76 to 100 of 302 Threat Modelling Jobs in the UK

first security operations function. This is a high-impact, hands-on leadership role with end-to-end responsibility for managing the Security Operations Centre (SOC), incident detection and response, threat intelligence, and cloud-native security engineering-with a strong focus on Google Cloud Platform (GCP). Operating in a highly regulated, Real Time financial services environment, this role requires … deep technical knowledge, operational maturity, and experience applying security best practices across a fast-moving cloud infrastructure. What You'll Do SOC Leadership & Threat Detection Lead and mentor a team of SOC analysts and engineers, ensuring high-quality coverage across all GCP workloads. Establish and maintain 24/7 detection and response capabilities, fine-tuning alerting rules and monitoring … strategies. Deploy and maintain detection rules using Chronicle SIEM, YARA, Sigma, and GCP-native logging tools. Define and maintain runbooks, incident playbooks, and escalation procedures. Incident Response & Threat Intelligence Own the full life cycle of security incidents from detection to remediation and post-incident review. Perform advanced threat hunting and root cause analysis across cloud workloads, Kubernetes clusters More ❯

first security operations function. This is a high-impact, hands-on leadership role with end-to-end responsibility for managing the Security Operations Centre (SOC), incident detection and response, threat intelligence, and cloud-native security engineering-with a strong focus on Google Cloud Platform (GCP). Operating in a highly regulated, Real Time financial services environment, this role requires … deep technical knowledge, operational maturity, and experience applying security best practices across a fast-moving cloud infrastructure. What You'll Do SOC Leadership & Threat Detection Lead and mentor a team of SOC analysts and engineers, ensuring high-quality coverage across all GCP workloads. Establish and maintain 24/7 detection and response capabilities, fine-tuning alerting rules and monitoring … strategies. Deploy and maintain detection rules using Chronicle SIEM, YARA, Sigma, and GCP-native logging tools. Define and maintain runbooks, incident playbooks, and escalation procedures. Incident Response & Threat Intelligence Own the full life cycle of security incidents from detection to remediation and post-incident review. Perform advanced threat hunting and root cause analysis across cloud workloads, Kubernetes clusters More ❯

first security operations function. This is a high-impact, hands-on leadership role with end-to-end responsibility for managing the Security Operations Centre (SOC), incident detection and response, threat intelligence, and cloud-native security engineering-with a strong focus on Google Cloud Platform (GCP). Operating in a highly regulated, Real Time financial services environment, this role requires … deep technical knowledge, operational maturity, and experience applying security best practices across a fast-moving cloud infrastructure. What You'll Do SOC Leadership & Threat Detection Lead and mentor a team of SOC analysts and engineers, ensuring high-quality coverage across all GCP workloads. Establish and maintain 24/7 detection and response capabilities, fine-tuning alerting rules and monitoring … strategies. Deploy and maintain detection rules using Chronicle SIEM, YARA, Sigma, and GCP-native logging tools. Define and maintain runbooks, incident playbooks, and escalation procedures. Incident Response & Threat Intelligence Own the full life cycle of security incidents from detection to remediation and post-incident review. Perform advanced threat hunting and root cause analysis across cloud workloads, Kubernetes clusters More ❯

lifecycle (SDLC) and ensure products are built securely Oversee vulnerability management and remediation efforts, including leading responses to pen test findings and security assessments Experience conducting risk assessments and threat modelling for software development and advise where necessary Experience in software security design review Strong knowledge of Agile, DevSecOps, System Engineer and or equivalent Knowledge of security standards More ❯

e.g., XSS, SSRF, CSRF, CORS, SQL Injection, broken authentication/authorization, encryption flaws). Provide expert guidance on secure coding practices, common vulnerability classes (e.g., OWASP Top 10), and threat modeling for modern web applications. Conduct security reviews of design and architecture documents; lead threat modeling exercises using frameworks such as STRIDE, PASTA, MITRE ATT&CK, and DREAD. … Build and refine detection and response capabilities using logs, alerts, and behavioral signals. Lead or support incident response activities, including log analysis, querying, forensic investigation, threat mitigation, and root cause analysis. Conduct internal security reviews, network scans, and targeted penetration tests of applications and infrastructure using common security tooling (e.g., Burp Suite, ZAP, Amass, Nmap). Assess and mitigate … Django, Node.js , React). Expert-level scripting and automation skills (e.g., Python, Bash, PowerShell) for workflow automation, tooling, and log analysis. Proficient in log analysis, SIEM usage/configuration, threat hunting, and querying tools to support detection and response. Familiarity with static and dynamic analysis techniques and vulnerability mitigation. Strong understanding of modern cloud platforms-especially AWS-and cloud More ❯

applications/projects from inception through delivery. Ensure security controls are effectively embedded throughout the SDLC. Maintain up-to-date InfoSec policies and technical security standards. Conduct vulnerability assessments, threat modelling, and architecture reviews. What You’ll Bring Strong ability to translate technical risk into clear, actionable business terms. Hands-on experience with secure DevOps pipelines and development … development in .NET, Java, Python, PowerShell, or Bash. Knowledge of tools like SIEM, SOAR, IDS, WAF, vulnerability management platforms. Experience with UI, API, microservices security patterns and cryptographic principles. Threat modelling and dynamic security testing skills. Background in business analysis or requirements engineering. More ❯

applications/projects from inception through delivery. Ensure security controls are effectively embedded throughout the SDLC. Maintain up-to-date InfoSec policies and technical security standards. Conduct vulnerability assessments, threat modelling, and architecture reviews. What You’ll Bring Strong ability to translate technical risk into clear, actionable business terms. Hands-on experience with secure DevOps pipelines and development … development in .NET, Java, Python, PowerShell, or Bash. Knowledge of tools like SIEM, SOAR, IDS, WAF, vulnerability management platforms. Experience with UI, API, microservices security patterns and cryptographic principles. Threat modelling and dynamic security testing skills. Background in business analysis or requirements engineering. More ❯

data pipelines. * Participate in enterprise-wide architecture initiatives for AI/ML. Understand the workflow and pipeline architectures of ML and deep learning workloads. * Conduct security risk assessments and threat modelling for AI/ML and other business projects performed thorough design reviews and security assessments of architectures and designs, identifying vulnerabilities, threats, and risks, and providing recommendations … common security vulnerabilities and threats specific to AI/ML, including adversarial attacks, prompt injection, data poisoning and the MITRE ATLAS framework. * Hands on experience using security assessment and threat modelling tools and techniques to evaluate AI/ML systems and identify potential security weaknesses. * Familiarity with current and emerging regulations and standards, such as the EU AI More ❯

data pipelines. * Participate in enterprise-wide architecture initiatives for AI/ML. Understand the workflow and pipeline architectures of ML and deep learning workloads. * Conduct security risk assessments and threat modelling for AI/ML and other business projects performed thorough design reviews and security assessments of architectures and designs, identifying vulnerabilities, threats, and risks, and providing recommendations … common security vulnerabilities and threats specific to AI/ML, including adversarial attacks, prompt injection, data poisoning and the MITRE ATLAS framework. * Hands on experience using security assessment and threat modelling tools and techniques to evaluate AI/ML systems and identify potential security weaknesses. * Familiarity with current and emerging regulations and standards, such as the EU AI More ❯

pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development teams. Security certifications such as CISSP, OSCP, GWAPT, CEH or CSSLP More ❯

pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development teams. Security certifications such as CISSP, OSCP, GWAPT, CEH or CSSLP More ❯

pipelines. Familiarity with cloud security (AWS, Azure, GCP) and container security (Docker, Kubernetes). Knowledge of OWASP Top 10, CWE, CVSS, MITRE ATT&CK and NIST frameworks. Experience conducting threat modelling, code reviews and penetration testing. Excellent communication skills with the ability to influence and educate development teams. Security certifications such as CISSP, OSCP, GWAPT, CEH or CSSLP More ❯

should have at least 3 years of experience in system, network or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ) Experience with designing and administering identity management (authentication and authorisation including policy enforcement More ❯

should have at least 3 years of experience in system, network or application security. You should also have a proven experience and knowledge with any combination of the following: Threat modelling and risk assessments, Working knowledge of secure coding principles (OWASP and OWASP mobile, SANS ), Experience with designing and administering identity management (authentication and authorisation including policy enforcement More ❯

architectures for cloud-native apps across AWS, Azure, or GCP Integrate security into CI/CD pipelines and IaC tools Apply advanced container security and runtime protection strategies Lead threat modeling, risk assessment, and identity governance in the cloud Develop reusable security patterns aligned with CIS, NIST, ISO 27001 standards Successful Candidate Will Need: Hands-on CNAPP experience (CSPM More ❯

adjacent fields (e.g. Data, DevOps, Cloud) on the fundamentals and best practices of cyber security. Be part of updating training content to reflect current cyber industry trends, tools and threat landscapes. Work closely with the curriculum team to improve and tailor course content and delivery methods. Some weeks will require travel into the London HQ for in-person sessions … security engineering, consulting, or operations Ability to teach and explain key cyber domains, and at least one of the below: Network and infrastructure security Security operations and incident response Threat intelligence and threat modelling Governance, risk & compliance (GRC) Cloud security Penetration testing and vulnerability management Excellent communication & presentation skills. Desirable: Certifications such as CISSP, CISM, CEH, CPENT More ❯

adjacent fields (e.g. Data, DevOps, Cloud) on the fundamentals and best practices of cyber security. Be part of updating training content to reflect current cyber industry trends, tools and threat landscapes. Work closely with the curriculum team to improve and tailor course content and delivery methods. Some weeks will require travel into the London HQ for in-person sessions … security engineering, consulting, or operations Ability to teach and explain key cyber domains, and at least one of the below: Network and infrastructure security Security operations and incident response Threat intelligence and threat modelling Governance, risk & compliance (GRC) Cloud security Penetration testing and vulnerability management Excellent communication & presentation skills. Desirable: Certifications such as CISSP, CISM, CEH, CPENT More ❯

adjacent fields (e.g. Data, DevOps, Cloud) on the fundamentals and best practices of cyber security. Be part of updating training content to reflect current cyber industry trends, tools and threat landscapes. Work closely with the curriculum team to improve and tailor course content and delivery methods. Some weeks will require travel into the London HQ for in-person sessions … security engineering, consulting, or operations Ability to teach and explain key cyber domains, and at least one of the below: Network and infrastructure security Security operations and incident response Threat intelligence and threat modelling Governance, risk & compliance (GRC) Cloud security Penetration testing and vulnerability management Excellent communication & presentation skills. Desirable: Certifications such as CISSP, CISM, CEH, CPENT More ❯

technology capabilities into business products and services, with a focus on ensuring the security of gas operations Define and document security architecture blueprints for new systems and applications, including threat modelling and risk assessments Establish security standards, best practices, and design patterns to support cloud, physical and operational technologies Collaborate with development teams to integrate security controls into … application design Lead security architecture reviews and provide expert technical guidance on complex security challenges Keep up-to date with the latest security threat assessment frameworks such as OWASP, MITRE ATT&CK Assess security posture against industry regulations and compliance requirements Identify and mitigate security risks associated with new technologies and initiatives Perform security assessments to identify vulnerabilities Communicate More ❯

this is inside I35. Key Responsibilities: Lead security design and architecture across applications and projects. Ensure alignment of security solutions with business needs and regulatory standards. Conduct risk assessments, threat modelling, and vulnerability testing. Communicate risks and mitigation strategies to senior stakeholders. Work with DevOps teams on secure development pipelines. What We’re Looking For: 5+ years’ experience More ❯

this is inside I35. Key Responsibilities: Lead security design and architecture across applications and projects. Ensure alignment of security solutions with business needs and regulatory standards. Conduct risk assessments, threat modelling, and vulnerability testing. Communicate risks and mitigation strategies to senior stakeholders. Work with DevOps teams on secure development pipelines. What We’re Looking For: 5+ years’ experience More ❯

is essential. Experience working with security issues in software architecture, software development, e.g. static and/or dynamic code analysis and tools, software dependency check, OWASP Top10 testing, application threat modelling. In-depth experience working in an Agile software development environment, with classic applications as well as microservices, using modern code processing and continuous integration and delivery tools (e.g. … Secure by Design, Architecture, Software Development, Engineering, DevOps, InfoSec, Security, Security Strategy, Best Practice, Programming, Code, C++, C#, C, .NET Core, Java, JavaScript, Node.js, Angular, React, OWASP, Agile, Application Threat Modelling, Security Policy, Security Controls, ISO 27001, NIST, GDPR, Cloud, Azure. Please note that due to a high level of applications, we can only respond to applicants whose More ❯

under the CHECK scheme (e.g., as a CHECK Team Member/Leader). Knowledge of UK public sector security and data protection standards (e.g., NCSC, Cyber Essentials Plus). Threat modelling and secure design practices. Cyber Security Engineer - London (Hybrid) - £700 per day inside IR35 - 4 months+ Damia Group Limited acts as an employment agency for permanent recruitment More ❯

with scripting languages like PowerShell, YAML, JSON Expertise in application security tools and DevSecOps processes Understanding of key frameworks and standards (e.g. OWASP, NIST SSDF, ISO27001, NCSC) Experience with threat modelling, risk assessments, and secure design reviews Comfortable owning security strategy and tooling across complex, modern product landscapes Strong communicator - able to engage confidently with both engineers and More ❯

and security roadmap. Manage information security projects and initiatives across IT and business units. Collaborate with senior leadership to align security goals with business objectives. Lead risk assessments and threat modelling exercises for internal systems and third-party services. Manage the deployment and maintenance of security solutions (SIEM, firewalls, endpoint protection, DLP, etc.). Oversee the organization's More ❯