Senior Security Analyst

Role Purpose

The Cyber Security Engineering Vulnerability & Threat Management (VTM) team at LSEG is seeking an independent, pro-active, and aspiring individual committed to making a meaningful contribution as a VTM Analyst. This role plays a supporting part, leveraging technical experience to enhance VTM solutions aligned with business requirements. The team is integral to the Cyber Security Engineering function, developing cyber defence capabilities to protect LSEG from threats impacting confidentiality, integrity, and availability.

Key Responsibilities

• Contribute to domain strategies and architectures, leading engineering and associated artefacts across Vulnerability and Threat management.
• Ensure controls related to the domain area remain effective.
• Lead and deliver smaller scale projects or discrete workstreams within larger cyber programmes and initiatives.
• Manage and deliver necessary changes to controls outside of project activity.
• Develop key indicators, analysis, and artefacts to continually evidence and report control effectiveness and risk for the group.
• Provide critical issue support for operational incidents from operations or the global security operations centre for related domain technologies.
• Accountable for ongoing activities and objectives within the domain area.
• Solve complex problems related to the domain area.
• Remain current with principles, concepts, and emerging technologies relevant to the role.
• Influence vendor roadmaps and functionality to support LSEG objectives.

Leadership Responsibilities

This is an individual contributor role with no direct FTE headcount. May manage contingent and vendor/partner resources for deliveries.

Critical Work & Key Performance Indicators

• Delivery of activities aligned with agreed cyber security strategies. Shapes project delivery with project management and the senior manager of the domain area.
• Delivery of key artefacts supporting evidencing and assurance activities.
• Ongoing control operation, effectiveness, and evidencing.
• Reporting, development, and management of agreed measures, key performance indicators (KPIs), and key risk indicators (KRIs).
• Delivery of projects and BAU activities within agreed timescales and required standards.
• Ensuring identified issues are fixed, remain fixed, and are non-recurring.
• Key artefacts for performed activities are accurate and meet required standards.
• Agreed measures for controls owned by the role, such as KRIs, are delivered and managed.

Technical / Job Functional Knowledge

• Knowledge and experience in engineering and operation of vulnerability and threat management technologies and their integration with relevant platforms (competent level).
• Knowledge of different operating systems, platforms, and applications relevant to the domain area (proficient level).
• Experience in engineering layered control capabilities.
• Understanding of information security principles and standard methodologies.
• Good understanding of Adversary Tools, Techniques and Procedures (TTP’s).
• Knowledge in domain area and basic knowledge across non-core domain areas.
• Experience with modern engineering practices, automation for efficiencies, Infrastructure as Code, and scripting for practical tasks and tool integrations.
• Structured and methodical problem-solving practices for complex issues.
• Familiarity with policies, standards, and security frameworks like NIST and CIS. Strong skills in authoring formal documentation.
• Understanding of security metrics to measure control operation and risk.
• The position holder works independently with minimal guidance, solving problems with sound judgement aligned with good practice and LSEG's long-term interests.
• Likely to hold one or more security or engineering/architecture specific certifications: CISSP, OSCP, TOGAF, GIAC, or other relevant qualifications.

Leadership And Management Experience

Experience in advocating for and inspiring change to achieve optimal outcomes based on organisational needs, customer requirements, and industry trends.

Personal Skills And Capabilities

• Collaborating across the group to deliver successful, balanced outcomes for LSEG and its partners.
• Taking ownership and committing to delivering sustainable outcomes and resolving problems.
• Demonstrating a bias for action.
• Consistent track record of delivering results without compromising on quality.
• Critical thinker taking broad perspectives to assess and make decisions.
• Willingness and flexibility to work across different technologies.
• Capability to quickly assimilate new concepts and technologies.
• Taking ownership of own career development and learning.
• Supporting less experienced colleagues in their professional growth.
• Adapting messaging and presentation styles to the audience's requirements.
• Being measured and considered in complicated and fast-paced situations.

Key skills/competency

• Vulnerability Management
• Threat Management
• Cyber Security Engineering
• Risk Management
• Security Frameworks (NIST, CIS)
• Automation & Scripting
• Incident Response
• Cloud Security
• Information Security Principles
• Adversary TTPs