Principal Security Analyst

Role Summary: The Principal Security Analyst will be responsible for guiding and handling the Vulnerability Management (VM) Plan, ensuring the coordination, monitoring, and support of activities related to VM, Cloud Security, Pen Testing, security patching, and remediation management. This role requires a strategic problem solver with advanced technical skills and the ability to mentor junior analysts while collaborating across various teams to enhance the organisation’s security posture.

Key Responsibilities:

• Vulnerability Management: In-depth knowledge of vulnerability management, the vulnerability life cycle stages
• Technical Remediation: Through understanding of remediation concepts/frameworks pertaining to vulnerabilities
• Vulnerability Exception: Solid grasp of vulnerability exception processes, exception assessment processes, and compensating security controls.
• Partner Engagement: Excellent partner leadership skills working with various levels of management/non-management colleagues within technology and business departments within LSEG.

• Roadmap Development: Provide input, prepare, and update the VM roadmap. Develop, maintain, and publish project plans and operation schedules.
• Reporting: Provide status reports to Cyber Security leadership on VM metrics, key risk indicators, trends, and compliance.
• Solution Proposals: Propose VM concepts and solutions, prepare presentations, and coordinate vendor demonstrations.
• Standard Operating Procedures (SOPs): Create and maintain SOPs for VM, providing technical knowledge to operations and production support teams.
• Configuration Control: Maintain configuration control of VM hardware, systems, and application software. Coordinate upgrades and maintenance activities on VM tools.
• Collaboration: Work closely with Vulnerability Assessment & Pen Testing teams to analyse results and threat feeds, reacting appropriately to security weaknesses or vulnerabilities.
• Technical Documentation: Prepare and maintain user documentation of the VM programme, including requirements, architecture designs, network topology, applications, and application security designs.
• Policy Collaboration: Collaborate on Information Security policies, standards, and baselines, contributing to compliance measurement efforts.
• Governance Reporting: Collaborate on and provide VM results and metrics for consistent reporting for governance purposes. Coordinate remediation plans and activities.
• Planning: Help develop a long-term VM strategy (3-5 years) addressing global information security needs, identifying current state, gaps, and opportunities.
• Mentorship: Mentor and guide junior analysts, providing technical leadership and encouraging a culture of continuous learning and improvement.

Technical Requirements:

• Advanced Knowledge: Deep understanding of VM tools and technologies, including but not limited to Nessus, Qualys, and Rapid7.
• Cloud Security: Extensive experience with cloud security platforms (e.g., AWS, Azure, Google Cloud) and their security configurations.
• Pen Testing: Proficient in penetration testing methodologies and tools such as Metasploit, Burp Suite, and OWASP ZAP.
• Security Patching: Expertise in security patching processes and tools, including WSUS, SCCM, and automated patch management solutions.
• Scripting and Automation: Solid skills in scripting languages (e.g., Python, PowerShell) for automation of security tasks and processes.
• Network Security: In-depth knowledge of network security principles, including firewalls, IDS/IPS, and network segmentation.
• Compliance: Familiarity with regulatory compliance requirements (e.g., GDPR, HIPAA) and industry standards (e.g., ISO 27001, NIST).

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, or a related field.
• 5 years of experience in cybersecurity, with a focus on vulnerability management and cloud security.
• Relevant certifications such as CISSP, CISM, or CEH.
• Excellent analytical and problem-solving skills.
• Good communication and presentation skills.
• Ability to work closely with multi-functional teams.

Preferred Qualifications:

• Experience with advanced threat detection and response tools.
• Knowledge of secure software development practices and DevSecOps or equivalent experience.
• Experience in mentoring and developing junior team members.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. You will experience the critical role we have in helping to re-engineer the financial ecosystem to support and drive sustainable economic growth. Together, we are aiming to achieve this growth by accelerating the just transition to net zero, enabling growth of the green economy and creating inclusive economic opportunity.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it’s used for, and how it’s obtained, your rights and how to contact us as a data subject.

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.