Threat Model Researcher, Security Analyst - Remote 100% and 4 days working week!


About the job

About IriusRisk

We are a young software company that offers a cybersecurity product with a mission to make secure design a de facto practice for all software applications. Our automated threat modeling product makes the process of secure design fast, easy, and accessible to non-security experts.

Threat modeling as a practice is maturing, for example through the recent inclusion of โ€œInsecure Designโ€ in the OWASP Top 10, and Gartner puts the market at 2-5 years from mainstream. Building on this and following a successful Series A funding round in late 2020, IriusRisk has grown significantly over the past two years. And it continues to grow. With a remote-first and inclusive culture we are able to hire some of the best talent in Europe and the Americas. Our IriusRisk Technical Advisory Board is made up of key industry leaders and helps to inform the development of our platform, addressing the software security challenges that our customers face. Those customers include household names in the financial services and technology industries, and our customer base and verticals continue to expand - from cryptocurrency to medical devices and IoT.

About the role

We're looking for a Security Researcher, Application Security Engineer, Security Architect or Threat Modeler who understands device security as well as design and build secure software and is technically minded to support our Centre of Excellence. Our Center or Excellence is primarily focused on Embedded, Medical, industrial and IoT device Security.

The main objectives of the role are to:

  • Research, create and update threat models for key architectures related to embedded, IoT and Medical devices in modern infrastructures, e.g. Hospitals, industrial plants, manufacturing facilities etc.
  • Become an expert in our threat modeling platform, which uses the Drools rules engine to control many of the automation features.
  • Write technical support articles and create videos describing features of our product and how to use those features in live environments
  • Provide some marketing support by creating blog posts on Threat Modeling and security at design time
  • Provide feedback to our engineering team on the product design and feature set

Key duties and responsibilities include:

  • Researching new technology areas to define threat modeling risk patterns that apply to them. Your research should be based on industry standards where possible such as OWASP, CIS, NIST, IEC etc.
  • Create small scripts and automations to help speed up your work and to assist the pre and post sales teams. For example, sometimes customers need a quick script to access our API and retrieve data.
  • Research the latest embedded device, IoT, Medical security controls for content creation
  • Build a knowledge base of Components and Rules for actual attack surfaces and scenarios
  • Create material (webinars, posters, presentations, articles) to be used for marketing and information purposes
  • Collaborate with the marketing team and the community manager to champion Device Security
  • Occasionally work with the Sales team on prospect calls and demos
  • Prepare and provide specific content for new libraries with a focus on IoT, Industrial Security and Medical devices.
  • Create extensive threat models from existing solutions and architecture
  • Collaborate with external organisations to provide security research - e.g. IEC/ISA, CSA, SANS, CIS.
  • Attend dedicated security conferences related to embedded devices

Skills and experience


  • 2+ years experience working in a Cyber Security research role. (Experience in Threat Modeling or application, or device security is a strong advantage)
  • Excellent written technical English
  • Demonstrated experience working independently with minimal supervision
  • A passion for learning new technologies particularly in the field of Embedded Devices, IioT, IoT or Medical
  • MSc in Cybersecurity or closely related technical subject or equivalent certification (CCSA, CISSP etc) + research experience

The role is remote so you can be based anywhere in the UK or in Spain.

Nice to have

  • Experience in development, architecture or technical operations teams a strong advantage
  • Experience in Industrial security, NIST 800-82, 62443 3-3 etc
  • Experience in IoT or embedded device security โ€“ 62443 4-2
  • Interest in software development
  • Familiarity with modern development tools like Jira, git, bitbucket etc.

What are we offering?

  • 4 days working week!
  • 100% remote work!
  • Great team collaboration between departments.
  • An Agile development environment!
  • We have a โ€œDo it wellโ€ DevOps culture and we donโ€™t fear investing time to do things right the first time.
  • Training and certifications related to your role.

Apply now
Apply now

Please let IriusRisk know that you found this job on Your support will help us grow!