{ “@context”: “http://schema.org”, “@type”: “JobPosting”, “title”: “Security Architect Threat Modelling”, “description”: “
Overview
7 to 12 years of experience in Security Testing. 2 to 5 years of experience in Threat Modelling and Security Risk Assessment.
Responsibilities
- Enterprise Reference Architecture: define threat modelling reference patterns for common architectures (microservices, APIs, event-driven, cloud).
- Threat-Informed Integration: integrate ATT&CK-informed scenarios and control validation into design-time practices.
- Align threat modelling with broader security architecture (Zero Trust, IAM, monitoring).
- Aware of common methodologies such as DREAD and STRIDE, PASTA etc.
- Set up Threat Modelling Process.
- On-board Client Applications for Threat Modelling.
- Execute Threat Modelling, identify threat vectors using automated/manual methods, create the threat model and publish to stakeholders.
- Explain the results with the end client developers; remediation support and remediation coordination.
- Cloud Security knowledge is a plus.
- Very good knowledge of OWASP security standards. Deep understanding of common security vulnerabilities.
- Very good presentation skills, strong communication and good customer handling skills.
- Should be capable of understanding customer requirements for security testing.
- Capable of providing security solutions to the customer for complex security testing/risk requirements.
- Automation Strategy: define tool integrations (repo, CI gates, KB/RAG) and quality controls for scaling.
- Enterprise threat modelling framework, reference architectures, and multi-quarter roadmap.
- Control validation and assurance framework with KPIs/KRIs.
- Executive briefings and decision memos.
Company: Test Triangle Ltd
Location: London
Job Description:
Overview
7 to 12 years of experience in Security Testing. 2 to 5 years of experience in Threat Modelling and Security Risk Assessment.
Responsibilities
- Enterprise Reference Architecture: define threat modelling reference patterns for common architectures (microservices, APIs, event-driven, cloud).
- Threat-Informed Integration: integrate ATT&CK-informed scenarios and control validation into design-time practices.
- Align threat modelling with broader security architecture (Zero Trust, IAM, monitoring).
- Aware of common methodologies such as DREAD and STRIDE, PASTA etc.
- Set up Threat Modelling Process.
- On-board Client Applications for Threat Modelling.
- Execute Threat Modelling, identify threat vectors using automated/manual methods, create the threat model and publish to stakeholders.
- Explain the results with the end client developers; remediation support and remediation coordination.
- Cloud Security knowledge is a plus.
- Very good knowledge of OWASP security standards. Deep understanding of common security vulnerabilities.
- Very good presentation skills, strong communication and good customer handling skills.
- Should be capable of understanding customer requirements for security testing.
- Capable of providing security solutions to the customer for complex security testing/risk requirements.
- Automation Strategy: define tool integrations (repo, CI gates, KB/RAG) and quality controls for scaling.
- Enterprise threat modelling framework, reference architectures, and multi-quarter roadmap.
- Control validation and assurance framework with KPIs/KRIs.
- Executive briefings and decision memos.
#J-18808-Ljbffr…
Posted: April 18th, 2026