Rodeo
ResourcesPartnersSign in

Deloitte

Senior Threat Modeler

London
Posted 10 days ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Senior Threat Modeler

Senior Threat Modeler

Location

London / Belfast

Contract Details

  • Contract Duration: 6 months
  • Start Date: ASAP
  • Rate: Competitive day rate (Inside IR35)
  • Payroll Provider: Rockford Payroll (via Rockford Pay)

About the Role

The Senior Threat Modeler will play a pivotal role in threat modeling, automation development, and supporting cybersecurity initiatives. You will work independently on critical security tasks, present findings to senior stakeholders, and shape security best practices within the team.


Responsibilities

  • Conduct threat modeling using a documented process (e.g., STRIDE, PASTA, attack trees)
  • Develop automation tools as required to streamline threat assessments
  • Maintain a high standard of thoroughness in identifying threats and defining mitigating controls
  • Oversee the entire lifecycle of identified threats and controls
  • Ensure threat models and supporting deliverables are completed on time
  • Provide feedback and continuous improvements to the existing threat modeling process
  • Present findings to seniors, team members, and cross-functional technical teams
  • Train and mentor junior team members
  • Supervise junior team members on daily tasks and deliverables
  • Operate parts of the company’s threat model service with minimal supervision
  • Design, test, and deploy secure, Python-based applications (e.g., FastAPI, async programming) while adhering to SDLC processes and quality standards

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.


Requirements

Certification Essentials

You must have professional-level certifications in one of each category (AWS/GCP/Azure):

1. Professional Cloud Certification

(Choose one from:)

  • AWS: Solutions Architect, DevOps Engineer
  • GCP: Cloud Architect, Cloud Developer, Data Engineer, Network Engineer
  • Oracle Cloud: Oracle Cloud Infrastructure Architect Professional, HPC & Big Data Solutions Associate
  • Azure: Azure Solutions Architect Expert

2. Cloud Security Certification

(Choose one from:)

  • AWS: Security – Specialty
  • GCP: Professional Cloud Security Engineer
  • Azure: Azure Security Engineer Associate

3. Professional Cyber-Security Certification

(Choose one from:)

  • ISACA: Certified Information Security Manager (CISM)
  • GIAC: Enterprise Defender (GCED), Intrusion Analyst (GCIA), Open Source Intelligence (GOSI)
  • ISC²: Certified Information Systems Security Professional (CISSP)
  • CompTIA: CASP+, PenTest+
  • Microsoft: Identity and Access Administrator Associate

Technical Skills & Experience

(Minimum 5+ years in IT, 4+ years in cybersecurity)

✅ Required Experience:

  • Threat Modeling (STRIDE, PASTA, Attack Trees, Att&ck) – Must
  • Vulnerability identification (CWE, OWASP) – Must
  • Cybersecurity-focused role history – Must
  • Security best practices (authentication, authorization, logging/monitoring, encryption, network segmentation) – Must
  • Operating system hardening – Must
  • DevOps/Agile methodology expertise – Must
  • Scripting (Python, FastAPI, asynchronous programming) – Must
  • Unit testing (Pytest) – Must
  • SDLC security adherence (client standards execution) – Must
  • Cloud Infrastructure as Code (Terraform, CloudFormation) – Must
  • Development/CD pipelines (CI/CD, SDLC) – Must
  • Docker/Kubernetes/Serverless/Helm understanding – Must
  • Support/conduct penetration testing (ad-hoc)

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

✅ Bonus Experience:

  • GitOps/CDK, Snowflake, MongoDB, Databricks, GitHub, threat modeling tooling
  • Technical architecture design/review
  • Adversarial mindset for threat assessment
  • Worked in regulated environments

Essential Soft Skills

  • Analytical & detail-oriented
  • Willingness to research vendor documentation
  • Proficient in documentation creation/maintenance
  • Ability to work well in cross-functional teams
  • Strong collaboration & communication skills
  • Continuous learning mindset

Education

  • Bachelor’s degree in a computer-related field, or equivalent work experience

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Threat Modeling
Cyber-Security
Information Security
Vulnerability Identification
Security Practices
Operating Systems
Development Concepts
Scripting Languages
Infrastructure as Code
Cloud Development Kit
DevOps
Docker
Kubernetes
Python
Unit Testing
Documentation

Location

London, England, United Kingdom

Sign up to applySee more jobs like this