Job Description

The Cyber Security Engineering Vulnerability workstream are looking for a Senior Security Analyst to join the team. The team are a part of the Cyber Security Engineering function who are developing cyber defence capabilities to protect the group from cyber threats which seek to impact the confidentiality, integrity, and availability of the group. Key responsibilities Monitors and assesses threats, assisting with critical issues for more complex threats, and taking appropriate action or raising asappropriate. Analyses and interprets complex data to provide regular reports and recommendations tointerested parties. Helping to find opportunities to improve models and policies, crafts recommendations, leads the development and implementation ofprojects. Provides domain expertise and advice to technical teams and customer questions, driving continuous improvement, and may help to lead organisational change projects andactivities with moderate guidance. Coordinates reports and analysis produced by Analysts, offering guidance where necessary and ensuring adherence to applicable Cyber Security controlframeworks andpolices. Consults with relevant internal technical and business stakeholders, providing subject matter oversight as required, enabling teams to understand technical securitysolutions and concepts to embed them in BAUpractices with moderate supervision. Assists in translating technical and business requirements into effective Cyber security solutions/ builds security requirements for internal technology teams toincorporate into product offering. Develops key indicators, analysis, and artefacts to continually evidence and report control effectiveness and risk for the group. Critical issue support for any operational incident from operations or global security operations centre for related domain technologies. Accountable for ongoing activities, objectives and resolving sophisticated problems related to the domain area. Remains current with principles, concepts, and new technologies. Influences vendor roadmaps and functionality in support of LSEG objectives. Critical work Delivery of activities against agreed cyber security strategies. Shapes project delivery with the project management team and the manager. Delivery of key artefacts associated with the role, artefacts support evidencing and assurance activities. Ongoing control operation and effectiveness and evidencing of such. Reporting, development and management of agreed measures, key performance indicators and key risk indicators Impact As a group level function, the role has impact across all parts of the business as it has responsibility for the relevant group security controls which seek to mitigate the risk and impact to the group from cyber-attacks. Impacts include financial, economic, regulatory, customer and brand. The role is key to addressing regulatory concerns for all of our regulated entities related to cyber security and cyber resilience. Key critical metrics Support in the delivery of projects and BAU activities within agreed timescales to the required standard. Issues that are identified are fixed, remain fixed and are not recurring. Key artefacts for the activities performed, are accurate and of the required standard. Agreed measures related to controls owned by the role, for example Key Risk Indicators, are delivered and managed. Technical / job functional knowledge Knowledge and experience of the engineering and operation of vulnerability and threat management technology. Discovery and classification of vulnerabilities across systems and platforms. Guidance & assurance aspects of remediation. Level of knowledge in the domain technology area would be considered as an in-depth. Knowledge and experience of different operating systems and platforms in relation to the domain area which includes assurance of security configuration parameters. Level of knowledge would be considered an intermediate. Engineering of layered control capabilities. An understanding of information security principles and standard methodologies. Adversary Tools, Techniques and Procedures. A good understanding of TTP\'s is required. In-depth knowledge in domain area and basic knowledge across non-core domain areas. Modern engineering practices, automation to drive efficiencies. Infrastructure as Code mentality. Code / scripting for practical tasks and tool integrations. Structured and methodical problem-solving practices for resolving sophisticated problems. Policies, standards, and security frameworks, NIST, CIS. Proven skills to author formal documentation. Understanding of security metrics to measure control operation and risk. The role holder works independently with minimal guidance and is encouraged to solve problems with sound judgement and in a way that is aligned to good practice and in the long-term interests LSEG. The role holder is likely to hold one or more of the following security or engineering/architecture specific certifications, CISSP, OSCP, TOGAF, GIAC or those relevant to the role/domain area. Good working experience in Design & Implementation of Qualys VMDR and Policy Compliance Module and provides 3rd level support for the Qualys Tool. Proven experience of control testing tooling Business and sector expertise Experience and knowledge of technology in financial services and/or regulated environments and industry compliance schemes (for example SWIFT) preferred. Must have experience of working in security focussed roles. Likely will have greater than 3 years full time in security roles as part of an overall career in technology of around 8 years focussed predominantly in the domain area for the role. Expected to have direct hands-on experience in some of the domain area technologies. Personal skills and capabilities Experience in advocating for and influencing change to reach the best outcome based on the needs of the organisation, partners and industry trends. Collaborating across the group to deliver successful sustainable outcomes for the group and its stakeholders. Takes ownership and commits to delivering balanced outcomes and resolving problems. Demonstrates a bias for action. Strong track record of delivering results without compromising on quality. Critical thinker takes in broad perspectives to assess and make decisions. Willingness and flexibility and to work across different technologies. Capability to quickly assimilate new concepts and technologies. Takes ownership of own career development and learning. Supports colleagues with less experience to help in their professional growth. Adapts messaging and presentation styles to meet the needs of different audiences. Is measured and considered in challenging and fast-paced situations. At LSEG, we believe that creating a diverse and inclusive organisation is fundamental to the way we deliver on our promise of creating essential partnerships and open opportunities. Our open culture is central to how we deliver our purpose - driving financial stability, empowering economies and enabling customers to create sustainable growth - in everything we do. Working with us means that you will be part of a dynamic organisation of 25,000 people across 70 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. You will experience the critical role we have in helping to re-engineer the financial ecosystem to support and drive sustainable economic growth. Together, we are aiming to achieve this growth by accelerating the just transition to net zero, enabling growth of the green economy and creating inclusive economic opportunity. LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives. We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone\'s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants\' and employees\' religious practices and beliefs, as well as any mental health or physical disability needs. Please take a moment to read this carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it\'s used for, and how it\'s obtained, . If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.

foundit