
How your CV stacks up
Upload your CV to see how well it fits this job role
?%
Senior Threat Modeler
Senior Threat Modeler
Location
London / Belfast
Contract Details
- Contract Duration: 6 months
- Start Date: ASAP
- Rate: Competitive day rate (Inside IR35)
- Payroll Provider: Rockford Payroll (via Rockford Pay)
About the Role
The Senior Threat Modeler will play a pivotal role in threat modeling, automation development, and supporting cybersecurity initiatives. You will work independently on critical security tasks, present findings to senior stakeholders, and shape security best practices within the team.
Responsibilities
- Conduct threat modeling using a documented process (e.g., STRIDE, PASTA, attack trees)
- Develop automation tools as required to streamline threat assessments
- Maintain a high standard of thoroughness in identifying threats and defining mitigating controls
- Oversee the entire lifecycle of identified threats and controls
- Ensure threat models and supporting deliverables are completed on time
- Provide feedback and continuous improvements to the existing threat modeling process
- Present findings to seniors, team members, and cross-functional technical teams
- Train and mentor junior team members
- Supervise junior team members on daily tasks and deliverables
- Operate parts of the company’s threat model service with minimal supervision
- Design, test, and deploy secure, Python-based applications (e.g., FastAPI, async programming) while adhering to SDLC processes and quality standards
Reasons to use Rodeo
I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?
Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.
Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.
Start with a chat, not a search bar
Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.
Graduate Consultant — 2026 Scheme
Why you're a good match
StrongYour economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.
See breakdownIt searches the market for you
Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.
Why you're a good match
You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.
Experience fit
Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.
Only hits
No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.
Requirements
Certification Essentials
You must have professional-level certifications in one of each category (AWS/GCP/Azure):
1. Professional Cloud Certification
(Choose one from:)
- AWS: Solutions Architect, DevOps Engineer
- GCP: Cloud Architect, Cloud Developer, Data Engineer, Network Engineer
- Oracle Cloud: Oracle Cloud Infrastructure Architect Professional, HPC & Big Data Solutions Associate
- Azure: Azure Solutions Architect Expert
2. Cloud Security Certification
(Choose one from:)
- AWS: Security – Specialty
- GCP: Professional Cloud Security Engineer
- Azure: Azure Security Engineer Associate
3. Professional Cyber-Security Certification
(Choose one from:)
- ISACA: Certified Information Security Manager (CISM)
- GIAC: Enterprise Defender (GCED), Intrusion Analyst (GCIA), Open Source Intelligence (GOSI)
- ISC²: Certified Information Systems Security Professional (CISSP)
- CompTIA: CASP+, PenTest+
- Microsoft: Identity and Access Administrator Associate
Technical Skills & Experience
(Minimum 5+ years in IT, 4+ years in cybersecurity)
✅ Required Experience:
- Threat Modeling (STRIDE, PASTA, Attack Trees, Att&ck) – Must
- Vulnerability identification (CWE, OWASP) – Must
- Cybersecurity-focused role history – Must
- Security best practices (authentication, authorization, logging/monitoring, encryption, network segmentation) – Must
- Operating system hardening – Must
- DevOps/Agile methodology expertise – Must
- Scripting (Python, FastAPI, asynchronous programming) – Must
- Unit testing (Pytest) – Must
- SDLC security adherence (client standards execution) – Must
- Cloud Infrastructure as Code (Terraform, CloudFormation) – Must
- Development/CD pipelines (CI/CD, SDLC) – Must
- Docker/Kubernetes/Serverless/Helm understanding – Must
- Support/conduct penetration testing (ad-hoc)


Get help with your application
Your very own career expert that helps elevate your application to the next level.
✅ Bonus Experience:
- GitOps/CDK, Snowflake, MongoDB, Databricks, GitHub, threat modeling tooling
- Technical architecture design/review
- Adversarial mindset for threat assessment
- Worked in regulated environments
Essential Soft Skills
- Analytical & detail-oriented
- Willingness to research vendor documentation
- Proficient in documentation creation/maintenance
- Ability to work well in cross-functional teams
- Strong collaboration & communication skills
- Continuous learning mindset
Education
- Bachelor’s degree in a computer-related field, or equivalent work experience
“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”
Jessica, London
Skills
Location