Cyber Threat Modeller & Penetration Tester

Summary: My Client is seeking a Cyber Threat Modeller & Penetration Tester for an initial contract opportunity starting ASAP. The role involves leading threat modeling processes, performing penetration testing, and enforcing secure SDLC practices. The position is hybrid/remote and has an IR35 status of outside IR35, with an initial contract length until the end of 2025.

Key Responsibilities:

• Lead the Threat Modelling process for new and existing products, identifying attack vectors, threat actors, and risk scenarios.
• Perform penetration testing (manual & automated) on applications, APIs, and infrastructure, prioritizing remediation with development teams.
• Define and enforce secure SDLC practices, supporting architecture and product design with security requirements.
• Partner with Delivery & Project Managers to plan and execute security sign-off gates (OWASP, NCA, 3rd party pentests).
• Support and maintain the Cybersecurity Go-Live Tracker, ensuring alignment between security tasks, releases, and backlog priorities.
• Document vulnerabilities, risks, and mitigations in Confluence, Jira, and security reports for stakeholders.
• Act as focal point for security assessments during release management, bug fixing cycles, and major product launches.
• Collaborate with external vendors (3rd party pentesters, compliance auditors) to coordinate IP whitelisting, credentials, and testing scope.

Key Skills:

• Experience in threat modeling and penetration testing.
• Knowledge of secure SDLC practices.
• Proficiency in using tools for manual and automated penetration testing.
• Familiarity with OWASP and security sign-off processes.
• Strong documentation skills using Confluence and Jira.
• Ability to collaborate with cross-functional teams and external vendors.

Salary (Rate): undetermined

City: undetermined

Country: UK

Working Arrangements: hybrid

IR35 Status: outside IR35

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

My Client are looking for a Cyber Threat Modeller & Penetration Tester for an initial contract opportunity to start ASAP.

IR35 Status: Outside IR35
Rate: Negotiable
Location: Hybrid/Remote
Length: Initially until end of 2025 - with scope to extend

Requirements:

• Lead the Threat Modelling process for new and existing products, identifying attack vectors, threat actors, and risk scenarios.
• Perform penetration testing (manual & automated) on applications, APIs, and infrastructure, prioritizing remediation with development teams.
• Define and enforce secure SDLC practices, supporting architecture and product design with security requirements.
• Partner with Delivery & Project Managers to plan and execute security sign-off gates (OWASP, NCA, 3rd party pentests).
• Support and maintain the Cybersecurity Go-Live Tracker, ensuring alignment between security tasks, releases, and backlog priorities.
• Document vulnerabilities, risks, and mitigations in Confluence, Jira, and security reports for stakeholders.
• Act as focal point for security assessments during release management, bug fixing cycles, and major product launches.
• Collaborate with external vendors (3rd party pentesters, compliance auditors) to coordinate IP whitelisting, credentials, and testing scope.

If you are interested, please apply with your most up to date CV.

Lawrence Harvey is acting as an Employment Business in regards to this position.