1 to 25 of 49 Remote/Hybrid Threat Modelling Jobs in the UK

play a critical role in designing, assuring, and delivering secure solutions across our client engagements. You will champion Secure by Design principles and lead threat modelling activities to ensure risks are identified and mitigated early in the lifecycle. Working closely with stakeholders, you will define security architectures, ensure … Design - Embed security into every stage of the solution lifecycle, ensuring systems are designed with security controls from the outset rather than retrofitted. Threat Modelling - Lead and facilitate threat modelling exercises (e.g. STRIDE), identifying vulnerabilities and defining mitigations early in delivery Risk Assessment - Identify, assess ...

position offering the opportunity to work with a diverse portfolio of clients, helping them strengthen their security posture and manage risk in an evolving threat landscape. You will play a key role in delivering security advisory services, conducting assessments, and supporting organisations in aligning with industry standards and best … practices. The role will also involve supporting clients with modern security challenges including threat modelling, secure-by-design practices, and emerging AI security considerations. Key Responsibilities Provide expert guidance on information security strategies, frameworks, and best practices Conduct security risk assessments, gap analyses, and audits Support clients ...

roadmap, backlog and design decisions. Work with colleagues across product, development, and networks & infrastructure to embed security across the product lifecycle. Carry out threat modelling, secure design reviews and technical risk assessments for new and existing product capabilities. Assign pragmatic risk levels and support sensible prioritisation of remediation … software-led environment. Good understanding of how product and development teams operate, including how security considerations are balanced alongside product delivery. Strong experience of threat modelling, secure design review, vulnerability assessment and remediation prioritisation. The judgement to assess exploitability and business impact pragmatically Practical experience applying security across ...

roadmap, backlog and design decisions. Work with colleagues across product, development, and networks & infrastructure to embed security across the product lifecycle. Carry out threat modelling, secure design reviews and technical risk assessments for new and existing product capabilities. Assign pragmatic risk levels and support sensible prioritisation of remediation … software-led environment. Good understanding of how product and development teams operate, including how security considerations are balanced alongside product delivery. Strong experience of threat modelling, secure design review, vulnerability assessment and remediation prioritisation. The judgement to assess exploitability and business impact pragmatically Practical experience applying security across ...

roadmap, backlog and design decisions. Work with colleagues across product, development, and networks & infrastructure to embed security across the product lifecycle. Carry out threat modelling, secure design reviews and technical risk assessments for new and existing product capabilities. Assign pragmatic risk levels and support sensible prioritisation of remediation … software-led environment. Good understanding of how product and development teams operate, including how security considerations are balanced alongside product delivery. Strong experience of threat modelling, secure design review, vulnerability assessment and remediation prioritisation. The judgement to assess exploitability and business impact pragmatically Practical experience applying security across ...

engineering teams to embed automated security testing and guardrails into development workflows. Define, implement, and maintain secure development standards, including secure coding guidelines, threat modelling practices, and minimum-security requirements for applications and APIs. Partner with engineering, platform, and product teams to embed secure-by-design principles into … development team, providing hands-on technical leadership across design, development, and operation. Perform deep-dive security activities for the team, including threat modelling, code-level reviews, and vulnerability triage/remediation support. Oversee and coordinate third-party application security reviews, ensuring consistent assessment standards and effective risk management ...

engineering teams to embed automated security testing and guardrails into development workflows. Define, implement, and maintain secure development standards, including secure coding guidelines, threat modelling practices, and minimum-security requirements for applications and APIs. Partner with engineering, platform, and product teams to embed secure-by-design principles into … development team, providing hands-on technical leadership across design, development, and operation. Perform deep-dive security activities for the team, including threat modelling, code-level reviews, and vulnerability triage/remediation support. Oversee and coordinate third-party application security reviews, ensuring consistent assessment standards and effective risk management ...

alignment with industry frameworks and government standards. You will work closely with engineering, delivery, and governance teams to define and document architectural patterns, lead threat modelling activity, and provide hands-on guidance across cloud workloads and infrastructure. Key Responsibilities Design and own end-to-end security architecture across … programme objectives. Develop and maintain architectural artefacts including HLDs, LLDs, and security design documentation in line with standards and wider government frameworks. Lead threat modelling and risk assessment activities across cloud workloads, identifying security gaps and providing actionable remediation guidance. Ensure adherence to relevant security frameworks including NCSC ...

standardise assessments across platforms. Conduct comprehensive platform security reviews (build systems, CI/CD pipelines, runtime infrastructure, developer tooling) against defined framework criteria. Perform threat modelling and gap analysis, identifying vulnerabilities and systemic risks impacting source code, artifacts, and workloads. Engineering Platform Security Enablement Establish standardised secure architecture … security controls. Strong knowledge and understanding of service mesh, cryptography, network security, application security, vulnerability management, and risk management. Demonstrable ability to conduct threat modelling, platform security assessments, and gap analysis. Experience building and implementing maturity models, frameworks, or roadmaps in complex enterprise environments. Strong stakeholder management skills ...

security testing methodologies and tooling Embed security into CI/CD pipelines and DevSecOps practices Influence secure‐by‐design engineering approaches across teams Lead threat modelling and communicate risks effectively Mentor engineers and support capability growth within the function Shape how security is implemented across modern, scalable platforms … secure development and testing practices Integrate security tooling into continuous delivery pipelines Work closely with engineering teams to ensure security is embedded early Lead threat modelling exercises across systems and architectures Support adoption of security frameworks and compliance standards Mentor and develop engineers within the security capability Stay ...

cloud infrastructures. Contribute to blogs and research within the business community. Experience Required The successful candidate will possess proven experience in cybersecurity, security architecture, threat modelling, or related fields within Public Sector and MOD and will have achieved or be working towards Full Membership of CIISEC … NPSA and NCSC security policies, standards and guidance. Have experience building and implementing secure by design principals within the software development lifecycle (SDLC). Threat Modelling - Kill Chain - Attack tree analysis. Working understanding of: Cloud security including Azure, Amazon Web Service, Key Management Systems, Containerisation, Network Security Groups ...

cloud infrastructures. Contribute to blogs and research within the Cyberfort community. Experience Required The successful candidate will possess proven experience in cybersecurity, security architecture, threat modelling, or related fields within Public Sector and MOD and will have achieved or be working towards Full Membership of CIISEC … NPSA and NCSC security policies, standards and guidance. Have experience building and implementing secure by design principals within the software development lifecycle (SDLC). Threat Modelling – Kill Chain – Attack tree analysis. Certifications: AWS/Azure Security Professional, CCSP, CISSP, CISM, CIISEC, UK Cyber Security Council registration (Chartered ...

including ISO 27001, NIST, GDPR, and PCI-DSS Communicate security risks, secure design principles, and mitigation strategies to technical and non-technical stakeholders Conduct threat modelling and support development of secure reference architectures Identify vulnerabilities within systems and articulate associated risks Research and solve complex security challenges through … Experience applying security technologies including PAM, SSO, IDAM/IAM, network security, and encryption Understanding of IT infrastructure, architecture, and solution design Experience with threat modelling and secure-by-design approaches Hands-on experience in Network and/or Cloud Security SABSA, CISSP, or similar certification Current ...

part of a bigger team, working with a group of a Senior Security Architects and Digital Engineering stakeholders to produce security architecture artifacts, threat modelling, design assurance, and reusable patterns that strengthen the programme’s security posture. Key Responsibilities: You will lead and deliver core security architecture outputs … including: Digital Engineering Security Artifacts and Engagement Report Security Requirements Specification Security Principles Framework Infrastructure Mapping Document & Security Architecture Design Pack Threat Modelling Report Reusable Security Pattern Library Knowledge Transfer Pack (training materials, handover content, recorded walkthroughs) We are looking for someone with: Extensive Security Architecture/Security ...

guardrails into CI/CD pipelines in partnership with engineering and platform teams. Defining and maintaining secure development standards, secure coding guidelines, and threat-modelling practices. Providing practical, risk-based security guidance to engineering, product, and architecture teams. Working with our Vulnerability Lead to drive identification, triage … into CI/CD pipelines (eg, GitHub, AWS DevOps). Strong understanding of Agile, DevOps, and cloud-native architectures. Practical experience with secure coding, threat modelling, and vulnerability management. Strong problem-solving skills and the ability to prioritise risk in line with business needs. ...

equivalent experience Experience applying cyber security principles across the systems or product engineering lifecycle Knowledge of cyber risk management and vulnerability management Experience with threat modelling frameworks such as MITRE ATT and CK, DEF3ND, or EMB3D Awareness of industrial control systems or operational technology environments Working knowledge … subject to required skills, your application to our client in conjunction with this vacancy only. Key Skills Product Cyber Security Specialist, Cyber Risk Management, Threat Modelling, NIST CSF, Industrial Control Systems, Secure by Design, Defence ...

IR35 Active SC Clearance Required Core Responsibilities Design and maintain secure architecture frameworks for enterprise systems across cloud, on-premises, and hybrid environments Conduct threat modelling, risk assessments, and security gap analyses across infrastructure and application layers Define and enforce security standards, reference architectures, and policy controls aligned ...

THROUGH UMBRELLA Role Description: "Core Responsibilities: Develop and maintain secure architecture frameworks for enterprise-grade systems, including cloud, on-premises, and hybrid environments Conduct threat modelling, risk assessments, and security gap analyses across infrastructure and application layers Define security standards, reference architectures, and policy controls based on industry … ensure secure software development lifecycles (SSDLC) Lead strategic initiatives in incident response planning, detection and mitigation strategies, and digital forensics Monitor advancements in threat intelligence and regulatory requirements, advising stakeholders on appropriate countermeasures Produce and maintain architectural documentation, ensuring traceability of security controls and compliance obligations Experience: Demonstrated experience ...

world national security impact, while enjoying hybrid working and strong professional development opportunities. Skills Secure architecture design and secure-by-design principles Risk assessment, threat modelling, and vulnerability management Security frameworks: ISO 27001, NIST 800-30/53, OWASP Cloud security architecture (AWS, Azure, GCP) Incident response, penetration ...

assurance across complex systems or major programmes. Ability to produce clear architecture documentation and security artefacts. Strong understanding of secure design principles, risk management, threat modelling and security controls. Knowledge of UK Government/Defence security standards, guidance and assurance processes. Experience working with senior stakeholders across security … technical and non-technical audiences. Desirable experience Army programme experience or strong MOD stakeholder exposure. Experience with Sparx Enterprise Architect, ArchiMate, NAFv4 or similar modelling approaches. Knowledge of Joint Service Publications, NCSC guidance, ISO27001, NIST, CIS or related security frameworks. Experience across IAM, PKI, secure integration, cloud security, data ...

architecture patterns, reference models, and solution blueprints. Lead security design for Base Metals OEMS platforms, ensuring alignment with performance, resilience, and regulatory requirements. Perform threat modelling, security risk assessments, and architecture reviews. Integrate security into DevOps pipelines, promoting DevSecOps best practices. Collaborate with engineering, infrastructure, and business teams ...

remediation tracking, and clear reporting aligned to regulatory expectations. Security Architecture & Change Enablement • Act as a security architect for projects and change initiatives. • Perform threat modelling where appropriate and define proportionate, practical controls across endpoints, cloud, identity, and data. Collaboration & Continuous Improvement • Partner with IT and Engineering teams ...

required. Bristol/Corsham access would be ideal. Key experience areas include: Security Architecture Secure by Design NCSC CAF/NIST/ISO27001 Threat modelling and risk assessment Cloud Security (AWS/Azure/GCP) Security assurance and accreditation activities Defence or wider Public Sector environments Strong stakeholder ...

infrastructure security through Terraform-based infrastructure as code Automating security validation and policy enforcement using cloud-native tools and policy-as-code approaches Supporting threat modelling and secure design across engineering teams Managing vulnerability remediation workflows and ensuring issues are resolved within defined risk and compliance timelines Implementing … including IAM, networking and container security Experience integrating security controls into CI/CD pipelines (e.g. GitHub Actions) Practical exposure to vulnerability management and threat remediation processes Experience collaborating with SOC, cyber defence or enterprise security teams Understanding of modern application architectures and cloud-native systems Ability to adapt ...

change control procedures Experience designing or reviewing secure software supply chain and CI/CD security . Ability to interpret CVEs, CVSS scores, and threat intelligence feeds. Strong stakeholder engagement and communication skills with an ability to produce technical reports and articulate risk to non-specialists. Excellent written … technical security reports for assurance cycles Support compliance audit evidence packs (GovAssure/CAF, CE+, ISO 27001) Develop or update security standard documents (e.g. threat modelling, vulnerability mgmt) Support cyber input for IT, research or OT programmes Work with IT teams to co-author and test secure configuration ...