Deloitte
Information Security Review & Threat Modelling Engineer (ISRP Manifold)

How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Contract Role: Information Security Review & Threat Modelling Engineer (ISRP Manifold)
Contract Location: London/Belfast (Hybrid)
Contract Duration: 6 months initially (with potential extension)
Contract Start Date: Immediate
Contract Classification: Inside IR35
Daily Rate Breakdown
- Traditional Daily Rate: £450
- Agreed Contract Rate (ACR): £346.95
- Equivalent Annual Salary: £90,206 + £10,887 holiday pay
- Payroll provider: Rockford Payroll Info for Contingent Workers - Rockford Pay
Overview
This is an exciting opportunity to join a leading global Tier 1 financial institution undergoing a major transformation of its technology landscape.
We are seeking experienced Information Security Review & Threat Modelling Engineers to join a high-performing cyber security team. The successful candidate will be responsible for conducting security reviews of infrastructure products before production deployment, ensuring compliance with enterprise security standards, identifying security risks, and recommending remediation activities.
Key Responsibilities
- Perform end-to-end security reviews of infrastructure products and validate compliance with enterprise information security standards.
- Work closely with engineering teams and third-party vendors to obtain information required for security assessments.
- Review technical documentation and perform hands-on security testing of infrastructure products.
- Identify security vulnerabilities, compliance gaps, and non-conformities.
- Produce detailed security findings and recommend remediation or risk mitigation strategies.
- Support Information Security teams throughout remediation activities.
- Design and review secure technical architectures.
- Embed quality control measures across security review processes.
- Produce high-quality technical documentation and maintain audit-ready evidence.
- Manage stakeholder expectations and communicate findings effectively.
- Escalate risks and issues appropriately.
- Support internal and external security audits.
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Essential Skills & Experience
- Minimum 6 years’ IT experience, including at least 4 years in Cyber Security/Information Security across cloud and on-premises environments.
- 3-5 years’ experience within Information Security or Information Technology.
- Strong experience reviewing infrastructure security.
- Hands-on cloud security experience across AWS and/or GCP.
- Demonstrated expertise in Threat Modelling methodologies such as STRIDE, PASTA, or MITRE ATT&CK/ATLAS.
- Strong understanding of authentication, authorization, encryption, logging & monitoring, infrastructure security, and network segmentation.
- Ability to design and review secure technical architectures.
- Strong understanding of Infrastructure as Code (Terraform and/or CloudFormation).
- Experience with Software Development Lifecycle (SDLC) and CI/CD pipelines.
- Hands-on Python scripting skills with the ability to read, write, and analyze scripts.
- Experience across multiple technology domains.
- Security testing experience is advantageous.


Get help with your application
Your very own career expert that helps elevate your application to the next level.
Qualifications
- Associate or Professional AWS or GCP Cloud Certification (mandatory).
- Associate or Professional Cyber Security Certification (mandatory).
- Security-first mindset with the ability to think like an attacker.
- Excellent analytical and problem-solving skills.
- Strong written and verbal communication.
- Excellent stakeholder and project management skills.
- Degree in Computer Science, Cyber Security, or related discipline preferred.
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location