Jobgether
Application Security - Design Reviews Threat Modelling

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Application Security - Design Reviews Threat Modelling
This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for an Application Security - Design Reviews Threat Modelling based in United Kingdom.
This role offers the opportunity to strengthen application security across a modern software ecosystem by partnering with engineering and product teams throughout the software development lifecycle.
- You will help identify and reduce security risks early by conducting threat modeling, architecture reviews, and security assessments.
- The position focuses on building secure-by-design practices and enabling teams to make informed security decisions.
- You will collaborate with technical teams working on innovative products, including AI and machine learning capabilities.
- The role combines deep technical expertise, problem-solving, and communication skills to improve security maturity at scale.
- You will also contribute to security tooling, documentation, automation, and developer education initiatives.
This is an impactful opportunity for an experienced security professional who enjoys solving complex challenges in a collaborative environment.
Accountabilities
- Conduct security design reviews and threat modeling exercises for new products, services, applications, and platform capabilities.
- Collaborate with engineering and product teams to identify security risks and recommend practical mitigation strategies throughout the development lifecycle.
- Review application architectures, technical designs, data flows, deployment models, and system configurations to identify vulnerabilities and recommend secure design patterns.
- Act as a security consultant for engineering teams by providing guidance on secure implementation practices, application security principles, and risk management.
- Partner with teams developing AI and machine learning features to identify emerging security risks and support secure implementation approaches.
- Maintain and improve security standards, reference architectures, documentation, and internal security guidance.
- Develop and enhance automation, tooling, and processes that improve the efficiency and scalability of threat modeling and security review activities.
- Support application security assessments, investigate security concerns, and contribute to root cause analysis for identified issues.
- Participate in developer education initiatives through workshops, documentation, office hours, and security awareness programs.
- Assist with security incident investigations related to application vulnerabilities when required.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Requirements
- 5+ years of experience in Application Security, Product Security, Security Engineering, or a related technical field.
- Availability to work until 11:00 AM Pacific Standard Time (PST).
- Strong knowledge of application security principles, including OWASP Top 10, API security, authentication, authorization, secrets management, and cryptography.
- Proven experience conducting security reviews, threat modeling exercises, architecture assessments, or application security evaluations.
- Strong understanding of modern application architectures, cloud environments, and secure software development practices, with AWS experience preferred.
- Ability to read and understand source code in one or more modern programming languages.
- Experience developing scripts, tools, or automation to improve security and engineering workflows.
- Strong technical writing skills with experience creating security documentation, guidelines, and recommendations.
- Excellent communication skills with the ability to explain complex security concepts to engineers and stakeholders with varying levels of expertise.
- Ability to assess security risks, prioritize vulnerabilities, and provide practical recommendations aligned with business and technical objectives.
- Collaborative mindset with experience working closely with software engineering and product teams.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Benefits
- Fully remote work environment with flexibility to collaborate across distributed teams.
- Opportunity to work on large-scale security initiatives impacting modern software products.
- Exposure to advanced technologies, including cloud platforms, AI, and machine learning security challenges.
- Collaborative culture focused on innovation, knowledge sharing, and continuous improvement.
- Opportunity to contribute to security automation, developer enablement, and secure engineering practices.
- Professional growth opportunities within a global technology environment.
How Jobgether Works
We use an AI-powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role's core requirements. Our system identifies the top-fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.
We appreciate your interest and wish you the best!
Why Apply Through Jobgether?
Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre-contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location