Senior Security Specialist

This Security Testing Operations (STO) Senior Associate role is a crucial role for the offensive testing programme across the group, which protects the business from our most sophisticated cyber threats!

The role holder will plan and complete offensive security simulations targeting assets across the enterprise as well as provide technical support for our bug bounty and perimeter asset monitoring programmes. Finally the candidate will find opportunities for and support the development of tools or processes which drive high impact risk mitigation through automation.

The applicant will be a domain authority on vulnerability exploitation. This role requires working in a tight-nit technical team, with external partners, BISOs, the GSOC, and other entities.

Role Responsibilities & Key Accountabilities:

• Plan, lead and carry out red teams / purple teams and penetration tests where you assume the role of a threat actor to meet specified objectives
• Co-ordinate with external 3rd party vendors to enable vulnerability discovery
• Provide constructive feedback to team responsible for incident response and product development on their successes, failures and potential areas of improvement
• Study and replicate tactics, techniques and procedures used by modern attackers to improve the security of our products and corporate environment
• Efficiently report analysis and findings in the most accessible way (written reports, Jira, tickets, presentations etc)
• Develop, modify and extend tools/exploits that assist with execution of security assessments, including custom tools and automation.
  
  

Experience

• Technology related Bachelor's Degree or equivalent experience and certifications in cyber security
• One or more of the following security certifications OSCP, OSCE, OSEE, OSWE, CREST, GXPEN preferred
• Demonstrable experience in Red Teaming and Penetration Testing
• Minimum 3 years of deep, hands-on, technical security experience with at least one of: multiple security technologies such as Firewalls, IDS/IPS, Web Proxies and DLP among others, Web Applications and Services, Cryptography, Social Engineering and Open Source Intelligence Gathering (OSINT), Mobile platforms, Software Security, malware reverse engineering
• Deep technical understanding of enterprise operating system environments, Active Directory and networking
• Validated understanding of security vulnerabilities and common software engineering flaws
• Familiarity with red teaming related regulations and frameworks (DORA/CBEST/TIBER) nice to have
• Familiarity with Network Defence analytical models (Kill Chain, ATT&CK, etc.)
• Familiarity with popular scripting languages and ability to automate simple tasks.
• Experience working with Financial Services and Critical Infrastructure a plus
• Strong verbal & written communication skills & presentation skills
• Ability to work in a fast-paced environment
• Problem solver and barrier breaker with initiative
  
  

Do you have a back ground in penetration testing or red teaming, and are looking for your careers next step? This is a superb opportunity for you to move into a high impact role in industry!

ABOUT US:

LSEG (London Stock Exchange Group) is more than a diversified global financial markets infrastructure and data business. We are dedicated, open-access partners with a dedication to excellence in delivering the services our customers expect from us. With extensive experience, deep knowledge and worldwide presence across financial markets, we enable businesses and economies around the world to fund innovation, handle risk and create jobs. It’s how we’ve contributed to supporting the financial stability and growth of communities and economies globally for more than 300 years. Through a comprehensive suite of trusted financial market infrastructure services – and our open-access model – we provide the flexibility, stability and trust that enable our customers to pursue their ambitions with confidence and transparency.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. You will experience the critical role we have in helping to re-engineer the financial ecosystem to support and drive sustainable economic growth. Together, we are aiming to achieve this growth by accelerating the just transition to net zero, enabling growth of the green economy and creating inclusive economic opportunity.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it’s used for, and how it’s obtained, your rights and how to contact us as a data subject.

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.