1 to 25 of 74 Threat Modelling Jobs in the UK

Architect) to support public sector digital and technology programmes by embedding security early in project lifecycles. The role focuses on defining security requirements, conducting threat modelling, and advising delivery teams on proportionate, technically sound security controls. You will work closely with technical design and delivery teams, operating independently … prem, and application environments. Key Responsibilities Draft and define security requirements aligned to the Cyber Assessment Framework (CAF) Facilitate and participate in group threat-modelling sessions with technical delivery teams Produce clear threat statements as outputs of threat-modelling activities Undertake independent research to: Identify ...

resilient to evolving cyber and information threats. Key Responsibilities Identify, interpret, and integrate security requirements throughout the product and system development lifecycle . Lead threat modelling and risk assessments , applying recognised frameworks such as ISO/IEC 27001, NIST 800-30/53, and ISO 31000. … configure industry-standard threat-modelling tools (e.g., STRIDE-based tools, attack-tree tooling). Provide expert advice on secure architectures, ensuring risks are understood, prioritised, and mitigated. Ensure compliance with MOD and HMG standards, including JSPs, Def Stan 05-138/05-139 , and ISN 23/ ...

early. You'll work closely with Software Development teams to ensure application-based vulnerabilities are understood, prioritised, and remediated effectively. You'll contribute to threat modelling, penetration testing, secure design reviews, and the continuous improvement of security testing methodologies. The role also plays a key part in enhancing … SECURITY SPECIALIST ESSENTIAL SKILLS: * Hands-on experience with static and dynamic application security testing tools * Strong understanding of OWASP principles and their use within threat modelling * Experience conducting and reporting on web application penetration testing * Knowledge of software development practices and common programming languages * Working knowledge ...

primary security partner for product and engineering teams - ensuring applications are designed, built and maintained with robust security at their core. You will lead threat modelling, manage vulnerability backlogs, support incident response, and help uplift security maturity across development squads. Key Responsibilities Define and implement product security policies … tooling and standards across the SDLC Lead threat modelling for new and existing applications Own the product vulnerability backlog, prioritising and tracking remediation Liaise on bug bounty findings and ensure timely fixes Conduct root cause analysis for security incidents and systemic issues Act as Incident Commander or Investigation ...

privileged access Design secure network architectures covering encryption, key management, and secure connectivity Embed application security principles , including secure APIs, data protection, and threat modelling Ensure systems are designed for security resilience , availability, and risk mitigation Collaborate with engineering, platform, and delivery teams to embed security across … Deep knowledge of IAM , authentication, authorisation, and privileged access management Strong background in network security , encryption, and key management Experience with application security , including threat modelling and secure data flows Ability to design systems with security resilience built in Active SC Clearance Nice-to-Have Skills Hands ...

cloud infrastructures. Contribute to blogs and research within the business community. Experience Required The successful candidate will possess proven experience in cybersecurity, security architecture, threat modelling, or related fields within Public Sector and MOD and will have achieved or be working towards Full Membership of CIISEC … NPSA and NCSC security policies, standards and guidance. Have experience building and implementing secure by design principals within the software development lifecycle (SDLC). Threat Modelling - Kill Chain - Attack tree analysis. Working understanding of: Cloud security including Azure, Amazon Web Service, Key Management Systems, Containerisation, Network Security Groups ...

teams, and strengthening enterprise security posture-particularly across Microsoft 365, Azure, data platforms, and AI-enabled solutions. You will play a key role in threat modelling, risk assessments, guardrail design & implementation, and delivering practical security guidance for engineering, data, and application/product teams. Rationale/deliverables: Contribute … enhanced productivity systems Support the roll-out of the new AI information security control framework Support the Data governance team Key Responsibilities Perform threat modelling (STRIDE), guardrail definition, and security posture assessments across applications, data platforms, APIs, cloud services, and SaaS ecosystems. Identify security control gaps , especially around ...

teams, and strengthening enterprise security posture-particularly across Microsoft 365, Azure, data platforms, and AI-enabled solutions. You will play a key role in threat modelling, risk assessments, guardrail design & implementation, and delivering practical security guidance for engineering, data, and application/product teams. Rationale/deliverables: Contribute … enhanced productivity systems Support the roll-out of the new AI information security control framework Support the Data governance team Key Responsibilities Perform threat modelling (STRIDE), guardrail definition, and security posture assessments across applications, data platforms, APIs, cloud services, and SaaS ecosystems. Identify security control gaps , especially around ...

. Youll dissect designs, model attack paths, and show engineering teams what good really looks like. Depending on the engagement, you might run a threat model, assess CI/CD pipelines, learn a vendor DSL for a PoC, or build internal tooling. We dont expect you to know everything … just to be curious, practical, and willing to dive in. What Youll Do Threat Modelling & Architecture Reviews: Break down AWS services, map trust boundaries, build attack trees, and define security requirements before code ships. Security Automation: Build IaC-driven checks, Lambda/Step Function tooling, CI/ ...

dissect designs, model attack paths, and show engineering teams what “good” really looks like. Depending on the engagement, you might run a threat model, assess CI/CD pipelines, learn a vendor DSL for a PoC, or build internal tooling. They don’t expect you to know everything — just … curious, practical, and willing to dive in. What You’ll Do Threat Modelling & Architecture Reviews: Break down AWS services, map trust boundaries, build attack trees, and define security requirements before code ships. Security Automation: Build IaC-driven checks, Lambda/Step Function tooling, CI/CD gates ...

delivery without owning build or operations. Key Responsibilities Attend regular project and design meetings to understand requirements and delivery milestones. Perform initial and iterative threat modelling for new features, integrations, and architectural changes. Advise on secure architecture design, including IAM, network segmentation, encryption, and data protection. Recommend … being consistently applied. Essential Experience Proven experience as a Security Architect or senior cyber security consultant in digital delivery environments. Strong Secure by Design, threat modelling, and risk-based security expertise. Experience advising product teams in agile, cloud-based delivery contexts. Confident engaging with architects, developers, and delivery ...

testing frameworks The AI Security Engineer is responsible for securing AI platforms and systems against adversarial threats. The role focuses on technical security controls, threat modelling, red teaming, and continuous monitoring of AI systems. Focus of the role Design and implement security controls for AI and LLM systems … Perform AI-specific threat modelling and risk analysis Lead red team and blue team testing of AI platforms Conduct prompt injection and adversarial testing Knowledge & Experience Strong background in security engineering and cloud security Hands-on experience with AI red teaming and adversarial testing Familiarity with AI security ...

cryptography) Solid understanding of IAM concepts (RBAC, ABAC, PAM, SSO) Strong analytical skills with the ability to interpret complex technical information Good understanding of threat modelling and threat intelligence methodologies (OWASP, STRIDE, MITRE) For more details, please reach out to . Reasonable Adjustments: Respect and equality ...

IaaS, PaaS, SaaS, CASB, Zero Trust and micro-segmentation. Demonstrate a strong understanding of IAM including RBAC, ABAC, PAM, provisioning, compliance and SSO. Apply threat-modelling approaches including OWASP, PASTA, STRIDE, MITRE ATT&CK, threat intelligence and threat hunting. Desirable Experience Design and assure secure network … architectures and enterprise security solutions. Designing or assuring SOC operations, including monitoring and response. Overseeing penetration testing, vulnerability assessments and remediation lifecycle. Integrating threat intelligence into operations and strategic planning. Essential QualificationsCertified Information Security Manager (CISM)Certified Information Systems Security Professional (CISSP)Security ClearanceSecurity Check (SC) Clearance is required. ...

client audit requests as they relate to AI use at the firm. Perform detailed security analysis of application architectures to provide assurance. Understand threat modelling and participate in major incidents responses with IAM and AI components. Review and approve the IAM components of solution designs. Collaborate with cloud ...

align our efforts to the NIST framework and other recognised certifications including ISO27001 and SOC2 and strive to keep pace with the continually evolving threat landscape, in support of A&O Shearmans strategy to lead where global complexity creates opportunity. In addition, you will have the opportunity to share … adherence to the change management process when implementing IAM relevant changes to architecture. Perform detailed analysis of application architectures to provide IAM assurance. Understand threat modelling and participate in major incidents responses with IAM components. Review and approve the IAM components of solution designs. Collaborate with cloud infrastructure ...

world national security impact, while enjoying hybrid working and strong professional development opportunities. Skills Secure architecture design and secure-by-design principles Risk assessment, threat modelling, and vulnerability management Security frameworks: ISO 27001, NIST 800-30/53, OWASP Cloud security architecture (AWS, Azure, GCP) Incident response, penetration ...

privileged access Experience with network security, encryption, key management, and secure connectivity Knowledge of application security principles, including secure APIs, data protection, and threat modelling Experience designing for security resilience. Desirable Skills: Hands-on experience with cloud security services and tooling (e.g. AWS Security Hub, Azure Defender, Sentinel ...

cloud deployments (private/public). Design and scope IT Health Checks and interpret outcomes. Identify and mitigate security risks in solution architectures. Conduct threat modelling and risk analysis. Design proportional security controls using native cloud technologies. Produce security architecture artefacts including standards and blueprints. What ...

cloud deployments (private/public). Design and scope IT Health Checks and interpret outcomes. Identify and mitigate security risks in solution architectures. Conduct threat modelling and risk analysis. Design proportional security controls using native cloud technologies. Produce security architecture artefacts including standards and blueprints. What ...

World Class Defence Organisation based in Stevenage, Hertfordshire is currently looking to recruit 8x SOC Threat Detection Analyst subcontractors on an initial 6 month contract. This role can start on an SC Security Clearance basis, however DV Clearance will be required down the line. This role would suit someone … from a Cyber Security Analyst, SOC Analyst or Threat Detection Analyst background. Hourly Rate: £45ph - £85 per hour. There are 8 positions being recruited across the mid-senior level. Overtime rate of time and a quarter. Contract Duration: 6 Months initially and long-term thereafter. Shift pattern ...

Design Familiarity with: JSP440, JSP604/453, JSP490 Supplier Chain Assurance GDPR, PCI DSS, ICO ISO 27001, NIST CSF, CIS Controls v8 Skills in: Threat modelling (kill chain, attack trees, etc.) Cloud security (AWS, Azure), containerisation, firewalls Secure SDLC HLD/LLD review ITHC scoping and remediation Certifications ...

principles, standards and patterns Design and assure security controls for new and existing systems, platforms and integrations Conduct security architecture reviews, risk assessments and threat modelling Provide pragmatic guidance to engineering teams, architects and third-party suppliers Ensure alignment between security architecture, enterprise architecture and technology roadmaps Support ...

delivering high-quality cyber risk assessments and assurance in complex digital environments, preferably in government or critical infrastructure. Strong knowledge of cyber risk management, threat modelling, security architecture, and IT Health Checks, including experience with SaaS and cloud security. Skilled at applying cyber security standards, regulatory frameworks ...

industries Ability to produce high-quality architectural documentation Confidence engaging with senior stakeholders and regulatory bodies Familiarity with NIST, SANS, ITU frameworks Experience in threat modelling, risk assessment, and audit engagement Technical areas you'll influence: Application security & secure SDLC Network/app segmentation & micro-segmentation Zone-based … architectures and secure legacy migration WAAP, NGFW, NIDS/NIPS, DDoS protection API gateways, reverse proxies, AuthN/AuthZ Architecture modelling tools (BizzDesign, Archi, UML) Working across hybrid legacy and modern networking landscapes Preferred qualifications: Degrees in Cybersecurity, Computer Science, Software Engineering, or related fields Architecture certifications such ...