Lead Engineer

The Cyber Security Engineering Privileged Access Management team are looking for an independent, pro-active, and aspiring individual who is committed to making a meaningful contribution as a Lead Engineer to lead in the design, implementation, and lifecycle management of enterprise-grade PAM solutions across multi-site and multi-cloud environments (AWS, Azure, GCP). You’ll serve as a technical authority for PAM, shaping standards, delivering sophisticated migrations, and ensuring privileged access is secure, auditable, and resilient.

Key Responsibilities

• Design and implement PAM capabilities (vaulting, session management/recording, credential rotation, least privilege, EPM/PRA) across on-prem and cloud workloads.
• Lead complex integrations with AD/EntraID, IdPs, SIEM/SOAR, CSPM, ITSM, DevOps tooling (CI/CD), and secrets management.
• Be responsible for the operational model: backup/recovery, DR, platform upgrades, policy hardening, performance tuning, and continuous improvement.
• Drive onboarding at scale ensuring standardized onboarding patterns and controls.
• Establish guardrails and RBAC/ABAC models aligned to Zero Trust and regulatory frameworks (ISO 27001, SOC 2, NIST 800-53/63).
• Define and maintain technical roadmaps, standards, and reference architectures; mentor engineers and review develop/runbooks.
• Lead security assessments, threat modeling, and control efficacy reviews; partner with risk/compliance and audit functions on evidence and remediation.
• Solve complex issues end-to-end, including proxy/connector components, high-availability clusters, and multi-region architectures.

Technical / job functional knowledge

• Consistent record implementing and operating PAM at scale in complex enterprises (multi-site, multi-cloud).
• Hands-on expertise with at least one of the top PAM vendors (e.g., CyberArk, Delinea, BeyondTrust, One Identity), including deployment, integration, and automation.
• Solid understanding of Windows/Linux administration, AD/EntraID, networking and database fundamentals (TLS/PKI, proxies, firewalls), and identity protocols (SAML/OIDC/OAuth).
• Automation proficiency (PowerShell, Python, REST APIs) and Infrastructure-as-Code (Terraform/CloudFormation) for repeatable deployments.
• Experience with SIEM (e.g., Splunk, Sentinel, QRadar) and SOAR integrations for session telemetry, alerts, and response.
• Proven leadership in defining standards, runbooks, and governance; excellent customer engagement and interpersonal skills.

Additional desired capabilities

• Experience with endpoint privilege management (Windows/macOS/Linux), JIT access, and Kubernetes/containers.
• Exposure to segmentation and network security (micro-segmentation, PAM proxies, bastion hosts).
• Relevant certifications (e.g., CyberArk Defender/Sentry, Azure/AWS Security, CISSP, CCSP).

Diversity & Inclusion

People are at the heart of what we do and drive the success of our business. Our colleagues thrive personally and professionally through our shared values of Integrity, Partnership, Innovation and Excellence which are at the core of our culture. We embrace diversity and actively seek to attract people with unique backgrounds and perspectives. We are always looking at ways to become more agile, so we meet the needs of our teams and customers. We believe that an inclusive collaborative workplace is pivotal to our success and supports the potential and growth of all colleagues at LSEG.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth. Our culture of connecting, creating opportunity and delivering excellence shapes how we think, how we do things and how we help our people fulfil their potential.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law.