and non-technical teams. More ❯

best practices, and support enterprise-wide Azure security initiatives. Key Responsibilities Design and implement secure architectures within Microsoft Azure, ensuring alignment with business and compliance requirements. Conduct Azure-specific threat modelling, risk assessments, and security reviews across infrastructure and applications. Collaborate with cloud engineering, DevOps, and compliance teams to embed security into the Azure development lifecycle. Define and More ❯

with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator. Able to engage confidently with both engineers and More ❯

RAG pipelines, agentic workflows and document intelligence systems Embed cybersecurity and data privacy controls across all AI workflows (e.g., encryption, anonymisation, access logging) Collaborate with the CISO function on threat modeling, security reviews, and AI-specific control design. Integrate with enterprise IAM systems, enforcing RBAC, least privilege Conduct vulnerability scans, pen-test remediation, and support internal and regulatory audits More ❯

RAG pipelines, agentic workflows and document intelligence systems Embed cybersecurity and data privacy controls across all AI workflows (e.g., encryption, anonymisation, access logging) Collaborate with the CISO function on threat modeling, security reviews, and AI-specific control design. Integrate with enterprise IAM systems, enforcing RBAC, least privilege Conduct vulnerability scans, pen-test remediation, and support internal and regulatory audits More ❯

develop creative network solutions to address security challenges. Security and Firewall Management: Manage firewall configurations for the CyberEnergianetwork based on operational requirements. Develop and implement network security tools, produce threat models, and assess risks around existing configurations. Provide subject matter expertise on network security, firewalls, and industry best practices. Document and formalize security processes. Automation and Infrastructure Management: Drive More ❯

security controls across architecture, infrastructure and code (AWS Serverless, CDK/SST, React/TypeScript). Shift security left. Embed SAST/DAST, IaC scanning, secure coding standards and threat-modeling into every stage of our CI/CD pipeline. Own compliance & audits. Run our Vanta instance end-to-end (SOC 2 Type II, ISO 27001, GDPR, etc.) and More ❯

and deploy detection logic across SIEM, EDR and cloud security platforms. Build detections aligned with frameworks such as MITRE ATT&CK and continuously tune for accuracy and performance. Conduct threat modelling and participate in purple team exercises to assess and improve detection effectiveness. Use Detection-as-Code principles to manage detection rules via version control, CI/CD … pipelines and automated testing frameworks. Reduce false positives through tuning, enrichment and contextual awareness. Skills Expertise in detection engineering, threat hunting, or a related Cyber Security field. Proficiency in Sentinel, KQL, XDR and Splunk is required. Experience with SIEM platforms (e.g. Splunk, Sentinel, Elastic), EDR tools (e.g. CrowdStrike, SentinelOne), and/or cloud-native security services (e.g. AWS GuardDuty … GCP Chronicle). Ability to create and iterate on detection content (e.g. SIEM rules, correlation searches and detection-as-code signatures) to proactively identify malicious behaviour and improve threat visibility and reduce false positives Familiarity with MITRE ATT&CK framework and threat detection lifecycle. More ❯

SLAs and KPIs Drive secure architecture standards and embed security controls into DevOps pipelines Oversee implementation and optimisation of security tooling (SAST, DAST, SCA, container security) Champion secure coding, threat modelling, and DevSecOps maturity improvements Manage budgets, profitability, and resource utilisation for your function Mentor and develop high-performing engineering and testing teams Key Responsibilities Support sales with More ❯

SLAs and KPIs Drive secure architecture standards and embed security controls into DevOps pipelines Oversee implementation and optimisation of security tooling (SAST, DAST, SCA, container security) Champion secure coding, threat modelling, and DevSecOps maturity improvements Manage budgets, profitability, and resource utilisation for your function Mentor and develop high-performing engineering and testing teams Key Responsibilities Support sales with More ❯

to help embed risk-conscious technical security controls in our services and products, development workflows and activities. You'll act as a subject matter expert on application security, run Threat Modelling exercises with engineering teams, and work on cloud native security tooling, automating our work, and leveraging infrastructure as code. Bringing your experience of writing and reviewing code More ❯

NIST. Implement third-party security tools and assist in incident response, working with the CSOC team on Cloud threats and events. Build and enforce Cloud-native security tools, conduct threat modelling, and architectural reviews to improve security practices. Support risk, compliance, and governance initiatives, promote Cloud security, and identify platform improvements. Map attack paths and lead the implementation More ❯

cybersecurity and data privacy controls across all AI workflows, including encryption, anonymisation, and access logging. Collaborate with CISO: Work closely with the Chief Information Security Officer (CISO) function on threat modelling, security reviews, and AI-specific control design. Enterprise Integration: Integrate with enterprise Identity and Access Management (IAM) systems, enforcing Role-Based Access Control (RBAC) and least privilege More ❯

cybersecurity and data privacy controls across all AI workflows, including encryption, anonymisation, and access logging. Collaborate with CISO: Work closely with the Chief Information Security Officer (CISO) function on threat modelling, security reviews, and AI-specific control design. Enterprise Integration: Integrate with enterprise Identity and Access Management (IAM) systems, enforcing Role-Based Access Control (RBAC) and least privilege More ❯

of experience in cloud or information security. Proven experience securing Google Cloud Platform (GCP) environments. Strong understanding of cloud security principles and native controls. Experience with incident response and threat modelling. Relevant certifications such as: Google Professional Cloud Security Engineer Azure Security Engineer Associate (AZ-500) Certified Cloud Security Professional (CCSP) Key Attributes Strong verbal and written communication skills. More ❯