Principal Security Analyst

Vulnerability Management: In-depth knowledge of vulnerability management, the vulnerability life cycle stages

Technical Remediation: Through understanding of remediation concepts/frameworks pertaining to vulnerabilities

Vulnerability Exception: Solid grasp of vulnerability exception processes, exception assessment processes, and compensating security controls.

Partner Engagement: Excellent partner leadership skills working with various levels of management/non-management colleagues within technology and business departments within LSEG.

Roadmap Development: Provide input, prepare, and update the VM roadmap. Develop, maintain, and publish project plans and operation schedules.

Reporting: Provide status reports to Cyber Security leadership on VM metrics, key risk indicators, trends, and compliance.

Solution Proposals: Propose VM concepts and solutions, prepare presentations, and coordinate vendor demonstrations.

Standard Operating Procedures (SOPs): Create and maintain SOPs for VM, providing technical knowledge to operations and production support teams.

Configuration Control: Maintain configuration control of VM hardware, systems, and application software. Coordinate upgrades and maintenance activities on VM tools.

Collaboration: Work closely with Vulnerability Assessment & Pen Testing teams to analyse results and threat feeds, reacting appropriately to security weaknesses or vulnerabilities.

Technical Documentation: Prepare and maintain user documentation of the VM programme, including requirements, architecture designs, network topology, applications, and application security designs.

Policy Collaboration: Collaborate on Information Security policies, standards, and baselines, contributing to compliance measurement efforts.

Governance Reporting: Collaborate on and provide VM results and metrics for consistent reporting for governance purposes. Coordinate remediation plans and activities.

Planning: Help develop a long-term VM strategy (3-5 years) addressing global information security needs, identifying current state, gaps, and opportunities.

Mentorship: Mentor and guide junior analysts, providing technical leadership and encouraging a culture of continuous learning and improvement.

Advanced Knowledge: Deep understanding of VM tools and technologies, including but not limited to Nessus, Qualys, and Rapid7.

Cloud Security: Extensive experience with cloud security platforms (e.g., AWS, Azure, Google Cloud) and their security configurations.

Pen Testing: Proficient in penetration testing methodologies and tools such as Metasploit, Burp Suite, and OWASP ZAP.

Security Patching: Expertise in security patching processes and tools, including WSUS, SCCM, and automated patch management solutions.

Scripting and Automation: Solid skills in scripting languages (e.g., Python, PowerShell) for automation of security tasks and processes.

Network Security: In-depth knowledge of network security principles, including firewalls, IDS/IPS, and network segmentation.

Compliance: Familiarity with regulatory compliance requirements (e.g., GDPR, HIPAA) and industry standards (e.g., ISO 27001, NIST)., * Bachelor’s degree in Computer Science, Information Security, or a related field.

5 years of experience in cybersecurity, with a focus on vulnerability management and cloud security.

Relevant certifications such as CISSP, CISM, or CEH.

Excellent analytical and problem-solving skills.

Good communication and presentation skills.

Ability to work closely with multi-functional teams., * Experience with advanced threat detection and response tools.

Knowledge of secure software development practices and DevSecOps or equivalent experience.

Experience in mentoring and developing junior team members.