Principal Security Engineer

Company : London Stock Exchange

Job Type : Full Time

London, South East England

Number of Applicants

:

000+

Fast Apply

Job Description - Principal Security Engineer

Role Purpose

Developing cyber defence capabilities to protect LSEG from cyber threats that impact the confidentiality, integrity, and availability of group assets. Domain area is Vulnerability & Threat Management.

Reports to Senior Manager, Vulnerability & Threat Management

No direct FTE reports, but may handle contingents and vendor/partner resources.

Location / flexible working - London and t his role will have some elements of paid on-call.

Key relationships & committees

Stakeholders include the wider security team including security architecture, cyber strategy business function, governance, risk and compliance, global security operations centre. Programme management. Entity level Business Information Security Officers (BISOs). Infrastructure & Cloud operations, engineering and architectures teams. Internal risk and audit functions. Architecture and corporate approval forums. External collaborators partners/vendors, regulators and industry schemes.

Key R-----esponsibilities

Develop and be responsible for the strategies, architectures, designs, and associated artefacts. Technologies have clear roadmaps and lifecycles defined.
Lead the controls and ensure they remain effective through their lifecycle.
Lead projects, some with significant risk profile as part of the cyber programme and other initiatives which are sophisticated and span the group and require a broad perspective in solving challenges.
Run and deliver changes to controls which are not part of project activity.
Develop key indicators, analysis, and artefacts to continually evidence and report control effectiveness and risk.
Critical issue support for any operational incident from operations or global security operations centre.
Solve sophisticated problems related to the domain area.
Remain current with principles, concepts and new technologies.
Influence vendor roadmaps and functionality in support of LSEG objectives.

Critical work

Delivery of activities against of agreed cyber security strategies. Shapes project delivery with the project management team and the senior manager.
Delivery of key artefacts associated with the role, artefacts support evidencing and assurance activities.
Ongoing control operation and effectiveness and evidencing of such.
Reporting, development and management of agreed measures, key performance indicators and key risk indicators.

Impact

As a group level function the role has impact across all parts of the business as it has responsibility for the relevant group security controls which seek to mitigate the risk and impact to the group from cyber-attacks. Impacts include financial, economic, regulatory, customer and brand.

The role is key to addressing regulatory concerns for all of our regulated entities related to cyber security and cyber resilience.

Key Critical Metrics

Delivery of projects and BAU activities within agreed timescales to the required standard.
Issues that are identified are fixed and remain fixed and are not recurring.
Key artefacts for the activities performed exist, are accurate and of required standard.
Agreed measures related to controls owned by the role, for example Key Risk Indicators, are delivered and handled.

Technical / Job Functional Knowledge

Knowledge and experience of the architecture, engineering and operation of vulnerability and threat management technology. Discovery and classification of vulnerabilities across systems and platforms. Guidance & assurance aspects of remediation. Level of knowledge in the domain technology area would be considered an expert.
Knowledge and experience of different operating systems and platforms, which includes assurance of security configuration parameters and the depth of knowledge is an authority.
Architecture and engineering of layered control capabilities to a specialist level.
A solid grasp of information security principles and standard methodologies.
Adversary Tools, Techniques and Procedures. A deep understanding of TTP's is required.
Threat Modelling experience.
Broad technology knowledge across non-core domain area.
Modern engineering practices, automation to drive efficiencies. Infrastructure as Code mentality. Code / scripting for practical tasks and tool integrations.
Structured and methodical problem solving practices for resolving the most sophisticated problems.
Policies, standards and security frameworks, NIST, CIS. Solid skills to author formal documentation.
Risk and control, management, monitoring and reporting.
Works independently and with guidance only in the most complicated of situations, and is encouraged to tackle problems with sound judgement that is aligned to good practice with the long-term interests at its heart!
The role holder is likely to hold one or more of the following security or engineering/architecture specific certifications, CISSP, OSCP, TOGAF, GIAC or those relevant.

Business and sector expertise

Experience and knowledge of technology in financial services and/or regulated environments and industry compliance schemes (for example SWIFT) preferred.

Must have significant experience of working in security focussed roles. Likely will have greater than 5 years full time in security roles in part of an overall career in technology with more than 10 years focussed predominantly in the associated area. Expected to have direct hands-on experience in some of relevant technologies.

Personal skills and capabilities

Collaborating across the group to deliver successful sustainable outcomes for the business and its customers.
Takes ownership and commits to delivering sustainable outcomes and resolving problems and demonstrates a bias for action.
Proven track record of delivering results without compromising on quality.
Critical thinker, takes in broad perspectives to assess and make decisions.
Willingness and flexibility and to work across different technologies.
Capability to quickly assimilate new concepts and technologies.
Takes ownership of own career development and learning.
Delivering feedback in a way useful for an individual and a team for growth.
Adapts messaging and presentation styles for different audiences.
Is measured and considered in exciting and fast paced situations.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and e

Original job Principal Security Engineer posted on GrabJobs ©. To flag any issues with this job please use the Report Job button on GrabJobs.

Fast Apply