inherently secure. - Ideally you will have worked across the system lifecycle, undertaking the security risk management activities required to support each phase, from initial threat and risks assessments and specification of security requirements, through to overseeing implementation and testing of socio-technical security architectures. You will also have experience … assurance workstreams for projects delivering secure systems and services within a government context. Undertaking and producing socio-technical security risk assessments, ideally including technical threatmodelling (e.g. using STRIDE). Development and implementation of risk management strategies and plans. Specification, development and technical assurance of security policies and … Knowledge and understanding of core cyber security risk management areas, including but not limited to: Security governance and risk management approaches, tools, and techniques. Threatmodelling (e.g. STRIDE) and socio-technical risk assessment (e.g. NIST 800-30) methodologies. Attack classification and characterisation frameworks (e.g. MITRE ATT&CK) Computer more »
security procedures and standards to be reviewed and approved by executive management and/or formally authorised by the chief information security officer (CISO) Threatmodelling of services and applications that tie to the risk and data associated with the service or application Key Qualifications: Vast experience in … leading/mentoring teams in “secure by design” including a strong working knowledge of the methodologies to conduct threat-modeling exercises on new applications and services, identity management, as well as securing CI/CD pipelines. Direct, hands-on experience or a solid working knowledge of relevant security patterns more »
controls and NIST Guidelines Experience in implementing security automation using Scripting languages eg Python and infrastructure-as-code (IaC) tools Ability to perform security threatmodelling and risk assessments to identify and prioritize security risks Experience with security incident response and handling, including log analysis and forensics Outstanding more »
Chichester, West Sussex, South East, United Kingdom
Natures Way Foods
IT Security Engineer role. preferably manufacturing but not essential. Key Responsibilities Responsible for educating the workforce on information security through training and building awareness. Threatmodelling, mitigation, validation, including software and hardware penetration testing. Work with all functions of the IT department to design security into the system … and drive security reviews. Develop tools to assist in modelling, analysis, detection, and prevention of security threats. Secure the system while ensuring ease of use for the user and network operations. Stay current on industry developments affecting security and privacy policy. Implement security measures, plans and polices to resolve more »
Farnborough, Hampshire, South East, United Kingdom
Searchability NS&D Ltd
NEW CONTRACT OPPORTUNITY AVAILABLE FOR A MODELLING AND SIMULATION ENGINEER IN FARNBOROUGH Searchability NS&D has a contract opportunity for an Modelling and Simulation Engineer with a weapons background to work across an exciting range of projects Must have active SC Clearance or be eligible to attain SC … Clearance Competitive market rate - Inside IR35 For more details please call me on 07842 002 256 or email WHAT WILL THE MODELLING AND SIMULATION ENGINEER BE DOING? The role will be to undertake M&S tasks in order to provide expertise in developing Threat Models. You will develop … fit-for-purpose threat data & models in support of the programme through to Integrated Test, Evaluation and Acceptance activities. SKILLS & EXPERIENCE REQUIRED: Weapons Background Parametric/Analytical modelling Defence related systems engineering Defence related systems analysis Experience and proven history of CAD related activity Demonstrable understanding of engineering more »
overseeing application security testing, prioritising the resolution of security vulnerabilities, and increasing automation Show experience identifying potential threats and attacks to applications systems through threatmodelling (PASTA and STRIDE) Demonstrate experience with threatmodelling theories and application architecture reviews Have experience of monitoring security systems for more »
Security Consultant with extensive experience in providing end-to-end security assurance for business projects. The ideal candidate will have a strong background in threat assessments, architectural design reviews, third-party risk assessments, RFP security requirements, network security, IDAM projects, ransomware remediation, pen test scoping, and HLD/LLD … reviews. Responsibilities: Perform threatmodelling to identify potential security vulnerabilities and risks. Assess high and low-level architectural designs to identify security risks and provide recommendations for mitigation. Provide security requirements for RFPs and score RFPs based on security criteria. Conduct assessments of third-party security posture to … role with a focus on end-to-end security assurance for business projects. Strong understanding of security principles, standards, and best practices. Experience with threatmodelling, architectural design reviews, RFP security requirements, third-party risk assessments, network security, IDAM projects, ransomware remediation, pen test scoping, and HLD/ more »
london, south east england, United Kingdom Hybrid / WFH Options
Hunter Bond
with various other Security personnel Mitigating Information and Cyber based risks Identifying potential threats and risks Assisting with resolution of incidents Incident response and threat hunting Working with threat management frameworks Threat intelligence and continuous improvement Security monitoring and traffic analysis Vulnerability management You will advise on … 7pm on a shift basis to ensure that full coverage is achieved. The ideal candidate will have: Incident response and security monitoring Understanding of threatmodelling Investigation experience into Information and Cyber security incidents Broad technical understanding covering Windows, Linux, Unix, Networking, Cisco, SIEM, IAM, DLP, LAN/ more »
risks. Act as a subject matter expert on security-related matters, collaborating with stakeholders to address security concerns and implement effective solutions. Participate in threat hunting and threatmodelling activities. To be considered for this role, you should have: Must have a strong background in a security more »
SSO and integrating other services with security tools. • Support the organization in achieving and maintaining Cyber Essentials Plus and ISO 27001 certification and conducting threat modeling activities. • Collaborate with external third-party suppliers to enhance cybersecurity capabilities, enabling 24x7 SOC capability. Skills and Experience We welcome applicants with diverse … or similar platforms. • Ideally, experience in securing data platforms (e.g., Databricks, Snowflake). • Experience in securing Kubernetes (ideally AKS) and container security. • Knowledge of ThreatModelling and relevant frameworks such as ISO 27001, Cyber Essentials Plus, and CIS. • Proficiency in scripting languages such as Python, PowerShell, and KQL. more »
london (city of london), south east england, United Kingdom
Barclay Simpson
required projects Manage security risk for the whole project life cycle Perform security activities, including but not limited to, security design reviews, risk assessments, threatmodelling, and vulnerability management and risk mitigation on internally & externally developed software Embedding security within DevOps (eg CI/CD pipelines), developing security more »
london, south east england, United Kingdom Hybrid / WFH Options
Maclean Moore
lakes, data warehouses, and data pipelines. Implement encryption, access controls, and auditing for Kafka topics and data streams & monitor anomalies in clusters. Produce Detailed Threat models after reviewing technical design documents. Design and implement authentication mechanisms (e.g., OAuth, JWT) for APIs and services. Key skills: Should have proven experience more »
ability to design and implement complex security solutions in line with company policies and standards. • Familiarity with various security techniques and methodologies, such as threat modeling and vulnerability management. • Proficiency in automation and scripting using Python, Shell, Ansible, Jenkins, etc. • Industry certifications in information security or information technology preferred more »
doing: Identify security vulnerabilities from a wide pool of technological solutions Perform risk analysis to triage and manage the remediation or mitigation activity Perform threat modeling activities across a variety of applications and environments Perform security assessments of existing architecture and make security recommendations for new deployments or changes more »
controls and NIST Guidelines Experience in implementing security automation using scripting languages e.g. Python and infrastructure-as-code (IaC) tools Ability to perform security threatmodelling and risk assessments to identify and prioritize security risks Experience with security incident response and handling, including log analysis and forensics Outstanding more »
london, south east england, United Kingdom Hybrid / WFH Options
InfoSec People Ltd
the Governance, Risk, and Compliance (GRC) team to inform on risk, compliance, and assurance matters related to the portfolio of change initiatives. Ensure that Threat Modeling is implemented for identified programs, projects, and engineering initiatives within the portfolio. Work closely with the Security Culture team to ensure alignment and more »
App security. Ability in software development or programming/scripting Experience in applied security research, cryptography, mathematics, or computer science Skills in application security threatmodelling, source code review, reverse engineering, fuzzing, and cloud service testing (AWS/Azure) Benefits: Life Assurance at 4x Basic Annual Salary; Pension more »
securely and efficiently. Perform thorough security assessments on GCP environments, utilizing GCP-specific security tools and technologies, to identify and address potential vulnerabilities. Conduct threat modeling and risk assessments for GCP deployments, designing effective security solutions tailored to GCP services. Collaborate with cross-functional teams to respond to GCP more »
london, south east england, United Kingdom Hybrid / WFH Options
Sterlings
Ideally this person would have Vulnerability management experience. System Admin background desired but not essential, this includes experience across Unix, Windows, Cisco, Networking, etc. ThreatModelling exposure flexible This is a permanent position that operates on a hybrid work setup of 2 days in the office, 3 days more »
and champion security within your current role, you're very likely to be successful. You will be training developers on writing secure code, perform threatmodelling and security testing of applications, run SAST, DAST, SCA and secret scanning tools, manage the bug bounty program and lead incident response more »
development of secure software, focus on embedded systems or complete solutions Have detailed experience in the security concept/design, thread analysis, risk/threatmodelling and mitigation strategies Have professional knowledge of software languages (C, Java, Java Card, Phyton, Ruest) Be familiar with "state of the art more »
from potential threats while effectively managing various stakeholders. You will also have a demonstrable background of enhancing Software Product Security (Secure Software Development), DevSecOps, threat modeling, secure coding practices, and vulnerability management. Key Responsibilities: Product Security: Lead the assessment and enhancement of security measures for all software products developed … Experience: Significant experience in cyber security leadership roles, particularly in product security within IoT or Operational Technology (OT) companies. Technical Expertise: Proficient in DevSecOps, threat modeling, secure coding practices, and vulnerability management. Leadership : Experience leading cross-cultural and geographically distributed teams. Regulatory Knowledge: Familiar with industry standards such as more »
reading, south east england, United Kingdom Hybrid / WFH Options
Oracle
of new TTPs (Tactics, Techniques & Procedures) of the attackers, mimic them in your technical security risk assessments and/or quickly react to new threat scenarios to provide continuous security assurance Collaborate with engineering teams to help them triage and fix security issues Mentor members of the team in …/exploit them, Real world mitigations that can be applied Familiarity with vulnerability classification frameworks (e.g. OWASP Top 10, CVSS, MITRE CVE) Ability to threat model systems/applications/platforms to assess design and find flaws that can be exploited What We’ll Give You A team of more »
Epsom, Surrey, South East, United Kingdom Hybrid / WFH Options
Reed Technology
Skills & Qualifications: Proven experience in API development and integration technologies such as REST and SOAP. Extensive knowledge of secure coding principles, including OWASP and Threat Modelling. Excellent hands-on coding skills using ASP.NET, the .NET ecosystem, and tools like C#, Visual Studio, and dotnet CLI. A deep understanding of more »
Key Skills: Proven API Development experience In depth knowledge of API Integration Technologies, e.g. REST, SOAP Extensive exposure to secure coding principles e.g. OWASP, ThreatModelling High skills level in the ASP.NET and the .NET ecosystem and tools e.g. C#, Visual Studio, dotnet CLI Deep understanding of SOLID more »