Security Architect Threat Modelling

Job Description

Title: Security Architect Threat Modelling
London/Norwich - 3 days a week

Threat Modelling

7 to 12 years of experience in Security Testing.

2 to 5 years of experience in Threat Modelling and Security Risk Assessment

Mandatory Skills: Threat Modelling

·        Enterprise Reference Architecture: define threat modelling reference patterns for common architectures (microservices, APIs, event-driven, cloud).

·        Threat-Informed Integration: integrate ATT&CK-informed scenarios and control validation into design-time practices.

·        Align threat modelling with broader security architecture (Zero Trust, IAM, monitoring).

·        Aware of common methodologies such as Dread and Stride, PASTA etc

·        Set up Threat Modelling Process,

·        On-board Client Applications for Threat Modelling,

·        Execute Threat Modelling, (Identify Threat vectors using automated / manual methods, create the threat model and publish to stake holders)

·        Explain the Results with the end client developers, Remediation Support, Remediation Co-ordination

·        Cloud Security Knowledge is a good to have

·        Very good knowledge on OWASP security standards. Deep understanding of common security vulnerabilities.

·        Very good presentation skill. Strong communication and good customer handling skill.

·        Should be capable of understanding customer requirement for security testing.

·        Capable of providing security solutions to the customer for complex security testing/risk requirement.

·        Automation Strategy: define tool integrations (repo, CI gates, KB/RAG) and quality controls for scaling.

Key Deliverables:

Enterprise threat modelling framework, reference architectures, and multi-quarter roadmap.

Control validation and assurance framework with KPIs/KRIs.

Executive briefings and decision memos."