Security Architecture & Threat Modelling Engineer

Security Architecture & Threat Modelling Engineer

Job Description

[Please reach out to Joe Pocock for Comp Package & Flexible Working Information]

Role Overview

Are you a specialist offensive security engineer with a passion for analysing and reporting on vulnerabilities you discover? Perhaps your technical acumen has led you towards a highly consultative role, and you’re thriving? Our client, a world-class quantitative trading firm, is hiring a technically fluent Cybersecurity Engineer to bridge offensive insight with architectural security strategy. This role is perfect for someone who still thinks like an attacker but now prefers consulting with developers, assessing risk at scale, and shaping secure design - rather than executing hands-on code exploits. If you’ve uncovered vulnerabilities, authored CVEs, or contributed to responsible disclosure - and enjoy guiding others to build more secure systems - this could be your next challenge...

Key Responsibilities

• Partner with engineering and infrastructure teams to identify gaps in software, systems, and architecture from a threat modelling perspective
• Analyse technical designs and workflows to surface vulnerabilities and propose improvements that align with business priorities
• Build structured documentation outlining risks, decision paths, and recommendations - serving as a trusted voice to highly technical teams
• Act as a security advisor during product and infrastructure development cycles, embedding secure design principles early
• Translate complex vulnerabilities into understandable business risk, balancing usability with secure outcomes
• Contribute to internal security education, shaping a culture of threat awareness across technical and non-technical audiences
• Liaise with red teams, software developers, and senior stakeholders to ensure remediation strategies are achievable and prioritised
• Represent cybersecurity thinking internally through documentation and potentially externally through written research or public speaking

What You Bring...

• 5-10 years of cybersecurity experience with a strong background in offensive security, red teaming, penetration testing, or vulnerability research
• Experience uncovering vulnerabilities, contributing to CVEs, or engaging in responsible disclosure programmes
• Confidence analysing codebases, workflows, and system diagrams to spot potential weaknesses - even without deploying exploits
• Programming experience or proficiency in at least one language (e.g. Python, Go, Rust, C)
• Excellent communication skills and comfort speaking with (software) developers, architects, and engineers to advise and challenge constructively
• Prior experience in a consulting-style role or hybrid security position, ideally post-red team or threat hunting career path
• Familiarity with Linux systems, comfortable scripting, and strong command line skills
• A mindset focused on clarity, documentation, and translating findings into scalable solutions rather than tactical hacks
• Interest in speaking at conferences, writing about security research, or otherwise contributing to the broader cybersecurity community

...

Apply for this role

All fields marked with * are required.