Job Title: Security Architect and Threat Modeller

Report To: Head of Security

Job Location: Remote Initially

Employment Status: Full Time

Salary: Competitive

Closing Date: 30/04/2021

Who is ControlPlane?

We are a London based cloud technology company, helping to keep people safe online. We work with cloud providers and their customers to secure the building blocks of the internet, by offering consulting, training and products related to Cloud Native Development, Security and Operations.

Trusted by Google Cloud, UK Home Office, JPMC, among many others, our clients are world leading organisations.

What We’re Looking For in a Security Architect

We are looking for a security architect to represent the technical and cultural values of ControlPlane, leading our customers by example in the complex and fast-changing world of cloud native technology. You will perform a mix of client consulting (operating remotely), working on internal labs projects, and contributing to Open Source projects on ControlPlane’s behalf. When offices re-open, you may be expected to work on client site for a few days a month.

Skills and Technologies

This role will suit a candidate with cloud security architecture and risk experience. You should be comfortable using threat models to drive and refine architecture definition, and will be amongst an experienced team that can guide and assist you.

We are SANS authors (SEC584), have published our Threat Models for the CNCF’s financial services group, and believe strongly in team learning and collaboration. Candidates with an aptitude to learn are preferred, and we provide full training for the newest cloud technologies that our customers rely on.

Experience or knowledge of some of the below:

  • Experience of Threat Modelling and related frameworks (MITRE ATT&CK, STRIDE)
  • Knowledge and experience using hardening guides, compliance and risk management standards
  • Experience designing Cloud Native Security architectures (AWS, GCP, Azure)
  • Security related qualifications such as OSCP, Cloud Provider Security certifications, or CISSP
  • Knowledge of the following is not required but viewed favourably:
    • DevSecOps principles and practices
    • Kubernetes and containers (OpenShift, GKE, and EKS)
    • Enterprise tools such as Aqua, Twistlock and Prisma
    • Open Source tools such as falco, kube-hunter, and kube-bench


ControlPlane is a dynamic, cutting edge and passionate business for which to work. Our employees are the heart of our business which means we care about our company culture and our Employees’ wellbeing and progression. Alongside this, as our Security Consultant you will also have the following benefits:

  • Generous and competitive salary
  • Discretionary team bonus
  • 25 days of paid holiday, plus UK Bank Holidays.
  • Statutory pension contribution
  • Cycle to Work scheme
  • An individual training budget for personal development

We are looking for technical practitioners who can work with our clients and the team to deliver these projects and help establish ControlPlane as a world-class technical thought leader.

Equally importantly, we’re looking for people of the highest personal calibre, with a good work ethic, keenness to learn, emotional maturity and respect, and who embrace human diversity of all kinds. As one of our early employees you will help us to build a company culture of which we can all be proud. If you espouse these values, we want you!