Senior Cyber Security Specialist - London Stock Exchange Group

Role Purpose

This is an exciting role i n the expanding Security Architecture team at LSEG. The Architecture team reports into the Group CISO.

This role is to join the team as a Senior Security Specialist – with a view to strengthening and building out our assurance processes as we move from a traditional on-prem operation, into the virtual, software defined and cloud paradigm.

Security Architecture Review team is responsible for reviewing the security posture of new systems alongside the Principal Security Architects; Reviewing firewall rule changes in both BAU and strategic initiatives

Successful candidate will be part of Security Architecture Review team to define the role's goals, processes and deliverable, support our strategy to Shift Left and enable the business to achieve its goals in agility and innovation.

Role Responsibilities

• Undertake security Architecture reviews and work with technical architecture to ensure security is built into active development project's design
• Proven ability to assess and approve firewall rule changes in line with security architecture, secure design patterns and compliance standards.
• Undertake reviewing rule sets in platforms like standard, Next generation and virtualization firewalls, be able to design and operate firewall change control processes with audit traceability.
• Experience designing secure connectivity patterns that align with architectural principles, standards and policies.
• Validate that firewall rules align with approved network segmentation models and security zoning policies.
• Drawing on technical experience and knowledge to assure that technical implementations match approved architectures
• Attend the Security Architecture Design Forum as needed
• Experience line managing a small team and leading from the front
• Operates metrics and monitoring to report the effectiveness and efficiency of the Security Architecture function.
• Analysing legacy systems to identify key architectural risks, and recommending improvements
• Work with stakeholders inside and outside the CyberSecurity function to operationalise existing cyber security processes, methodologies and best practices
• Produce Knowledge Transfer material related to the team's processes
• Oversees reports and analysis produced by Analysts, offering guidance where necessary and ensuring adherence to applicable Information Security control frameworks and polices.
• Evangelise Security Architecture as an enabler as opposed to a blocking point

Minimum Requirements

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems, or a related technical field is required; a Master's degree is a plus
• Understanding of the latest security principles, techniques and protocols
• Critical thinker, problem solving skills, line management, ability to work under pressure and self-starter
• Deep understanding of common as well as emerging vulnerabilities and how they manifest in different types of applications (web applications, thick clients, APIs, etc)
• Good understanding of Azure and AWS
• Familiarity with OWASP Top 10, SANS Top 25, NIST / CSC, CIS etc.
• Proven ability to influence; Good verbal and written communication skills, with strengths in communicating security concepts to non-security minded technical audiences
• Fast learner – Willing to expand skillset and rapidly understand new technologies
• Practical application of lessons learned into the team's practices

Beneficial Skills. Experience and certifications

• Security industry specific technical accreditations such as GIAC, advanced degrees in Security or other certifications demonstrating core technical skills
• Previous experience in finance industry / financial markets infrastructure and / or technology sector
• Experience reviewing rule sets in platforms like standard, Next generation and virtualization firewalls
• Experience designing and operating firewall change control processes with audit traceability.
• Experience designing secure connectivity patterns that align with architectural principles, standards and policies.
• Familiarity with cloud-native firewall services (e.g., Azure Firewall, AWS Network Firewall).
• Understanding of how firewall rules support or violate architectural principles and approved patterns (e.g., least privilege, zero trust).
• Experience using firewall management and review tools (e.g., Tufin, FireMon, AlgoSec).
• Good understanding in some of the below areas:
  • Familiarity with modern development methodologies – Agile, DevOps and SecDevOps
  • Knowledge of modern authentication systems / IAM
  • Understanding of data security / cryptography / PKI
  • Security in IaaS, PaaS and SaaS
  • Security in mobile computing
  • Network segregation in physical and virtualised environments
  • Working knowledge of at least one programming language
  • Detailed technical knowledge of database and operating system security
  • Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software authentication systems, log management and content filtering
  • Ability to deliver hands on training sessions

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership , Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. You will experience the critical role we have in helping to re-engineer the financial ecosystem to support and drive sustainable economic growth. Together, we are aiming to achieve this growth by accelerating the just transition to net zero, enabling growth of the green economy and creating inclusive economic opportunity.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone's race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it's used for, and how it's obtained, your rights and how to contact us as a data subject .

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.