Principal Security Specialist

ABOUT US:

LSEG (London Stock Exchange Group) is more than a diversified global financial markets infrastructure and data business. We are dedicated, open-access partners with a dedication to excellence in delivering the services our customers expect from us. With extensive experience, deep knowledge and worldwide presence across financial markets, we enable businesses and economies around the world to fund innovation, manage risk and create jobs. It’s how we’ve contributed to supporting the financial stability and growth of communities and economies globally for more than 300 years. Through a comprehensive suite of trusted financial market infrastructure services – and our open-access model – we provide the flexibility, stability and trust that enable our customers to pursue their ambitions with confidence and clarity.

LSEG is headquartered in the United Kingdom, with significant operations in over 60 countries across EMEA, North America, Latin America and Asia Pacific. We employ 25,000 people globally, more than half located in Asia Pacific.

The Team

The Cyber Security - Security Testing team supports security testing delivery against a diverse set of technologies in applications, infrastructure, cloud and networks. The successful candidate will be responsible for supporting and development of security testing activities.

Penetration Test Execution

Lead & Conduct Penetration Tests and retests: Perform detailed penetration tests on systems, networks, and applications to identify vulnerabilities and security risks.

• Drive the scoping of complex solutions: Interview application teams, review architecture documents and agree the scope with all stakeholders. Clearly identify the scope of penetration test in the Rules of Engagements.

• Identify prerequisites and blockers to the punctual delivery of pentest engagement

• Lead complex engagements executed by less senior team members.

• Retest vulnerabilities after remediation actions have been completed. Peer review retest evidence of other team members.

Vulnerability Reporting and Remediation

• Overview/Debrief Sessions: Conduct sessions before and after security testing engagements to ensure clarity and understanding.

• Report Security Testing Activities: Ensure the reporting of security testing activities is tailored to the intended audience.

• Engage with Stakeholders: Convey the outcome of security testing to both technical teams and business representatives, ensuring clarity and understanding across all parties.

• Support Technical Teams: Help technical teams understand technical findings and cybersecurity concepts.

• Risk mitigation solutions: Collaborate with teams to assess risk and recommend mitigation solutions.

• Consult on Remediation Efforts: Advise technical teams on remediation efforts to address identified vulnerabilities

• Review pentest reports of team members or procured by 3rd parties: eliminate false positives and ensure that the appropriate level of accurate information is captured.

Security Testing Practice Improvement Initiatives

Lead Practice Improvement Initiatives: Drive initiatives to improve internal penetration testing practices with new ideas or processes.

• Security Testing Tools: Assist in the development of internal security testing tools. Review opensource and proprietary security testing tools and document their usage.

• Testing methodologies and frameworks: Compile runbooks, checklists and guidelines to improve coverage and/or scale of security testing

• Stay Ahead Of with Trends: Keep up-to-date with security trends, testing tools, exploit techniques, and industry news

Cyber Security evangelist

• Adhere to Policies and Standards: Follow the company's policies, goals, standards, and processes related to security penetration testing.

• Promote CyberSecurity Services: Advocate for the benefits of various cybersecurity service offerings. Refer stakeholders to the appropriate internal team when omissions are identified. Communicate gaps of coverage of cyber processes or tools to the appropriate cyber teams.

Qualifications/Requirements:

• Bachelor’s degree in information systems / Technology, Computer Science / Engineering or equivalent field of study.

• Proven experience in the information security industry, particularly with vulnerability assessments and penetration testing of applications and/or infrastructure using industry standards (e.g. OWASP, PTES, and others).

• 7+ years of experience in cybersecurity with a focus on penetration testing.

• Working knowledge of security principles, techniques and technologies.

• Good understanding of security vulnerabilities and common software flaws

• Strong understanding of cybersecurity concepts, such as threat modelling, risk assessments, and incident response.

• One or more of the following security certifications OSCP, CREST CRT, GPEN or GWAPT

• Strong collaboration and communication skills (both written and verbal).

• Ability to work in a team environment with aggressive deadlines and multiple priorities

• Problem solver and barrier breaker.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. You will experience the critical role we have in helping to re-engineer the financial ecosystem to support and drive sustainable economic growth. Together, we are aiming to achieve this growth by accelerating the just transition to net zero, enabling growth of the green economy and creating inclusive economic opportunity. LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin,gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it’s used for, and how it’s obtained, your rights and how to contact us as a data subject.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. You will experience the critical role we have in helping to re-engineer the financial ecosystem to support and drive sustainable economic growth. Together, we are aiming to achieve this growth by accelerating the just transition to net zero, enabling growth of the green economy and creating inclusive economic opportunity.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it’s used for, and how it’s obtained, your rights and how to contact us as a data subject.

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.