technical audiences alike. Interpersonally, successful candidates will effectively harmonize disparate opinions while effectively prioritizing risks to guide their partners towards secure solutions. Key job responsibilities - Creating, updating, and maintaining threat models for a wide variety of software projects. - Manual and Automated Secure Code Review, primarily in Java, Python and Javascript. - Development of security automation tools. - Adversarial security analysis using … our working culture. When we feel supported in the workplace and at home, there's nothing we can't achieve. BASIC QUALIFICATIONS - Experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security - Experience applying threat modeling or other risk identification techniques or equivalent - Experience with More ❯
individual contributor on the product security team at Databricks, managing SDLC functions for features and products within Databricks. This would include, but is not limited to, security design reviews, threat models, manual code reviews, exploit writing and exploit chain creation. You will also support IR and VRP programs when there is a vulnerability report or a product security incident. … locations in the US and EMEA. The impact you will have: Full SDLC Support for new product features being developed in ENG and non-ENG teams. This would include Threat Modeling, Design Review, Manual Code Review, Exploit writing, etc. Work with other security teams to provide support for Incident Response and Vulnerability Response as and when needed. Work with … implement security processes to improve the overall productivity of the product security organization and the SDLC process in general What we look for: 5-10 years Experience with the Threat Modeling process and ability to find design problems based on a block diagram of data flow. Solid understanding on at least two of the following domains - Web Security, Cloud More ❯
Birmingham, West Midlands, West Midlands (County), United Kingdom
ARM
role requires deep expertise in SIEM platforms, including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling. You will be instrumental in building and optimizing our detection and response strategies. Job Duties SIEM Engineering & Management Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel, Defender … Chronicle). Onboard and normalize log sources across cloud and on-prem environments. Develop and optimize analytical rules for threat detection, anomaly detection, and behavioural analysis. Skills Must be able to obtain SC Clearance or already hold SC clearance. SIEM Expertise: Hands-on experience with at least two of the following: Splunk IBM QRadar Microsoft Defender for Endpoint Microsoft More ❯
on secure-by-design and deep product partnership. We build strong relationships with other teams and help them build secure software. This includes reviewing early-stage designs, helping develop threat models. The Role Our products support some of the most important and impactful work in the world, including defense, intelligence, and commercial applications. We are trusted by our customers … InfoSec organization to harden our products against our dedicated adversaries. • Architecture and design . You will be the security subject matter expert for product architects and engineers. You will threat model, assess risks, and help implement security controls and mitigations to address identified issues. You will directly steer the design of our products to ensure we are secure-by … security engineer are the underpinnings of our team. Core Responsibilities Perform deep architecture and security reviews on highly complex products to identify vulnerabilities Lead engineering teams in feature design, threat modeling, and security-critical code and architecture Develop and implement automation to eliminate entire classes of weaknesses across the organization Drive decision-making by determining the tradeoffs between security More ❯
SDLC) that enables development teams to deliver high-quality applications quickly while implementing essential controls for software integrity, authenticity, and third-party library management. Risk Assessments: Conduct risk assessments, threat modeling, and architecture reviews alongside development teams, producing artifacts to drive the implementation of effective security controls. Standards Development: Own the creation and maintenance of tailored security standards and … mitigation strategies. Key Requirements: 5+ years of experience in application security, with at least 3+ years in software development. Strong understanding of application security concepts, including secure coding practices, threat modeling, vulnerability management, and access control mechanisms. Experience with AWS, Kubernetes, Service Mesh, and API Security (including authentication and authorization). Familiarity with Agile methodologies like SCRUM, along with More ❯
SDLC) that enables development teams to deliver high-quality applications quickly while implementing essential controls for software integrity, authenticity, and third-party library management. Risk Assessments: Conduct risk assessments, threat modeling, and architecture reviews alongside development teams, producing artifacts to drive the implementation of effective security controls. Standards Development: Own the creation and maintenance of tailored security standards and … strategies. Key Requirements: Essential: 5+ years of experience in application security, with at least 3+ years in software development. Strong understanding of application security concepts, including secure coding practices, threat modeling, vulnerability management, and access control mechanisms. Experience with AWS, Kubernetes, Service Mesh, and API Security (including authentication and authorization). Proficiency in programming languages such as Python, Java More ❯
engagements. Collaborate with AEs and strategic partners to shape deals , deliver joint presentations and support co-sell activity. Translate customer challenges into real platform value - covering GRC, risk, and threat perspectives. Run tailored demos (and supporting content) that show how CyberHQ quantifies risk, simulates threat paths, and automates compliance. Collaborate with AEs to build compelling business cases and … role in cybersecurity, risk, or GRC. Familiarity with frameworks like ISO 27001, NIST CSF, HIPAA, SOC 2, FedRAMP, CMMC, GDPR, etc. Working knowledge of risk quantification methods (e.g., FAIR), threat modeling (e.g., using MITRE), or simulation tools. Able to build trust with CISOs, security architects, and GRC leads. Confident presenting complex concepts clearly - both live and in writing. Comfortable More ❯
and discipline around cloud computing is critical, as is a high level of ownership and accountability. Key job responsibilities Your work will include: Application security reviews Secure architecture design Threat modeling Projects and research work as needed Security training and outreach to internal development teams Security guidance documentation Security metrics delivery and improvements Assistance with recruiting activities About the … similar object oriented language Extensive hands on experience in application security or similar role PREFERRED QUALIFICATIONS Experience with AWS products and services Experience with any combination of the following: threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration and network security Experience with programming languages such as Python, Java, C++ Amazon is an equal opportunities More ❯
and support in certification journey; Support our sales with your technical expertise; You will work on gap assessments or risk assessments based on IEC62443, IT/OT site assessments, Threat Modeling, NIS compliance checks and Security Maturity Assessments . All these services are designed to support our customers to identify risks and improve their security resilience, no matter their … networks and industrial devices like PLCs, DCS, Safety systems, and SCADA; Experience with industrial communication protocols , like Modbus, IEC104, and vendor-specific protocols; Experience with conducting risk assessments and threat modelings ; Strong ability to communicate technical concepts and assessment results verbally and in written reports in simple terms; Knowledge of IEC 62443, MITRE ATT&CK for ICS, NIST CSF More ❯
ensure our services, applications, and websites are designed and implemented with the highest security standards. Responsibilities include web application, network, and operational penetration testing, automating repetitive tasks, and creating threat mitigation plans. You will work directly with internal teams to solve challenging software problems. You should be able to produce results amidst ambiguity and limited knowledge, foster constructive dialogue … Contribute to the design, implementation, and execution of security review and testing methodologies for critical production services, ensuring risks are remediated in collaboration with service teams. Perform design reviews, threat modeling, security reviews, penetration testing, and red teaming on production systems. Scope and conduct penetration testing and vulnerability research on complex proprietary software and hardware. Collaborate with Amazon Security More ❯
