Senior Security Engineer

The Vulnerability Threat Management team are looking for an independent, positive, and ambitious person who is dedicated to making a significant contribution within the team. The ideal candidate will have a good understanding of the technologies used to improve solutions that best fit our business needs.

The team are a part of the Cyber Security Engineering function who are developing cyber defence capabilities to protect the business from cyber threats which seek to impact the confidentiality, integrity, and availability of the group.

If this sounds like you, you should have knowledge and experience in the engineering and operation of vulnerability and threat management technologies, and the integration with relevant platforms. You will also possess broad abilities including problem solving and resolution and be an excellent communicator.

Role summary

• Contribute to domain strategies and architectures, lead on engineering and the associated artefacts
• Own the controls and ensure they remain effective.
• Lead and deliver smaller scale projects or discrete workstreams for larger projects, programme and other initiatives.
• Handle and deliver changes to controls as vital which are not part of project activity.
• Develop key indicators, analysis, and artefacts to continually evidence and report control effectiveness and risk for the group.
• Critical issue support for any operational incident from operations or global security operations centre for related domain technologies.
• Solve complex problems

Critical work

• Delivery of activities against of agreed cyber security strategies. Shapes project delivery with the project management team and the senior manager
• Delivery of key artefacts associated with the role, artefacts support evidencing and assurance activities.
• Ongoing control operation and effectiveness and evidencing of such.

Key critical metrics

Delivery of projects and BAU activities within agreed timescales to the required standard.

Issues are identified, fixed and remain fixed and are not recurring.

Key artefacts for the activities performed exist, are accurate and of required standard.

Agreed measures related to controls owned by the role, for example Key Risk Indicators, are delivered and handled.

Technical/ job functional knowledge

Knowledge and experience of the engineering and operation of vulnerability and threat management technology.

Good working experience in Audit & Regularity requirements

Hands on experience in Cloud Security ( AWS, Azure and GCP)

Confirmed experience in system hardening using CIS benchmark

Discovery and classification of vulnerabilities across systems and platforms. Guidance & assurance aspects of remediation and the level of knowledge in the technology area would be classed as an in-depth.

Knowledge and experience of different operating systems and platforms which includes assurance of security configuration parameters, level of knowledge would be considered an intermediate.

Engineering of layered control capabilities.

An understanding of information security principles and standard methodologies.

Adversary Tools, Techniques and Procedures - A good understanding of TTP’s is required.

In-depth knowledge in domain area and basic knowledge across non-core domain areas.

Modern engineering practices, automation to drive efficiencies. Infrastructure as Code approach. Code / scripting for practical tasks and tool integrations.

Structured and methodical troubleshooting practices for resolving complex problems.

Policies, standards and security frameworks, NIST, CIS.

Solid skills to author formal documentation.

Understanding of security metrics to measure control operation and risk.

The role holder would work independently with minimal guidance and is encouraged to tackle problems with sound judgement and in a way that is aligned to good practice and in the long-term interests of the organisation.

Likely to hold one or more of the following security or engineering/architecture specific certifications, CISSP, OSCP, TOGAF, GIAC or those relevant to the area.

Experience and knowledge of technology in financial services and/or regulated environments and industry compliance schemes (for example SWIFT) preferred.

Must have experience of working in security focussed roles. Likely will have greater than 4 years full time in security roles as part of an overall career in technology of around 8 years focussed predominantly in the area for the role. Expected to have direct hands-on experience in some of the domain area technologies.

Personal skills and capabilities

• Collaborating across the group to deliver successful balanced outcomes for the group and its collaborators.
• Remain current with principles, concepts and emerging technologies related to the role
• Takes ownership and commits to delivering sustainable outcomes and resolving problems.
• Demonstrates a bias for action.
• Solid history of delivering results without compromising on quality.
• Critical thinker that takes in broad perspectives to assess and make decisions.
• Willingness and flexibility and to work across different technologies.
• Capability to quickly assimilate new concepts and technologies.
• Takes ownership of own career development and learning.
• Supports colleagues with less experience to help in their professional growth.
• Adapts messaging and presentation styles to the needs of different audiences.
• Is measured and considered in exciting and high-pressure situations.

People are at the heart of what we do and drive the success of our business. Our colleagues thrive personally and professionally through our shared values of Integrity, Partnership, Innovation and Excellence are at the core of our culture. We embrace diversity and actively seek to attract people with unique backgrounds and perspectives. We are always looking at ways to become more agile, so we meet the needs of our teams and customers. We believe that an inclusive collaborative workplace is pivotal to our success and supports the potential and growth of all colleagues at LSEG

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. You will experience the critical role we have in helping to re-engineer the financial ecosystem to support and drive sustainable economic growth. Together, we are aiming to achieve this growth by accelerating the just transition to net zero, enabling growth of the green economy and creating inclusive economic opportunity.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it’s used for, and how it’s obtained, your rights and how to contact us as a data subject.

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.