26 to 50 of 311 Threat Modelling Jobs in the UK

data pipelines. * Participate in enterprise-wide architecture initiatives for AI/ML. Understand the workflow and pipeline architectures of ML and deep learning workloads. * Conduct security risk assessments and threat modelling for AI/ML and other business projects performed thorough design reviews and security assessments of architectures and designs, identifying vulnerabilities, threats, and risks, and providing recommendations … common security vulnerabilities and threats specific to AI/ML, including adversarial attacks, prompt injection, data poisoning and the MITRE ATLAS framework. * Hands on experience using security assessment and threat modelling tools and techniques to evaluate AI/ML systems and identify potential security weaknesses. * Familiarity with current and emerging regulations and standards, such as the EU AI More ❯

pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development teams. Security certifications such as CISSP, OSCP, GWAPT, CEH or CSSLP More ❯

pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development teams. Security certifications such as CISSP, OSCP, GWAPT, CEH or CSSLP More ❯

pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development teams. Security certifications such as CISSP, OSCP, GWAPT, CEH or CSSLP More ❯

pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development teams. Security certifications such as CISSP, OSCP, GWAPT, CEH or CSSLP More ❯

should have at least 3 years of experience in system, network or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ) Experience with designing and administering identity management (authentication and authorisation including policy enforcement More ❯

should have at least 3 years of experience in system, network or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ), Experience with designing and administering identity management (authentication and authorisation including policy enforcement More ❯

architectures for cloud-native apps across AWS, Azure, or GCP Integrate security into CI/CD pipelines and IaC tools Apply advanced container security and runtime protection strategies Lead threat modeling, risk assessment, and identity governance in the cloud Develop reusable security patterns aligned with CIS, NIST, ISO 27001 standards Successful Candidate Will Need: Hands-on CNAPP experience (CSPM More ❯

and proactive risk reduction initiatives Advocate for secure development practices - from CI/CD pipelines to containerised workloads - ensuring that friction is addressed with empathy and practical value Apply threat modelling frameworks to uncover vulnerabilities and recommend architecture-level mitigation strategies Work directly with developers and infrastructure teams to align real-world engineering goals with enterprise security objectives … systems within cloud-native environments (AWS or Azure) Comfortable developing IaC (Terraform or similar), automating security controls, and contributing to secure infrastructure practices Strong understanding of modern security principles, threat actor behaviour, and risk frameworks (NIST preferred) Skilled in collaborating with developers to find practical, low-friction ways to implement secure patterns Confident communicator across technical and non-technical … teams, with the ability to influence architecture-level decisions Deep familiarity with secure development tooling, infrastructure design, and threat modelling practices Background in highly regulated environments such as financial services, insurance, or pensions (Preferred) Degree in a related field and/or certifications such as CISSP, CISM, or equivalent (Preferred) Experience contributing to architectural governance, documentation, and change More ❯

and proactive risk reduction initiatives Advocate for secure development practices - from CI/CD pipelines to containerised workloads - ensuring that friction is addressed with empathy and practical value Apply threat modelling frameworks to uncover vulnerabilities and recommend architecture-level mitigation strategies Work directly with developers and infrastructure teams to align real-world engineering goals with enterprise security objectives … systems within cloud-native environments (AWS or Azure) Comfortable developing IaC (Terraform or similar), automating security controls, and contributing to secure infrastructure practices Strong understanding of modern security principles, threat actor behaviour, and risk frameworks (NIST preferred) Skilled in collaborating with developers to find practical, low-friction ways to implement secure patterns Confident communicator across technical and non-technical … teams, with the ability to influence architecture-level decisions Deep familiarity with secure development tooling, infrastructure design, and threat modelling practices Background in highly regulated environments such as financial services, insurance, or pensions (Preferred) Degree in a related field and/or certifications such as CISSP, CISM, or equivalent (Preferred) Experience contributing to architectural governance, documentation, and change More ❯

adjacent fields (e.g. Data, DevOps, Cloud) on the fundamentals and best practices of cyber security. Be part of updating training content to reflect current cyber industry trends, tools and threat landscapes. Work closely with the curriculum team to improve and tailor course content and delivery methods. Some weeks will require travel into the London HQ for in-person sessions … security engineering, consulting, or operations Ability to teach and explain key cyber domains, and at least one of the below: Network and infrastructure security Security operations and incident response Threat intelligence and threat modelling Governance, risk & compliance (GRC) Cloud security Penetration testing and vulnerability management Excellent communication & presentation skills. Desirable: Certifications such as CISSP, CISM, CEH, CPENT More ❯

adjacent fields (e.g. Data, DevOps, Cloud) on the fundamentals and best practices of cyber security. Be part of updating training content to reflect current cyber industry trends, tools and threat landscapes. Work closely with the curriculum team to improve and tailor course content and delivery methods. Some weeks will require travel into the London HQ for in-person sessions … security engineering, consulting, or operations Ability to teach and explain key cyber domains, and at least one of the below: Network and infrastructure security Security operations and incident response Threat intelligence and threat modelling Governance, risk & compliance (GRC) Cloud security Penetration testing and vulnerability management Excellent communication & presentation skills. Desirable: Certifications such as CISSP, CISM, CEH, CPENT More ❯

adjacent fields (e.g. Data, DevOps, Cloud) on the fundamentals and best practices of cyber security. Be part of updating training content to reflect current cyber industry trends, tools and threat landscapes. Work closely with the curriculum team to improve and tailor course content and delivery methods. Some weeks will require travel into the London HQ for in-person sessions … security engineering, consulting, or operations Ability to teach and explain key cyber domains, and at least one of the below: Network and infrastructure security Security operations and incident response Threat intelligence and threat modelling Governance, risk & compliance (GRC) Cloud security Penetration testing and vulnerability management Excellent communication & presentation skills. Desirable: Certifications such as CISSP, CISM, CEH, CPENT More ❯

technology capabilities into business products and services, with a focus on ensuring the security of gas operations Define and document security architecture blueprints for new systems and applications, including threat modelling and risk assessments Establish security standards, best practices, and design patterns to support cloud, physical and operational technologies Collaborate with development teams to integrate security controls into … application design Lead security architecture reviews and provide expert technical guidance on complex security challenges Keep up-to date with the latest security threat assessment frameworks such as OWASP, MITRE ATT&CK Assess security posture against industry regulations and compliance requirements Identify and mitigate security risks associated with new technologies and initiatives Perform security assessments to identify vulnerabilities Communicate More ❯

this is inside I35. Key Responsibilities: Lead security design and architecture across applications and projects. Ensure alignment of security solutions with business needs and regulatory standards. Conduct risk assessments, threat modelling, and vulnerability testing. Communicate risks and mitigation strategies to senior stakeholders. Work with DevOps teams on secure development pipelines. What We’re Looking For: 5+ years’ experience More ❯

this is inside I35. Key Responsibilities: Lead security design and architecture across applications and projects. Ensure alignment of security solutions with business needs and regulatory standards. Conduct risk assessments, threat modelling, and vulnerability testing. Communicate risks and mitigation strategies to senior stakeholders. Work with DevOps teams on secure development pipelines. What We’re Looking For: 5+ years’ experience More ❯

is essential. Experience working with security issues in software architecture, software development, e.g. static and/or dynamic code analysis and tools, software dependency check, OWASP Top10 testing, application threat modelling. In-depth experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and delivery tools (e.g. … Secure by Design, Architecture, Software Development, Engineering, DevOps, InfoSec, Security, Security Strategy, Best Practice, Programming, Code, C++, C#, C, .NET Core, Java, JavaScript, Node.js, Angular, React, OWASP, Agile, Application Threat Modelling, Security Policy, Security Controls, ISO 27001, NIST, GDPR, Cloud, Azure. Please note that due to a high level of applications, we can only respond to applicants whose More ❯

under the CHECK scheme (e.g., as a CHECK Team Member/Leader). Knowledge of UK public sector security and data protection standards (e.g., NCSC, Cyber Essentials Plus). Threat modelling and secure design practices. Cyber Security Engineer - London (Hybrid) - £700 per day inside IR35 - 4 months+ Damia Group Limited acts as an employment agency for permanent recruitment More ❯

with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator - able to engage confidently with both engineers and More ❯

and security roadmap. Manage information security projects and initiatives across IT and business units. Collaborate with senior leadership to align security goals with business objectives. Lead risk assessments and threat modelling exercises for internal systems and third-party services. Manage the deployment and maintenance of security solutions (SIEM, firewalls, endpoint protection, DLP, etc.). Oversee the organization's More ❯

applications. Deploy and Manage Security Tooling: Select, implement, and operate key tools across GCP , such as Cloud Armor , Cloud Identity , Security Command Center , and VPC Service Controls for ongoing threat detection and response. Integrate Security in SDLC: Collaborate with product and engineering teams to integrate security into every stage of the software development lifecycle. Threat Modeling and Risk … Analysis: Perform structured threat modeling using frameworks such as STRIDE and PASTA to proactively mitigate security risks. Champion Developer Education: Promote secure development practices by educating engineers on cloud and application security fundamentals. Mentor and Lead: Act as a mentor to future hires, helping scale a high-impact cloud security function as the business grows. What you'll bring … with core cloud security components including IAM , WAFs , SIEM , CSPM , and vulnerability scanners. Technical Skills: Proficiency in at least one scripting or programming language (e.g. Python, Go, Bash). Threat Modeling: Practical knowledge of frameworks like STRIDE and PASTA. Education: Bachelor's degree in Computer Science, Information Security, or a related technical field. Collaborative Expertise: Clear and effective communication More ❯

network security, cryptography, firewalls, VPNs, and security protocols ️ Familiarity with cloud security solutions (AWS, Azure, GCP) and security technologies (IDS/IPS, SIEM, DLP) ️ Strong experience with risk management, threat modeling, and security architecture frameworks ️ Certifications such as CISSP, CISM, TOGAF, or equivalent are highly preferred More ❯

Develop and implement a comprehensive security architecture strategy tailored to the unique risks and operational needs of the semiconductor design, manufacturing and high-tech partner ecosystem. Define reference architectures, threat models, and security design patterns across hybrid, cloud-native, and on-premise environments. Mentor a technically excellent team, with a solid focus on domain-specific expertise (cloud, semiconductors, AI … with industry standards (NIST, MITRE ATT&CK) and semiconductor-specific regulatory requirements including export control and SoX compliance. Drive innovation by utilising AI and machine learning technologies to enhance threat detection, incident response, and overall cyber defense posture. Partner with senior leadership to communicate security architecture roadmaps, risk mitigation strategies, and compliance postures. Champion a culture of continuous improvement More ❯

with Legal, Data Privacy and Compliance to stay up to date on global regulations. Develop and implement security frameworks for AI models, algorithms, and datasets. Conduct risk assessments and threat modeling for AI systems to mitigate potential vulnerabilities. Design and enforce policies for secure AI development, deployment, and maintenance. Lead research and innovation in adversarial attack detection and AI … AI security . Deep understanding of machine learning, neural networks, and adversarial attacks . Proficiency in cryptographic techniques and secure AI model development . Strong experience with penetration testing, threat intelligence, and security auditing . Familiarity with frameworks such as NIST AI Risk Management and Secure AI development guidelines. Excellent problem-solving skills and ability to work in high More ❯

implement effective security solutions that not only protect our business objectives and regulatory requirements but also provide innovative solutions to stay ahead of emerging threats. Conduct risk assessments and threat modeling to identify and prioritize risks to our business and IT assets, using your extensive experience in security architecture design. Implementation within a Service Provider environment to create a More ❯