Senior Penetration Tester

LSEG is seeking a Senior Penetration Tester to join our internal offensive security team. This role is hands-on and deeply technical, responsible for planning and driving penetration tests across a wide range of systems and applications. The successful candidate will be a skilled offensive security professional with a passion for uncovering vulnerabilities and improving security posture through thorough testing and teamwork.

• Conduct in-depth penetration tests on applications, infrastructure, and cloud environments.
• Take full ownership of assigned penetration testing engagements end-to-end and deliver with limited oversight.
• Compile technical scoping documents, track and document assessment metadata.
• Document engagement details (who, what, when, where) and testing activity logs.
• Define testing team roles, tools, methodologies, schedules, and target systems/environments.
• Identify constraints, exclusions, and limitations affecting engagements.
• Document findings clearly and concisely, providing actionable remediation guidance.
• Collaborate with application teams to scope, perform, and report on security assessments.
• Contribute to team improvements and ensure initiatives and feedback are well documented for future references.
• Contribute to the continuous improvement of testing methodologies, tooling, and automation.
• Stay ahead of emerging threats, vulnerabilities, and offensive security techniques.
• Participate in R&D initiatives as guided by leadership.
• Support educational sessions and mentoring within the team.
• Develop and maintain custom tools, scripts, and exploits to support testing activities.

• Proven hands-on experience in penetration testing of Web Applications, APIs, Thick Client and Common Infrastructures (Active Directory, Cloud and Cloud-native based environments).
• Proficiency with tools such as Burp Suite, common command-line tools, and ability to write custom scripts when needed.
• Experience in automating pentesting tasks.
• Solid understanding of application security, network protocols, and operating systems.
• Experience with cloud platforms (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes).
• Ability to write clear, technical reports and communicate findings to both technical and non-technical customers.
• Experience working in large, sophisticated enterprise environments.
• Proficient interpersonal skills in English, both written and verbal.
• Relevant certifications and engagement with the security community is a plus.
• Threat Modelling experience is a plus.
• Proven track record of successfully managing and driving security engagements for various organizations with differing operational and technical profiles.
• Ability to identify, assess, and communicate technical and project risks to partners.
• Understanding project requirements and aligning results with agreed upon objectives and timelines.

London Stock Exchange Group plc

Website: https://londonstockexchange.com

LSEG is one of the world’s leading providers of financial markets infrastructure and delivers financial data, analytics, news and index products to 44,000+ customers in over 170 countries. We help organisations fund innovation, manage risk and create jobs by partnering with customers at every point in the trade lifecycle: from informing their pre-trade decisions and executing trades to raising capital, clearing and optimisation. Backed by more than three centuries of experience, innovative technologies and a team of over 26,000 people in 65 countries, we are driving financial stability, empowering economies and enabling you to grow sustainably.