security controls, you'll play a crucial role in safeguarding our environment. You'll also contribute to building custom security tools to enhance our capabilities and support security assessments, threatmodelling, and penetration testing. You'll come with hands-on experience with AWS and Cloudflare and be comfortable working with Infrastructure as Code tools like Terraform. A strong More ❯
We are seeking a Senior Security Engineer to embed security throughout our product development lifecycle. You'll work directly with engineering teams to identify and mitigate security risks through threat modeling, secure code reviews, and integrated security tooling across our web and mobile applications. This role is critical to establishing our secure development practices, implementing industry-standard SSDLC processes … tune security scanning tools (Aquasec, Trivy, Dependabot, etc) Review cryptographic implementations against industry standards Validate authentication and authorization implementations Ensure compliance with OWASP ASVS (Application Security Verification Standard) Lead threat modeling sessions using STRIDE, PASTA, or similar frameworks Create threat models for new products and architectural changes Identify attack vectors specific to web and mobile platforms Develop abuse … cases and security test scenarios Maintain threat intelligence for fintech-specific risks Document security requirements derived from threat models Platform-Specific Security Mobile Applications: Apply OWASP MASVS and platform-specific guidelines (iOS App Transport Security, Android Network Security Config) APIs: Implement API security best practices (rate limiting, authentication, input validation) Cross-platform session management and secure data storage More ❯
security initiatives and architecting the delivery methodologies Assess security risks across client product portfolios and recommend remediation strategies while balancing business and technical requirements Advice on strategies around coding, threat modeling, and security testing for embedded systems, IoT devices while ensuring compliance with industry regulations Work alongside client R&D teams to lead on secure code reviews, threat … in security frameworks (e.g., NIST, OWASP, MITRE ATT&CK, PASTA, STRIDE) and standards such as FDA cybersecurity guidance Experience assessing security risks using industry standard methods (penetration test results, threat modeling, security testing) and determining residual risk after applying compensating security controls Experience implementing and demonstrating compliance to security frameworks such as NIST, IEC, HITRUST, HIPAA, GDPR, ISO More ❯
environment. Develop Custom Security Tooling: Contribute to the creation and maintenance of in-house tools that enhance our security capabilities and automation. Product Security Support: Assist in security assessments, threat modeling, and penetration testing, working closely with the Product Security team. Secure Development Lifecycle: Help implement and improve security gates within the SDLC. Adapt & Collaborate: Be prepared to dive … into any emerging security challenges. We're a small team with big responsibilities, and flexibility is key. Investigate and triage security alerts, manage security incidents. Gather, curate and communicate threat intelligence. Support and advise business stakeholders in relation to cyber security issues. Generate reports for both technical and non-technical staff and stakeholders. What you bring: At least More ❯
Lead the integration of security into CI/CD pipelines. Advise on secure coding and deployment practices across teams. Implement and enforce security policies, standards, and best practices. Conduct threat modeling, risk assessments, and vulnerability management. Mentor and train teams on DevSecOps principles and tools. Skills & Experience Required CI/CD Security Engineering: Proven experience designing and maintaining secure … CD pipelines. DevSecOps Tool Integration: Hands-on experience with SAST, DAST, SCA, and secrets management tools. Cross-Functional Collaboration: Ability to work closely with development, operations, and security teams. Threat Modeling & Risk Assessment: Strong knowledge of security risk management. Cloud & Container Security: Expertise in AWS, Azure, GCP, Docker, and Kubernetes. Security Governance: Experience developing and enforcing security standards. Incident More ❯
London, South East, England, United Kingdom Hybrid / WFH Options
Adecco
Lead the integration of security into CI/CD pipelines. Advise on secure coding and deployment practices across teams. Implement and enforce security policies, standards, and best practices. Conduct threat modeling, risk assessments, and vulnerability management. Mentor and train teams on DevSecOps principles and tools. Skills & Experience Required CI/CD Security Engineering: Proven experience designing and maintaining secure … CD pipelines. DevSecOps Tool Integration: Hands-on experience with SAST, DAST, SCA, and secrets management tools. Cross-Functional Collaboration: Ability to work closely with development, operations, and security teams. Threat Modeling & Risk Assessment: Strong knowledge of security risk management. Cloud & Container Security: Expertise in AWS, Azure, GCP, Docker, and Kubernetes. Security Governance: Experience developing and enforcing security standards. Incident More ❯
link Copy link Bachelor's degree or equivalent practical experience. 5 years of experience in cybersecurity, with an offensive security (e.g., Red Teaming, Penetration Testing, or Adversary Simulation) or threat modeling. Experience in a Security Operations Centre (SOC) or similar environment, with modern threat landscapes and attack techniques. Experience in technical troubleshooting and writing code in one or … more programming languages. Experience in threat modeling methodologies (e.g., STRIDE, PASTA, or attack trees) and secure system design principles. Eligibility to obtain UK Developed Vetting (DV) security clearance; British Citizenship is required for this role. Preferred qualifications: Certifications in OSCE3, CRTP/CRTE, GIAC GCSA/Kubernetes-related, OSCP, OSCE, CRTO, CISSP, or GIAC (e.g., GPEN, GCTI, GWAPT). … Experience designing or executing Purple Team exercises, combining offensive tactics with defensive feedback to drive continuous improvement. Experience with Kubernetes security, including secure cluster configuration, workload hardening, and threat detection in containerised environments. Experience in building or maturing security culture initiatives, including awareness programs, gamified training, or executive engagement. Experience with security testing tools and frameworks (e.g., MITRE ATT More ❯
Design and implement security tools, frameworks, and methodologies to protect against security threats Work closely with development teams to ensure secure coding practices are integrated throughout the SDLC Perform threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies Track, analyze, and manage vulnerabilities in applications, providing guidance for remediation efforts Support incident response by … threats, vulnerabilities, and technologies to enhance our security posture Your background looks something like: Extensive experience in application security, cybersecurity, or related fields Strong understanding of secure coding practices, threat modeling, risk assessments, and incident response Proficiency in programming languages such as TypeScript, Python, or similar Experience with security tools, security protocols, encryption methods, and application security frameworks Experience More ❯
s most advanced, and largest, intelligence company! Reversing Emulation and Testing (RET) is a core function of Insikt Group's Technical Analysis (TA) Team. We seek a principal technical threat researcher with deep subject-matter expertise across malware analysis, reverse engineering, and malicious tooling. This role requires the ability to lead high-impact research and drive innovation in analytical … designing and implementing internal tools and workflows that increase our team's efficiency. You will be expected to develop and formalize novel approaches to dynamic analysis, configuration extraction, and threat behavior modeling. This position entails representing Insikt Group's technical threat research in customer briefings, webinars, and industry engagements. You will communicate complex technical findings to diverse audiences … ranging from internal stakeholders and threat analysts to customers and external partners, supporting both technical enablement and strategic advisory efforts. Additional responsibilities include authoring and reviewing high-visibility technical assessments, mentoring senior researchers, informing detection engineering across host- and network-based systems, identifying trends in offensive security tooling and tactics, and generating original research leads that inform Insikt Group More ❯
world. What you'll be doing (ie. job duties): Identify gaps in our security infrastructure and drive cross-function efforts to address them. Perform security assessments, framework development, and threat modeling of assets, including various blockchain protocols, smart contracts, and other distributed ledger tech. Partner with software engineering teams to advise on code and architecture for internal smart contract … and related topics. What we look for in you (ie. job requirements): Strong understanding of blockchains (particularly EVM chains) and highly "crypto forward". Extensive experience in architecture and threat modeling of security-critical backend crypto systems. Familiar with the threat model of a crypto custodian, including common vulnerabilities and pitfalls for systems that custody cryptocurrency. Familiar with More ❯
Here's what you'll be doing: When you join Simply Business, you'll protect us from threat actors who attempt to evade our cyber defenses. This is a hands-on technical position where you'll play an important role in increasing the maturity of our Security Operations Centre (SOC). Additionally, you'll need a strong drive and … for complex security incidents within the SOC team. Oversee incident response activities and ensure timely communication with stakeholders. Facilitate tabletop exercises and training for analysts, including malware reverse engineering, threat intelligence, and log analysis. Lead and mentor SOC analysts, fostering a high-performing team. Improve SOC services, including security monitoring, incident detection, analysis, and response. Establish and document processes … and communicating with diverse stakeholders, including executives. Experienced with security tools such as SIEM, IDS/IPS, EDR, and vulnerability management. Familiar with working in cloud environments. Exposure to threat modeling. (You don't need to match all the bullet points to be considered for this role.) Ready to join us and help elevate our security practices? Apply today. More ❯
into day-to-day workflows across engineering teams. Own the vulnerability management lifecycle: from discovery and triage to remediation tracking and coordinated disclosure. Build Secure Products by Design Conduct threat models, security architecture reviews and risk assessments for new features and core platform components. Develop secure design patterns and reusable guidance for engineers. Drive Security Strategy & Standards Define and … balance a pragmatic, risk-informed mindset with a strong understanding of security principles and engineering realities. Must-Have Experience Proven experience in application and product security, including secure design, threat modeling and secure coding practices. Strong knowledge of security issues in modern software stacks, such as Java, distributed systems, microservices, containers, etc. Experience integrating security tools into development pipelines More ❯
world. What you'll be doing (ie. job duties): Identify gaps in our security infrastructure and drive cross-function efforts to address them. Perform security assessments, framework development, and threat modeling of assets, including various blockchain protocols, smart contracts, and other distributed ledger tech. Partner with software engineering teams to advise on code and architecture for internal smart contract … and related topics. What we look for in you (ie. job requirements): Strong understanding of blockchains (particularly EVM chains) and highly "crypto forward". Extensive experience in architecture and threat modeling of security-critical backend crypto systems. Familiar with the threat model of a crypto custodian, including common vulnerabilities and pitfalls for systems that custody cryptocurrency. Familiar with More ❯
and domain expert within the organization and be able to communicate security risk and concepts to both technical and non-technical audiences. Lead initiatives with Engineering teams to optimize threat models and mitigate risks. Encourage a positive security culture across the Engineering organization. Relentlessly champion for security outcomes on behalf of our customers. Work with other engineering leaders to … embed security into day-to-day development processes. Help proactively assess security risk through product deep dives, threat modeling, and design, architecture and implementation reviews Review and improve existing security processes related to product assessments, pen testing, and bug bounty findings. Develop product security controls and supervising strategies to grow our threat detection capabilities. Seek opportunities for security … tooling and automation WHAT YOU'LL BRING: 5+ years of proven experience securing enterprise applications and infrastructure, preferably in the Crypto and FinTech space. Experience with the application of threat modeling and other risk identification techniques. Strong understanding of the OWASP top 10, including details of common vulnerabilities and emerging threats. Experience with authentication and authorization standards, including OAuth More ❯
technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions. Key job responsibilities - Creating, updating, and maintaining threat models for a wide variety of software projects. - Manual and Automated Secure Code Review, primarily in Java, Python and Javascript. - Development of security automation tools. - Adversarial security analysis using … our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve. BASIC QUALIFICATIONS - Experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security - Experience applying threat modeling or other risk identification techniques or equivalent - Experience with More ❯
individual contributor on the product security team at Databricks, managing SDLC functions for features and products within Databricks. This would include, but is not limited to, security design reviews, threat models, manual code reviews, exploit writing and exploit chain creation. You will also support IR and VRP programs when there is a vulnerability report or a product security incident. … locations in the US and EMEA. The impact you will have: Full SDLC Support for new product features being developed in ENG and non-ENG teams. This would include Threat Modeling, Design Review, Manual Code Review, Exploit writing, etc. Work with other security teams to provide support for Incident Response and Vulnerability Response as and when needed. Work with … implement security processes to improve the overall productivity of the product security organization and the SDLC process in general What we look for: 5-10 years Experience with the Threat Modeling process and ability to find design problems based on a block diagram of data flow. Solid understanding on at least two of the following domains - Web Security, Cloud More ❯
on secure-by-design and deep product partnership. We build strong relationships with other teams and help them build secure software. This includes reviewing early-stage designs, helping develop threat models. The Role Our products support some of the most important and impactful work in the world, including defense, intelligence, and commercial applications. We are trusted by our customers … InfoSec organization to harden our products against our dedicated adversaries. • Architecture and design . You will be the security subject matter expert for product architects and engineers. You will threat model, assess risks, and help implement security controls and mitigations to address identified issues. You will directly steer the design of our products to ensure we are secure-by … security engineer are the underpinnings of our team. Core Responsibilities Perform deep architecture and security reviews on highly complex products to identify vulnerabilities Lead engineering teams in feature design, threat modeling, and security-critical code and architecture Develop and implement automation to eliminate entire classes of weaknesses across the organization Drive decision-making by determining the tradeoffs between security More ❯
SDLC) that enables development teams to deliver high-quality applications quickly while implementing essential controls for software integrity, authenticity, and third-party library management. Risk Assessments: Conduct risk assessments, threat modeling, and architecture reviews alongside development teams, producing artifacts to drive the implementation of effective security controls. Standards Development: Own the creation and maintenance of tailored security standards and … mitigation strategies. Key Requirements: 5+ years of experience in application security, with at least 3+ years in software development. Strong understanding of application security concepts, including secure coding practices, threat modeling, vulnerability management, and access control mechanisms. Experience with AWS, Kubernetes, Service Mesh, and API Security (including authentication and authorization). Familiarity with Agile methodologies like SCRUM, along with More ❯
SDLC) that enables development teams to deliver high-quality applications quickly while implementing essential controls for software integrity, authenticity, and third-party library management. Risk Assessments: Conduct risk assessments, threat modeling, and architecture reviews alongside development teams, producing artifacts to drive the implementation of effective security controls. Standards Development: Own the creation and maintenance of tailored security standards and … strategies. Key Requirements: Essential: 5+ years of experience in application security, with at least 3+ years in software development. Strong understanding of application security concepts, including secure coding practices, threat modeling, vulnerability management, and access control mechanisms. Experience with AWS, Kubernetes, Service Mesh, and API Security (including authentication and authorization). Proficiency in programming languages such as Python, Java More ❯
engagements. Collaborate with AEs and strategic partners to shape deals , deliver joint presentations and support co-sell activity. Translate customer challenges into real platform value - covering GRC, risk, and threat perspectives. Run tailored demos (and supporting content) that show how CyberHQ quantifies risk, simulates threat paths, and automates compliance. Collaborate with AEs to build compelling business cases and … role in cybersecurity, risk, or GRC. Familiarity with frameworks like ISO 27001, NIST CSF, HIPAA, SOC 2, FedRAMP, CMMC, GDPR, etc. Working knowledge of risk quantification methods (e.g., FAIR), threat modeling (e.g., using MITRE), or simulation tools. Able to build trust with CISOs, security architects, and GRC leads. Confident presenting complex concepts clearly - both live and in writing. Comfortable More ❯
and discipline around cloud computing is critical, as is a high level of ownership and accountability. Key job responsibilities Your work will include: Application security reviews Secure architecture design Threat modeling Projects and research work as needed Security training and outreach to internal development teams Security guidance documentation Security metrics delivery and improvements Assistance with recruiting activities About the … similar object oriented language Extensive hands on experience in application security or similar role PREFERRED QUALIFICATIONS Experience with AWS products and services Experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security Experience with programming languages such as Python, Java, C++ Amazon is an equal opportunities More ❯
and support in certification journey; Support our sales with your technical expertise; You will work on gap assessments or risk assessments based on IEC62443, IT/OT site assessments, Threat Modeling, NIS compliance checks and Security Maturity Assessments . All these services are designed to support our customers to identify risks and improve their security resilience, no matter their … networks and industrial devices like PLCs, DCS, Safety systems, and SCADA; Experience with industrial communication protocols , like Modbus, IEC104, and vendor-specific protocols; Experience with conducting risk assessments and threat modelings ; Strong ability to communicate technical concepts and assessment results verbally and in written reports in simple terms; Knowledge of IEC 62443, MITRE ATT&CK for ICS, NIST CSF More ❯
ensure our services, applications, and websites are designed and implemented with the highest security standards. Responsibilities include web application, network, and operational penetration testing, automating repetitive tasks, and creating threat mitigation plans. You will work directly with internal teams to solve challenging software problems. You should be able to produce results amidst ambiguity and limited knowledge, foster constructive dialogue … Contribute to the design, implementation, and execution of security review and testing methodologies for critical production services, ensuring risks are remediated in collaboration with service teams. Perform design reviews, threat modeling, security reviews, penetration testing, and red teaming on production systems. Scope and conduct penetration testing and vulnerability research on complex proprietary software and hardware. Collaborate with Amazon Security More ❯
