176 to 200 of 202 Threat Modelling Jobs in the UK

vulnerabilities ) in web applications, mobile, and IoT devices. Help ensure the proper implementation of authentication and authorization mechanisms, encryption fundamentals, and secure communication protocols like TLS/SSL. Support threat modeling exercises (e.g., using STRIDE or DREAD methodologies) to identify potential security risks in system designs. Operational Product Security Support: Gain hands-on experience with common security tools and … secure communication protocols like TLS/SSL. Security Tool Familiarity: Familiarity with common security tools and technologies such as static analysis tools, dynamic scanning tools, and security testing frameworks. Threat Modeling: Basic understanding of threat modeling methodologies (such as STRIDE or DREAD) and interest in participating in threat modeling exercises. Research & Documentation: Strong ability to conduct thorough More ❯

security assessments against digital services using manual methods and tools such as Burp Suite, Metasploit, Nikto, Nessus, and ZAP. Security testing and remediating issues in APIs and infrastructure. Conducting threat modeling to identify threats and define tangible security controls and mitigations. Supporting skills and knowledge transfer of contracted work and technical expertise. What You'll Bring to the Team … and the Tools you'll need: You'll bring a comprehensive background inAppSec Engineering/DevSecOps with experience across testing, threat modeling, application development and possess a solid understanding of cyber attack methodologies. Security engineering, cloud security, and posture management in CI/CD environments Network technologies, cloud providers (AWS/Azure), Windows and UNIX operating systems Cyber-attack … methodologies and deep security assessments Application security and full software development lifecycle Security testing for APIs and infrastructure Threat modeling and mitigation Skills and knowledge transfer Hands-on experience in the above essential skills SC clearance required Burp Suite, Metasploit, Nikto, Nessus, ZAP, GitHub, Python (or similar), Splunk What's in it for You? You'll enjoy: Competitive Salary More ❯

our flagship products cyber resilient? We are looking for a Security Engineer to join our Information Security team at our Oxford headquarters. You will be working across software engineering, modelling, and data science bringing your full self, including your security knowledge and expertise to the business. As a Security Engineer at Aurora Energy Research, you will enable our colleagues … reduction outcomes. Build secure products. Ensure security is considered throughout the product and software development life cycle. Provide security best practice, build security design patterns, complete security architecture reviews, threat models and risk assessments. Help solve engineering problems by implementing technical controls to mitigate risk. Ensure we are deploying solutions into a secure environment . Ensure we build solutions More ❯

Hybrid 50% home/office based Closing date: 20th August 2025 This role will assure the response to a cybersecurity event or incident, taking the lead to contain the threat to the Royal London business and support the remediation activities to stabilise service. The role will coordinate activities between Defence, Threat Intelligence, SOC, and Engineering, and be the … incidents, improvements, and features to senior management Provide training and mentoring to team members About you Minimum of 2 years in an incident response or forensic role Understanding of threat analysis and threat modeling Experience with endpoints/EDR in an MDR environment Experience managing complex cybersecurity or service incidents Ability to identify patterns, anomalies, issues across multiple More ❯

Lead the integration of security into CI/CD pipelines. Advise on secure coding and deployment practices across teams. Implement and enforce security policies, standards, and best practices. Conduct threat modeling, risk assessments, and vulnerability management. Mentor and train teams on DevSecOps principles and tools. Skills & Experience Required CI/CD Security Engineering: Proven experience designing and maintaining secure … CD pipelines. DevSecOps Tool Integration: Hands-on experience with SAST, DAST, SCA, and secrets management tools. Cross-Functional Collaboration: Ability to work closely with development, operations, and security teams. Threat Modeling & Risk Assessment: Strong knowledge of security risk management. Cloud & Container Security: Expertise in AWS, Azure, GCP, Docker, and Kubernetes. Security Governance: Experience developing and enforcing security standards. Incident More ❯

Lead the integration of security into CI/CD pipelines. Advise on secure coding and deployment practices across teams. Implement and enforce security policies, standards, and best practices. Conduct threat modeling, risk assessments, and vulnerability management. Mentor and train teams on DevSecOps principles and tools. Skills & Experience Required CI/CD Security Engineering: Proven experience designing and maintaining secure … CD pipelines. DevSecOps Tool Integration: Hands-on experience with SAST, DAST, SCA, and secrets management tools. Cross-Functional Collaboration: Ability to work closely with development, operations, and security teams. Threat Modeling & Risk Assessment: Strong knowledge of security risk management. Cloud & Container Security: Expertise in AWS, Azure, GCP, Docker, and Kubernetes. Security Governance: Experience developing and enforcing security standards. Incident More ❯

post-sales position blends blockchain security, client consulting, sales support, and technical integration. You will collaborate directly with leading Web3 teams to understand their security challenges, develop real-time threat detection strategies, and ensure smooth implementation of Hexagate's solutions. This role demands technical problem-solving skills, strong blockchain security knowledge, client-facing abilities, and a proactive approach to … blockchain entities Lead technical onboarding and solution deployment, including custom monitor rules, API integrations, and alerting workflows Assist with integrations into customer pipelines and tools Provide ongoing advisory on threat models, detection coverage, and evolving security best practices Stay ahead of blockchain threats, advising customers on new attack vectors and security best practices Act as the voice of the More ❯

link Copy link Bachelor's degree or equivalent practical experience. 5 years of experience in cybersecurity, with an offensive security (e.g., Red Teaming, Penetration Testing, or Adversary Simulation) or threat modeling. Experience in a Security Operations Centre (SOC) or similar environment, with modern threat landscapes and attack techniques. Experience in technical troubleshooting and writing code in one or … more programming languages. Experience in threat modeling methodologies (e.g., STRIDE, PASTA, or attack trees) and secure system design principles. Eligibility to obtain UK Developed Vetting (DV) security clearance; British Citizenship is required for this role. Preferred qualifications: Certifications in OSCE3, CRTP/CRTE, GIAC GCSA/Kubernetes-related, OSCP, OSCE, CRTO, CISSP, or GIAC (e.g., GPEN, GCTI, GWAPT). … Experience designing or executing Purple Team exercises, combining offensive tactics with defensive feedback to drive continuous improvement. Experience with Kubernetes security, including secure cluster configuration, workload hardening, and threat detection in containerised environments. Experience in building or maturing security culture initiatives, including awareness programs, gamified training, or executive engagement. Experience with security testing tools and frameworks (e.g., MITRE ATT More ❯

and controls. Your work will directly impact our global user base Focusing on Automation. Developing automated, scalable security solutions. Efficiency is key Administering HashiCorp Vault for secrets management Performing threat modeling and analysis to identify and mitigate security risks Managing PKI, TLS, and GPG infrastructure Applying cryptography and security design principles to cloud environments Documenting playbooks, procedures, and architecture … of working with consumer products, web apps, and mobile apps Proficiency in understanding authentication, authorization, and cryptography, with familiarity around modern security standards and best practices. Proficiency in data modelling of roles, permissions, and capabilities Experience with OAuth 2.0 nuances, best practices, and shortcomings Experience securely running and operating web applications, web services, and service-oriented architecture in production More ❯

Product Security Evaluation Perform architecture and implementation reviews of embedded, cloud-based, or mission-critical systems. Analyze and validate secure boot flows, cryptographic controls, and firmware integrity mechanisms. Conduct threat modeling and traceability analysis against defense-aligned frameworks (e.g., NIST SP 800-53, NIST RMF, Common Criteria, NATO NIAG, ISO 15408). Evaluate usage of post-quantum and hybrid … security engagements with clear milestones, deliverables, and resourcing plans. Maintain ongoing communication with client technical leads and internal engineering teams. Ensure deliverables meet both compliance obligations and real-world threat resilience expectations. Minimum Qualifications MSc or BSc in Computer Science, Electrical/Software Engineering, Cybersecurity, or a related technical discipline. 5+ years of hands-on experience in cybersecurity for … architecture and common system design patterns (e.g., API gateways, microservices, message queues, service meshes). Hands-on experience performing design-level security reviews and verifying implementation alignment with defined threat models. Familiarity with defense-specific cybersecurity requirements (e.g., DFARS/NIST 800-171, CMMC, MIL-STD-882, STANAGs). Understanding of tactical system constraints and secure integration challenges in More ❯

Design and implement security tools, frameworks, and methodologies to protect against security threats Work closely with development teams to ensure secure coding practices are integrated throughout the SDLC Perform threat modeling and risk assessments to proactively identify potential risks and develop mitigation strategies Track, analyze, and manage vulnerabilities in applications, providing guidance for remediation efforts Support incident response by … threats, vulnerabilities, and technologies to enhance our security posture Your background looks something like: Extensive experience in application security, cybersecurity, or related fields Strong understanding of secure coding practices, threat modeling, risk assessments, and incident response Proficiency in programming languages such as TypeScript, Python, or similar Experience with security tools, security protocols, encryption methods, and application security frameworks Experience More ❯

s most advanced, and largest, intelligence company! Reversing Emulation and Testing (RET) is a core function of Insikt Group's Technical Analysis (TA) Team. We seek a principal technical threat researcher with deep subject-matter expertise across malware analysis, reverse engineering, and malicious tooling. This role requires the ability to lead high-impact research and drive innovation in analytical … designing and implementing internal tools and workflows that increase our team's efficiency. You will be expected to develop and formalize novel approaches to dynamic analysis, configuration extraction, and threat behavior modeling. This position entails representing Insikt Group's technical threat research in customer briefings, webinars, and industry engagements. You will communicate complex technical findings to diverse audiences … ranging from internal stakeholders and threat analysts to customers and external partners, supporting both technical enablement and strategic advisory efforts. Additional responsibilities include authoring and reviewing high-visibility technical assessments, mentoring senior researchers, informing detection engineering across host- and network-based systems, identifying trends in offensive security tooling and tactics, and generating original research leads that inform Insikt Group More ❯

world. What you'll be doing (ie. job duties): Identify gaps in our security infrastructure and drive cross-function efforts to address them. Perform security assessments, framework development, and threat modeling of assets, including various blockchain protocols, smart contracts, and other distributed ledger tech. Partner with software engineering teams to advise on code and architecture for internal smart contract … and related topics. What we look for in you (ie. job requirements): Strong understanding of blockchains (particularly EVM chains) and highly "crypto forward". Extensive experience in architecture and threat modeling of security-critical backend crypto systems. Familiar with the threat model of a crypto custodian, including common vulnerabilities and pitfalls for systems that custody cryptocurrency. Familiar with More ❯

Here's what you'll be doing: When you join Simply Business, you'll protect us from threat actors who attempt to evade our cyber defenses. This is a hands-on technical position where you'll play an important role in increasing the maturity of our Security Operations Centre (SOC). Additionally, you'll need a strong drive and … for complex security incidents within the SOC team. Oversee incident response activities and ensure timely communication with stakeholders. Facilitate tabletop exercises and training for analysts, including malware reverse engineering, threat intelligence, and log analysis. Lead and mentor SOC analysts, fostering a high-performing team. Improve SOC services, including security monitoring, incident detection, analysis, and response. Establish and document processes … and communicating with diverse stakeholders, including executives. Experienced with security tools such as SIEM, IDS/IPS, EDR, and vulnerability management. Familiar with working in cloud environments. Exposure to threat modeling. (You don't need to match all the bullet points to be considered for this role.) Ready to join us and help elevate our security practices? Apply today. More ❯

into day-to-day workflows across engineering teams. Own the vulnerability management lifecycle: from discovery and triage to remediation tracking and coordinated disclosure. Build Secure Products by Design Conduct threat models, security architecture reviews and risk assessments for new features and core platform components. Develop secure design patterns and reusable guidance for engineers. Drive Security Strategy & Standards Define and … balance a pragmatic, risk-informed mindset with a strong understanding of security principles and engineering realities. Must-Have Experience Proven experience in application and product security, including secure design, threat modeling and secure coding practices. Strong knowledge of security issues in modern software stacks, such as Java, distributed systems, microservices, containers, etc. Experience integrating security tools into development pipelines More ❯

world. What you'll be doing (ie. job duties): Identify gaps in our security infrastructure and drive cross-function efforts to address them. Perform security assessments, framework development, and threat modeling of assets, including various blockchain protocols, smart contracts, and other distributed ledger tech. Partner with software engineering teams to advise on code and architecture for internal smart contract … and related topics. What we look for in you (ie. job requirements): Strong understanding of blockchains (particularly EVM chains) and highly "crypto forward". Extensive experience in architecture and threat modeling of security-critical backend crypto systems. Familiar with the threat model of a crypto custodian, including common vulnerabilities and pitfalls for systems that custody cryptocurrency. Familiar with More ❯

and domain expert within the organization and be able to communicate security risk and concepts to both technical and non-technical audiences. Lead initiatives with Engineering teams to optimize threat models and mitigate risks. Encourage a positive security culture across the Engineering organization. Relentlessly champion for security outcomes on behalf of our customers. Work with other engineering leaders to … embed security into day-to-day development processes. Help proactively assess security risk through product deep dives, threat modeling, and design, architecture and implementation reviews Review and improve existing security processes related to product assessments, pen testing, and bug bounty findings. Develop product security controls and supervising strategies to grow our threat detection capabilities. Seek opportunities for security … tooling and automation WHAT YOU'LL BRING: 5+ years of proven experience securing enterprise applications and infrastructure, preferably in the Crypto and FinTech space. Experience with the application of threat modeling and other risk identification techniques. Strong understanding of the OWASP top 10, including details of common vulnerabilities and emerging threats. Experience with authentication and authorization standards, including OAuth More ❯

technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions. Key job responsibilities - Creating, updating, and maintaining threat models for a wide variety of software projects. - Manual and Automated Secure Code Review, primarily in Java, Python and Javascript. - Development of security automation tools. - Adversarial security analysis using … our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve. BASIC QUALIFICATIONS - Experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security - Experience applying threat modeling or other risk identification techniques or equivalent - Experience with More ❯

individual contributor on the product security team at Databricks, managing SDLC functions for features and products within Databricks. This would include, but is not limited to, security design reviews, threat models, manual code reviews, exploit writing and exploit chain creation. You will also support IR and VRP programs when there is a vulnerability report or a product security incident. … locations in the US and EMEA. The impact you will have: Full SDLC Support for new product features being developed in ENG and non-ENG teams. This would include Threat Modeling, Design Review, Manual Code Review, Exploit writing, etc. Work with other security teams to provide support for Incident Response and Vulnerability Response as and when needed. Work with … implement security processes to improve the overall productivity of the product security organization and the SDLC process in general What we look for: 5-10 years Experience with the Threat Modeling process and ability to find design problems based on a block diagram of data flow. Solid understanding on at least two of the following domains - Web Security, Cloud More ❯

role requires deep expertise in SIEM platforms, including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling. You will be instrumental in building and optimizing our detection and response strategies. Job Duties SIEM Engineering & Management Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel, Defender … Chronicle). Onboard and normalize log sources across cloud and on-prem environments. Develop and optimize analytical rules for threat detection, anomaly detection, and behavioural analysis. Skills Must be able to obtain SC Clearance or already hold SC clearance. SIEM Expertise: Hands-on experience with at least two of the following: Splunk IBM QRadar Microsoft Defender for Endpoint Microsoft More ❯

on secure-by-design and deep product partnership. We build strong relationships with other teams and help them build secure software. This includes reviewing early-stage designs, helping develop threat models. The Role Our products support some of the most important and impactful work in the world, including defense, intelligence, and commercial applications. We are trusted by our customers … InfoSec organization to harden our products against our dedicated adversaries. • Architecture and design . You will be the security subject matter expert for product architects and engineers. You will threat model, assess risks, and help implement security controls and mitigations to address identified issues. You will directly steer the design of our products to ensure we are secure-by … security engineer are the underpinnings of our team. Core Responsibilities Perform deep architecture and security reviews on highly complex products to identify vulnerabilities Lead engineering teams in feature design, threat modeling, and security-critical code and architecture Develop and implement automation to eliminate entire classes of weaknesses across the organization Drive decision-making by determining the tradeoffs between security More ❯

SDLC) that enables development teams to deliver high-quality applications quickly while implementing essential controls for software integrity, authenticity, and third-party library management. Risk Assessments: Conduct risk assessments, threat modeling, and architecture reviews alongside development teams, producing artifacts to drive the implementation of effective security controls. Standards Development: Own the creation and maintenance of tailored security standards and … mitigation strategies. Key Requirements: 5+ years of experience in application security, with at least 3+ years in software development. Strong understanding of application security concepts, including secure coding practices, threat modeling, vulnerability management, and access control mechanisms. Experience with AWS, Kubernetes, Service Mesh, and API Security (including authentication and authorization). Familiarity with Agile methodologies like SCRUM, along with More ❯

SDLC) that enables development teams to deliver high-quality applications quickly while implementing essential controls for software integrity, authenticity, and third-party library management. Risk Assessments: Conduct risk assessments, threat modeling, and architecture reviews alongside development teams, producing artifacts to drive the implementation of effective security controls. Standards Development: Own the creation and maintenance of tailored security standards and … strategies. Key Requirements: Essential: 5+ years of experience in application security, with at least 3+ years in software development. Strong understanding of application security concepts, including secure coding practices, threat modeling, vulnerability management, and access control mechanisms. Experience with AWS, Kubernetes, Service Mesh, and API Security (including authentication and authorization). Proficiency in programming languages such as Python, Java More ❯

engagements. Collaborate with AEs and strategic partners to shape deals , deliver joint presentations and support co-sell activity. Translate customer challenges into real platform value - covering GRC, risk, and threat perspectives. Run tailored demos (and supporting content) that show how CyberHQ quantifies risk, simulates threat paths, and automates compliance. Collaborate with AEs to build compelling business cases and … role in cybersecurity, risk, or GRC. Familiarity with frameworks like ISO 27001, NIST CSF, HIPAA, SOC 2, FedRAMP, CMMC, GDPR, etc. Working knowledge of risk quantification methods (e.g., FAIR), threat modeling (e.g., using MITRE), or simulation tools. Able to build trust with CISOs, security architects, and GRC leads. Confident presenting complex concepts clearly - both live and in writing. Comfortable More ❯

and discipline around cloud computing is critical, as is a high level of ownership and accountability. Key job responsibilities Your work will include: Application security reviews Secure architecture design Threat modeling Projects and research work as needed Security training and outreach to internal development teams Security guidance documentation Security metrics delivery and improvements Assistance with recruiting activities About the … similar object oriented language Extensive hands on experience in application security or similar role PREFERRED QUALIFICATIONS Experience with AWS products and services Experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security Experience with programming languages such as Python, Java, C++ Amazon is an equal opportunities More ❯