Senior Pen Tester (Engineering & Vulnerability Management)

LSEG is seeking a Senior Vulnerability Management Engineer to join our internal offensive security team with focus on driving closure of penetration testing findings. This role bridges offensive security and engineering by translating penetration test results into clear, actionable remediation guidance and partnering with application and platform teams to implement secure fixes. The successful candidate has a strong penetration testing or application security background, hands-on remediation experience, and the ability to coordinate multiple collaborators to reduce risk at scale. This is a highly technical, delivery-focused role with responsibility for both individual findings and systemic improvements.

Key Responsibilities

• Analyze and review penetration test reports to understand technical impact, exploitability, and business risk.
• Develop, document and maintain remediation guidance, patterns, and blueprints for common vulnerability types (e.g. injections, access control, auth, session management, misconfigurations).
• Provide consultation to application and platform teams on secure design and remediation approaches, including code-level, configuration-level and business-level recommendations.
• Coordinate remediation activities across multiple teams, ensuring clear ownership, agreed timelines, and risk-based prioritization.
• Validate fixes by retesting vulnerabilities (manually and/or via tools/scripts) and updating the status of findings through closure.
• Manage and track the remediation backlog, including SLAs, aging findings, and critical issues when needed.
• Produce and maintain documentation on remediation processes, workflows, and controls for audit and compliance purposes.
• Prepare and deliver regular status reports and metrics on remediation progress, trends, and risk reduction to management and partners.
• Perform root cause analysis for recurring or systemic issues and work with engineering, architecture, and governance teams to implement long-term corrective actions.
• Contribute to continuous improvement of the pentest-to-remediation lifecycle, including automation, standardization and integration with SDLC/DevSecOps pipelines.
• Compile technical documents, track and document remediation metadata.
• Contribute to team improvement efforts and ensure all initiatives and feedback are well documented for future references.
• Contribute to the continuous improvement of testing methodologies, tooling, automation.
• Stay ahead of emerging threats, vulnerabilities, and offensive security techniques.
• Participate in R&D initiatives as guided from leadership.
• Support knowledge sharing and mentoring within the team.

Required Skills & Experience

• Proven hands-on experience in penetration testing of Web Applications, APIs, Thick Client and Common Infrastructures (Active Directory, Cloud and Cloud-native based environments).
• Proficiency with tools such as Burp Suite, common command-line tools, and ability to write custom scripts when needed.
• Experience in automating pentesting tasks.
• Solid understanding of application security, network protocols, and operating systems.
• Experience with cloud platforms (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes).
• Solid understanding of common vulnerabilities and exposures (OWASP Top 10, SANS Top 25) and secure coding practices in at least one major language stack (e.g. Java/Springboot, .NET, JavaScript/Node, Python).
• Ability to write clear, technical reports and communicate findings and fixes to both technical and non-technical partners.
• Experience working in large, complex enterprise environments.
• Proficient communication skills in English, both written and verbal.
• Relevant certifications and engagement with the security community is a plus.
• Threat Modelling experience is a plus.
• Proven track record of successfully managing and driving security engagements for various organizations with differing operational and technical profiles.
• Ability to identify, assess, and communicate technical and project risks to partners.
• Understanding project requirements and aligning work with agreed upon objectives and timelines.

Career Stage: Senior Associate

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth. Our culture of connecting, creating opportunity and delivering excellence shapes how we think, how we do things and how we help our people fulfil their potential.