Senior Network Security Specialist in London

Shift Pattern: Standard 40 Hour Week (United Kingdom)

Scheduled Weekly Hours: 40

Corporate Grade: D - Assistant Vice President

Reporting Line: (UK Division) Information Technology

Location: UK-London

Worker Type: Permanent

About the London Metal Exchange: The London Metal Exchange (LME) is the world centre for industrial metals trading. Most of the world’s global non-ferrous futures business is conducted on the LME’s three trading platforms totalling $21 trillion, 191 million lots and 4 billion tonnes notional with a market open interest high of 2.1 million lots in 2025. The metals community uses the LME, an HKEX Group company, as a venue to transfer or take on price risk, as a physical market of last resort and as the provider of transparent global reference prices.

Overall Purpose of Role: As a Senior Network Security Specialist, you will design, implement and govern the network security controls that protect our modern, high‐performance enterprise network. You will take a hands‐on lead role in shaping the network security roadmap, defining policies and standards and driving the adoption of Zero Trust and micro‐segmentation across the Connectivity Engineering Team. You will collaborate closely with Information Security, Platform, Infrastructure and Application teams to ensure security is embedded by design. Your expertise will be applied across on‐premises, cloud, and containerised environments, ensuring consistent and robust protection across all connectivity layers. You will also support the organisation’s LAN, WAN, Campus and Data Centre network services, ensuring reliability, resilience, and high performance. You will maintain and develop core network standards across related systems, coordinate network activities across multiple technology projects, contribute deep technical expertise and produce both high‐ and low‐level designs. As a subject matter expert, you will also provide 3rd‐line escalation support when required. This role reports directly to the Network Manager and may include participation in an on‐call rota, as well as occasional evening and weekend work. TOIL or overtime compensation will be available.

Responsibilities:

• Design, implement, and maintain enterprise network security controls including firewalls, proxies and secure access services aligned to business and regulatory requirements.
• Act as the technical authority for Fortinet, Palo Alto Networks and Zscaler platforms.
• Ensure security policies are consistently enforced across data centre, campus, cloud and hybrid environments.
• Lead complex troubleshooting of network security issues, balancing security, performance and availability.
• Own and define the network security roadmap, aligned with wider technology and security strategies.
• Design and evolve Zero Trust network architectures, including identity-aware access and least-privilege principles.
• Define and implement micro-segmentation strategies for traditional and containerised workloads.
• Provide design input into new initiatives (cloud adoption, Kubernetes/OpenShift, automation, AI platforms).
• Evaluate new security technologies and patterns, producing clear recommendations and design artefacts.
• Develop and maintain network security standards, patterns and policy definitions.
• Ensure adherence to security policies through design reviews, operational controls and continuous improvement.
• Partner with Information Security to translate policy into enforceable technical controls.
• Support audits, risk assessments and regulatory obligations by providing clear evidence of control implementation.
• Act as a senior technical leader within the Network Team, mentoring engineers and setting best practice.
• Work closely with Infrastructure, Platform, and Application teams to embed security by design.
• Provide subject-matter expertise to project teams and senior stakeholders.

Desired Academic and Professional Qualifications: The ideal candidate will have experience working within an ITIL‐governed environment and established infrastructure support frameworks. They will hold a bachelor’s degree in Computer Science, Information Technology, or a related discipline, or possess an equivalent combination of education, technical training, and practical experience. Relevant industry certifications (e.g. PCNSE, NSE, CCNP Security, or CISSP) or substantial real‐world application are expected, while ITIL and/or PMI certification is considered an advantage.

Required Knowledge and Level of Experience:

• Experience defining and implementing network segmentation and micro‐segmentation strategies.
• Strong understanding of Zero Trust networking principles and identity‐aware access controls.
• Strong experience designing, implementing and optimising firewall and proxy security policies.
• Deep hands-on experience with:

• Palo Alto Networks (PAN‐OS, Panorama, policy design)
• Fortinet (FortiGate, FortiManager, FortiAnalyzer)
• Zscaler (ZIA, ZPA, Zero Trust Exchange)

• TCP/IP, BGP, OSPF, VLANs, VRF, VPN, VXLAN, NAT, ACLs, DNS.

Skills and Competencies:

• Ability to translate high‐level security policies into practical, scalable technical designs.
• Strong analytical and diagnostic skills for assessing complex network and security environments.
• Competence in designing and optimising security architectures, network policies and segmentation models.
• Ability to work across hybrid and distributed environments (on‐prem, cloud, container platforms).
• Strong capability to apply automation and IaC concepts to enhance security controls and operational efficiency.
• Ability to collaborate with cross-functional teams in highly regulated, high‐availability environments.
• Methodical, working approach aligned to ITILv3 best practices with proven ability to implement processes.
• Willingness to challenge existing approaches and drive change.
• Comfortable working under pressure, with changing priorities.
• A strong delivery mindset, setting and achieving realistic and timely execution of project deliverables across the portfolio.

Core Functional Responsibilities of an AVP: Day-to-day focus is on resolution of complex problems or transactions, where expertise is required to interpret against policies, guidelines or processes. Role at this level usually has full ownership for one or more processes, reports, procedures or products, and may also be considered analytical or procedural experts representing a unit or team on cross-function process or project deliverables.

Experience Criteria of an AVP: Roles at this level typically require an individual emerging as an expert in a specific skill set, business area or product who remains focused primarily on daily execution.

Hong Kong Exchanges and Clearing Limited (HKEX) is a publicly-traded company (HKEX Stock Code:388) and one of the world’s leading global exchange groups, offering a range of equity, derivative, commodity, fixed income and other financial markets, products and services, including the London Metals Exchange. As a superconnector and gateway between East and West, HKEX facilitates the two-way flow of capital, ideas and dialogue between China and the rest of the world.