Senior Security Specialist
ABOUT US:LSEG (London Stock Exchange Group) is more than a diversified global financial markets infrastructure and data business. We are dedicated, open-access partners with a dedication to excellence in delivering the services our customers expect from us. With extensive experience, deep knowledge and worldwide presence across financial markets, we enable businesses and economies around the world to fund innovation, manage risk and create jobs. It’s how we’ve contributed to supporting the financial stability and growth of communities and economies globally for more than 300 years. Through a comprehensive suite of trusted financial market infrastructure services – and our open-access model – we provide the flexibility, stability and trust that enable our customers to pursue their ambitions with confidence and clarity.LSEG is headquartered in the United Kingdom, with significant operations in 70 countries across EMEA, North America, Latin America and Asia Pacific. We employ 25,000 people globally, more than half located in Asia Pacific. LSEG’s ticker symbol is LSEG.OUR PEOPLE:People are at the heart of what we do and drive the success of our business. Our culture of connecting, creating opportunity and delivering excellence shape how we think, how we do things and how we help our people fulfil their potential. We embrace diversity and actively seek to attract individuals with unique backgrounds and perspectives. We break down barriers and encourage collaboration, enabling innovation and rapid development of solutions that make a difference. Our workplace generates an enriching and rewarding experience for our people and customers alike. Our vision is to build an inclusive culture in which everyone feels encouraged to fulfil their potential.We know that real personal growth cannot be achieved by simply climbing a career ladder – which is why we encourage and enable a wealth of avenues and interesting opportunities for everyone to broaden and deepen their skills and expertise. As a global organisation spanning 70 countries and one rooted in a culture of growth, opportunity, diversity and innovation, LSEG is a place where everyone can grow, develop and fulfil your potential with meaningful careers.Job ProfilePlan and execute security testing operations across the enterprise. The successful candidate will work closely with Business partners, BISOs, GSOC, and other entities to ensure we effectively test Group’s established security program and identify potential gaps around our people, process, and technology.Responsibilities
- Plan, lead and execute offensive security engagements where you assume the role of a threat actor during tests, attack simulations, training and exercises
- Employ simulated adversary threat-based approaches to expose and exploit vulnerabilities and weaknesses to improve the security of both our products and technology landscape
- Replicate tactics, techniques and procedures used by modern attackers, common network exploitation and penetration techniques as well as common software exploitation techniques
- Develop attack plans to meet the specified objectives and coordinate with other Red Team Operators and 3rd Party vendors to achieve these goals
- Provide constructive feedback to the defenders and product teams on their successes and failures
- Develop, modify and extend tools/exploits that assist with execution of security assessments, including custom tools and automation.
- Establish credibility as a trusted advisor to stakeholders including customers, executives, peers, and employees
- Stay current with sophisticated attacks and apply them during red team activities
- Help defensive teams and product teams understand how to detect and/or stop cyber-attacks via purple teaming exercises, CTF demonstrations, etc.
- Become part of a team of security enthusiasts that perform ground breaking research and promote an environment of innovation and knowledge-sharing
- This is an individual contributor role, but may need to supervise those at an earlier career stage and 3rd party v Reports are produced security testing engagements.
- Effectively report analysis and findings in the most accessible way (written reports, Jira, tickets, presentations etc).
- Maintain and develop security testing processes and related artefacts.
- Bachelor's Degree in Information Systems / Technology, Computer Science / Engineering or equivalent field of study or a minimum of 5 years of cyber security experience
- Demonstrable experience in Red Teaming and Penetration Testing
- Minimum 3 years of deep, hands-on, technical security experience with at least one of: multiple security technologies such as Firewalls, IDS/IPS, Web Proxies and DLP among others, Web Applications and Services, Cryptography, Social Engineering and Open Source Intelligence Gathering (OSINT), Mobile platforms, Software Security, malware reverse engineering
- Deep technical understanding of enterprise operating system environments, Active Directory and networking
- Solid understanding of security vulnerabilities and common software engineering flaws
- Familiarity with popular scripting languages and ability to automate simple tasks.
- Familiarity with CND-based analytical models (Kill Chain, ATT&CK, etc.)
- One or more of the following security certifications OSCP, OSCE, OSEE, OSWE, CREST, GXPEN preferred
- Experience working with Financial Services and Critical Infrastructure
- Strong verbal & written communication skills & presentation skills
- Ability to work in a fast-paced environment.
- Problem solver and barrier breaker