Senior Penetration Tester

Senior Penetration Tester

LSEG is seeking a senior penetration tester to join our internal offensive security team. This role is hands‑on and deeply technical, responsible for planning and driving penetration tests across a wide range of systems and applications. The successful candidate will be a skilled offensive security professional with a passion for uncovering vulnerabilities and improving security posture through thorough testing and teamwork.

Key Responsibilities

Conduct in‑depth penetration tests on applications, infrastructure, and cloud environments.

Take full ownership of assigned penetration testing engagements end‑to‑end and deliver with limited oversight.

Compile technical scoping documents, track and document assessment metadata.

Define engagement details (who, what, when, where).

Identify testing team members and roles.

Specify tools and methodologies used.

Schedule and timelines.

Target systems and environments.

Constraints, exclusions, and limitations.

Testing activities and event logs.

Document findings clearly and concisely, providing actionable remediation guidance.

Collaborate with application teams to scope, perform, and report on security assessments.

Contribute to team improvement efforts and ensure all initiatives and feedback are well documented for future reference.

Contribute to the continuous improvement of testing methodologies, tooling, automation.

Stay ahead of emerging threats, vulnerabilities, and offensive security techniques.

Participate in R&D initiatives as guided from leadership.

Support educational sessions and mentoring within the team.

Develop and maintain custom tools, scripts, and exploits to support testing activities.

Required Skills & Experience

Proven hands‑on experience in penetration testing of Web Applications, APIs, Thick Client and Common Infrastructures (Active Directory, Cloud and Cloud‑native based environments).

Proficiency with tools such as Burp Suite, common command‑line tools, and ability to write custom scripts when needed.

Experience in automating pentesting tasks.

Solid understanding of application security, network protocols, and operating systems.

Experience with cloud platforms (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes).

Ability to write clear, technical reports and communicate findings to both technical and non‑technical customers.

Proficient interpersonal skills in English, both written and verbal.

Relevant certifications and engagement with the security community is a plus.

Threat Modelling experience is a plus.

Proven track record of successfully managing and driving security engagements for various organizations with differing operational and technical profiles.

Ability to identify, assess, and communicate technical and project risks to partners.

Understanding project requirements and aligning results with agreed upon objectives and timelines.