1 to 25 of 211 Threat Modelling Jobs in the UK

Application Security Engineer to embed secure development practices across its software delivery lifecycle. This role is critical in reducing application-layer risks, implementing secure coding standards, and ensuring that threat modelling and architecture reviews are consistently applied across all development efforts. You will work closely with engineering, and platform teams to integrate security into CI/CD pipelines … pipelines and development workflows. Implement and manage SAST, DAST, and SCA tools to detect vulnerabilities early in the lifecycle Conduct secure code reviews and support developers in remediating findings. Threat Modelling & Architecture Review Lead threat modelling sessions using standard methodologies to identify design flaws Review application architectures to ensure alignment with security objectives and mitigation of … common threats. Maintain and update reference architectures based on threat modelling insights. Tooling & Automation Deploy and manage application security tools and integrate them with existing platforms. Automate security tasks using scripting (e.g., Python, PowerShell) or SOAR platforms. Governance & Compliance Ensure alignment with ISO 27001, FCA, and NIST standards. Contribute to audit readiness and support compliance automation platforms such More ❯

Architect to lead the design and implementation of enterprise-wide security architecture across a complex, regulated technology estate. This is a strategic, hands-on role focused on network security, threat modelling, and secure infrastructure design (not cyber operations). You'll work closely with senior stakeholders, infrastructure teams, and external auditors to ensure robust security across digital and … Pension, ~£3,500 Car Allowance Start Date : ASAP (Interviewing Now) ?? Key Responsibilities Security Architecture : Develop and maintain security frameworks, models, and standards aligned with business goals and regulatory requirements. Threat Modelling : Conduct threat assessments for new applications and infrastructure, translating risks into actionable controls. Network Security : Design secure network architectures, segmentation strategies, and firewall configurations. Governance & Compliance … a trusted advisor to senior leaders, translating technical risks into business insights. ?? What You'll Bring Essential: 5+ years in IT solution development (architecture, infrastructure, cloud) Proven experience with threat modelling and security architecture Strong knowledge of NIS, NCSC CAF, and ISO27001 Experience working with external audit and certification bodies Familiarity with Agile, DevOps, and other SDLC methodologies More ❯

Architect to lead the design and implementation of enterprise-wide security architecture across a complex, regulated technology estate. This is a strategic, hands-on role focused on network security, threat modelling, and secure infrastructure design (not cyber operations). You'll work closely with senior stakeholders, infrastructure teams, and external auditors to ensure robust security across digital and … Pension, ~£3,500 Car Allowance Start Date : ASAP (Interviewing Now) Key Responsibilities Security Architecture : Develop and maintain security frameworks, models, and standards aligned with business goals and regulatory requirements. Threat Modelling : Conduct threat assessments for new applications and infrastructure, translating risks into actionable controls. Network Security : Design secure network architectures, segmentation strategies, and Firewall configurations. Governance & Compliance … a trusted advisor to senior leaders, translating technical risks into business insights. What You'll Bring Essential: 5+ years in IT solution development (architecture, infrastructure, cloud) Proven experience with threat modelling and security architecture Strong knowledge of NIS, NCSC CAF, and ISO27001 Experience working with external audit and certification bodies Familiarity with Agile, DevOps, and other SDLC methodologies More ❯

us embed secure-by-design thinking across the BBC. You'll work hands-on with engineering teams, applying InfoSec-led policies and architecture in delivery contexts. You'll support threat modelling, promote secure coding practices, and help scale Secure SDLC across the organisation - without reinventing governance or duplicating policy. It's a high-trust role with real impact … InfoSec on shared tooling, templates and enablement. Help teams adopt secure coding standards and integrate automated security checks (SAST, DAST, dependency scanning) into CI/CD pipelines. Participate in threat modelling using InfoSec-led methodologies and coordinate validation and review workflows. Review technical designs, proposals and code for alignment with security policies, architecture patterns and assurance requirements. Act … credibly - whether explaining risk trade-offs to a squad or feeding technical insight into an assurance board. It's a bonus if you've also: Facilitated or contributed to threat modelling sessions using frameworks like STRIDE or DFDs. Reviewed designs and code with a security lens and an eye for policy alignment. Navigated delivery in regulated, public service More ❯

strategy across infrastructure, applications, and data. Lead hands-on development of security roadmaps, maturity models, and control frameworks tailored to Fuse's risk profile. Directly contribute to architecture reviews, threat modelling sessions, and key design decisions across product and platform teams. Build and mentor a high-performing security team, including hiring, coaching, and managing performance. Develop KPIs and … data protection, access control, and insider risk. Ensure compliance with SOC 2, ISO 27001, GDPR, and other relevant frameworks. Oversee security audits and third-party risk programs. Risk Management & Threat Intelligence Lead threat modelling, risk assessments, and security reviews of critical systems; design and deliver security awareness training programs for all employees to promote a culture of … proactive risk management. Build threat intelligence capabilities to stay ahead of emerging risks. Balance risk management with product and engineering velocity. Incident Response & Resilience Own response plans for high-severity threats and incidents. Build robust detection, containment, and remediation processes. Drive business continuity and disaster recovery strategy. Technology & Infrastructure Security Partner with engineering to embed security in the SDLC More ❯

architectural guidance for cryptographic key management, signing workflows, and secure APIs. Evaluate and enhance security of components related to digital asset management, identity systems, or transaction flows. Risk Management & Threat Modelling Conduct comprehensive threat modelling and risk assessments, especially around distributed or high-value transaction systems. Define controls for securing sensitive operations such as wallet integrations … off-chain/on-chain data flows, and internal tooling. Develop and manage internal threat intelligence processes to proactively identify and mitigate emerging risks. Security Operations & Incident Response Lead response to advanced threats and incidents, including analysis, containment, and remediation. Build and optimise detection mechanisms and playbooks for novel attack vectors, including abuse prevention and fraud detection. Governance, Compliance More ❯

part of our culture and success. How will you contribute? Secure SDLC Support : Assist in integrating security practices into the software development lifecycle, including design reviews and backlog grooming. Threat Modelling : Participate in structured threat modelling exercises with guidance from senior team members. Vulnerability Triage : Work with engineering teams to review findings from SAST, SCA, DAST … Experience working in SaaS, multi-tenant cloud environments. Knowledge of machine learning security (AI/ML model risks, LLM security best practices). Familiarity with attack surface management and threat intelligence. Relevant certifications (e.g., Security+, SSCP, GSEC) are a plus but not required. What do we offer? We value our people and offer a competitive salary along with company More ❯

Working with the development team in embedding security in the SDLC Provide assistance in risk management activities Support security-related incidents Support our log monitoring operations Take part in threat modelling sessions Support the teams in risk analysis of technical vulnerabilities Support our Security Champions Assist in the execution of Threat Hunts, pentests and Threat Modelling … AWS Certified Security Familiarity with TCP/IP, DNS, firewalls, VPNs, and VLANs. Basic experience with SIEMs and security logs Understanding of vulnerability management practices Understanding of penetration testing, Threat Hunting, Red Teaming methodologies Familiarity with application security and OWASP Top Ten Scripting languages Experience with capture-the-flags Familiarity with audit principles and different information security compliance standards More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current: Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing: Perform ad-hoc security assessments and provide expert More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current : Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing : Perform ad-hoc security assessments and provide expert More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current : Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing : Perform ad-hoc security assessments and provide expert More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current : Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing : Perform ad-hoc security assessments and provide expert More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current : Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing : Perform ad-hoc security assessments and provide expert More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current : Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing : Perform ad-hoc security assessments and provide expert More ❯

awareness: Contribute to the development and delivery of security awareness training for internal staff. Stay current : Keep abreast of the latest security threats, vulnerabilities, exploits, and industry best practices. Threat modelling: Participate in threat modelling exercises to identify potential attack vectors and design flaws. Ad-hoc security testing : Perform ad-hoc security assessments and provide expert More ❯

development of products and services during the SDLC Provide guidance and support during development and rollout of new product features by understanding their requirements and model/evaluate likely threat vectors Provide security expertise and guidance to the Development Teams Promote a security-focused culture as part of the SDLC, educating DevOps teams in security best practices Conduct/… Lead threat modelling and security design activities alongside Dev/Engineering Teams Work with 3rd parties to support vulnerability and penetration testing Process reports from external penetration testing vendors and coordinate feedback with teams to ensure actions are followed to mitigate identified risks Skills: Software engineering background is a must with knowledge of Application Security Frameworks e.g. OWASP … SAMM/DSOMM etc Hands-on knowledge of information security processes such as security design review, threat modelling, OWASP Top 10, risk analysis, and software testing techniques Strong understanding of application security awareness, including the security of web applications Experience with risk management activities - identifying, assessing and providing remediation options for application and technology risks Knowledge of Agile More ❯

expertise to help security and engineering teams across the enterprise embed security into the product development lifecycles. This role is the key advisor on AppSec standards, secure development practices, threat modelling, and security tooling (e.g. SAST, DAST, SCA, IaC scanning, container security, etc.), ensuring consistency and maturity in how applications are built and maintained. By aligning teams with … e.g. vulnerability MTTR, scan coverage, risk acceptance trends) and report findings to leadership and the Global Cyber Council. Coordinate secure architecture reviews for critical application initiatives and provide consultative threat modelling support to large cross brand projects. Continuous Improvement & Innovation: Know the latest on emerging application security technologies, industry best practices, and threat trends. Evaluate new tools More ❯

Role overview: As a Security Consultant, specialising in Threat and Risk Assessments, you will lead enterprise customers through security landscape intelligence reviews and improvements. You will utilise your technical expertise to provide advice and recommendations to address customer IT Security challenges and business issues. Main tasks and responsibilities: This role will work across the full project lifecycle of design … build, test, operate and improve. Your core focus areas within Threat and Risk Assessment Consultancy are: Threat Modelling Threat Simulation Risk Assessments Risk Mitigation Cyber Security Maturity Assessments Breach Simulation and Assessment Cyber Resilience Pre-requisites: Demonstrable Track record within a Consultancy role. A history of Threat & Risk activities Further info: Competitive Basic, Bonus and More ❯

Actively contribute to the adoption of secure by design practices, with technical delivery teams for both existing systems and new systems, e.g. use of internal or external guidance, leading Threat Modelling activity. Nurture the use of secure technical practices to deliver technical excellence. Support experimentation and innovation in solving problems Supervise third parties in their deliveries related to … Functional knowledge and experience 7+ years of increasing responsibility in technical engineering or information security roles, security architecture preferred. Experience of enterprise architecture frameworks and their application Experience in threat modelling/design pattern development Proven Experience in designing and applying security controls into distributed systems (on premises and cloud) Thorough understanding of the latest security principles, techniques More ❯

engineering principles in the context of safety-critical systems and regulated environments. Demonstrated experience leading the development of cybersecurity assurance artefacts for certification programmes. Practical understanding of airworthiness risk modelling, threat identification, attack surface reduction, and aircraft-level threat scenarios. Ability to produce certification-ready documentation aligned to EASA/UK CAA guidance, including traceability to compliance … objectives. Strong communication and interpersonal skills, with the ability to translate complex cybersecurity concepts for engineering, safety, and programme stakeholders. Knowledge of aerospace cybersecurity policy, risk management, and threat intelligence as applied to aircraft development environments. Collaborative and detail-oriented, able to work across international teams and regulatory boundaries. Desired skills Experience supporting cybersecurity assurance within other EASA/… responding to regulatory audits, design reviews, and certification authority engagements. Understanding aircraft production and supply chain security, including configuration management, supplier assurance, and design data integrity. Exposure to digital threat modelling techniques tailored to aerospace domains (MITRE ATT&CK for ICS/Aerospace, STRIDE-LM). Ability to contribute to internal capability development, methodology refinement, and knowledge transfer More ❯

engineering principles in the context of safety-critical systems and regulated environments. Demonstrated experience leading the development of cybersecurity assurance artefacts for certification programmes. Practical understanding of airworthiness risk modelling, threat identification, attack surface reduction, and aircraft-level threat scenarios. Ability to produce certification-ready documentation aligned to EASA/UK CAA guidance, including traceability to compliance … objectives. Strong communication and interpersonal skills, with the ability to translate complex cybersecurity concepts for engineering, safety, and programme stakeholders. Knowledge of aerospace cybersecurity policy, risk management, and threat intelligence as applied to aircraft development environments. Experience Experience in cybersecurity, with at least 5 years focused on aerospace, defence, or regulated engineering environments. Proven track record of delivering security … responding to regulatory audits, design reviews, and certification authority engagements. Understanding aircraft production and supply chain security, including configuration management, supplier assurance, and design data integrity. Exposure to digital threat modelling techniques tailored to aerospace domains (MITRE ATT&CK for ICS/Aerospace, STRIDE-LM). Ability to contribute to internal capability development, methodology refinement, and knowledge transfer More ❯

engineering principles in the context of safety-critical systems and regulated environments. Demonstrated experience leading the development of cybersecurity assurance artefacts for certification programmes. Practical understanding of airworthiness risk modelling, threat identification, attack surface reduction, and aircraft-level threat scenarios. Ability to produce certification-ready documentation aligned to EASA/UK CAA guidance, including traceability to compliance … objectives. Strong communication and interpersonal skills, with the ability to translate complex cybersecurity concepts for engineering, safety, and programme stakeholders. Knowledge of aerospace cybersecurity policy, risk management, and threat intelligence as applied to aircraft development environments. Experience Experience in cybersecurity, with at least 5 years focused on aerospace, defence, or regulated engineering environments. Proven track record of delivering security … responding to regulatory audits, design reviews, and certification authority engagements. Understanding aircraft production and supply chain security, including configuration management, supplier assurance, and design data integrity. Exposure to digital threat modelling techniques tailored to aerospace domains (MITRE ATT&CK for ICS/Aerospace, STRIDE-LM). Ability to contribute to internal capability development, methodology refinement, and knowledge transfer More ❯

engineering principles in the context of safety-critical systems and regulated environments. Demonstrated experience leading the development of cybersecurity assurance artefacts for certification programmes. Practical understanding of airworthiness risk modelling, threat identification, attack surface reduction, and aircraft-level threat scenarios. Ability to produce certification-ready documentation aligned to EASA/UK CAA guidance, including traceability to compliance … objectives. Strong communication and interpersonal skills, with the ability to translate complex cybersecurity concepts for engineering, safety, and programme stakeholders. Knowledge of aerospace cybersecurity policy, risk management, and threat intelligence as applied to aircraft development environments. Experience Experience in cybersecurity, with at least 5 years focused on aerospace, defence, or regulated engineering environments. Proven track record of delivering security … responding to regulatory audits, design reviews, and certification authority engagements. Understanding aircraft production and supply chain security, including configuration management, supplier assurance, and design data integrity. Exposure to digital threat modelling techniques tailored to aerospace domains (MITRE ATT&CK for ICS/Aerospace, STRIDE-LM). Ability to contribute to internal capability development, methodology refinement, and knowledge transfer More ❯

Drive the integration of security into every stage of the Software Development Lifecycle (SDLC). Design, implement, and manage security controls to ensure secure product design, development, and deployment. Threat Analysis and Mitigation : Collaborate with cross-functional teams to perform threat modelling, identify security risks, and implement effective countermeasures. Proactively assess the security posture of applications through … vulnerability scanning solutions. Strong grasp of secure coding practices and proficiency in integrating security into the Software Development Lifecycle (SDLC). Technical Knowledge and Implementation experience: Direct experience with threat modelling, security reviews, and penetration testing. Proven ability to secure cloud-native architectures, containerization technologies, and Infrastructure as Code (IaC) environments. Familiarity with industry standards and frameworks such More ❯

We are seeking a highly motivated and skilled Insider Threat Investigations Lead to join a newly formed Insider Threat Team. This role focuses on identifying, preventing, and responding to risks posed by individuals with authorized access to organisational assets, including employees, contractors, and third-party vendors. The position requires collaboration with cross-functional teams to mitigate risks of … This role suits someone with strong investigative skills, an analytical mindset, the ability to interpret and act on data, and the capability to execute initiatives that strengthen the insider threat programme. Key Responsibilities Support the delivery of the insider threat programme, including developing tools, standards, and procedures to detect, prevent, and respond to insider threats. Utilise advanced detection … tools, behavioural analytics, and security monitoring systems. Drive continuous improvement by applying lessons learned, industry best practices, and emerging threat intelligence. Partner with stakeholders to identify and mitigate potential insider risks across systems, networks, and processes. Lead investigations into suspected insider threat incidents, ensuring they are thorough, timely, and compliant with legal and regulatory standards. Produce reports on More ❯