Senior Vulnerability Management Engineer

LSEG is seeking a Senior Vulnerability Management Engineer to join our internal offensive security team with focus on driving closure of penetration testing findings. This role bridges offensive security and engineering by translating penetration test results into clear, actionable remediation guidance and partnering with application and platform teams to implement secure fixes. The successful candidate has a strong penetration testing or application security background, hands on remediation experience, and the ability to coordinate multiple collaborators to reduce risk at scale. This is a highly technical, delivery focused role with responsibility for both individual findings and systemic improvements.

Key Responsibilities

• Analyze and review penetration test reports to understand technical impact, exploitability, and business risk.
• Develop, document and maintain remediation guidance, patterns, and blue-prints for common vulnerability types (e.g. injections, access control, auth, session management, misconfigurations).
• Provide consultation to application and platform teams on secure design and remediation approaches, including code-level, configuration-level and business-level recommendations.
• Coordinate remediation activities across multiple teams, ensuring, clear ownership, agreed timelines, and risk-based prioritization.
• Validate fixes by retesting vulnerabilities (manually and/or via tools/scripts) and updating the status of findings through closure.
• Manage and track the remediation backlog, including SLAs, aging finings, and critical issues when needed.
• Produce and maintain documentation on remediation processes, workflows, and controls for audit and compliance purposes.
• Prepare and deliver regular status reports and metrics on remediation progress, trends, and risk reduction to management and partners.
• Perform root cause analysis for recurring or systemic issues and work with engineering, architecture, and governance teams to implement long-term corrective actions.
• Contribute to continuous improvement of the pentest-to-remediation lifecycle, including automation, standardization and integration with SDLC/DevSecOps pipelines.
• Compile technical documents, track and document remediation metadata
  • Engagement details (who, what, when, where)
  • Testing team members and roles
  • Tools and methodologies used
  • Schedule and timelines
  • Target systems and environments
  • Constraints, exclusions, and limitations
  • Testing activities and event logs
• Contribute to team improvement efforts and ensure all initiatives and feedback are well documented for future references.
• Contribute to the continuous improvement of testing methodologies, tooling, automation.
• Stay ahead of with emerging threats, vulnerabilities, and offensive security techniques.
• Participate in R&D initiatives as guided from leadership.
• Support knowledge sharing and mentoring within the team.

Required Skills & Experience

• Proven hands-on experience in penetration testing of Web Applications, APIs, Thick Client and Common Infrastructures (Active Directory, Cloud and Cloud-native based environments).
• Proficiency with tools such as Burp Suite, common command-line tools, and ability to write custom scripts when needed.
• Experience in automating pentesting tasks.
• Solid understanding of application security, network protocols, and operating systems.
• Experience with cloud platforms (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes).
• Solid understanding of common vulnerabilities and exposures (OWASP Top 10, SANS Top 25) and secure coding practices in at least on major language stack (e.g. Java/Springboot, .NET, JavaScript/Node, Python)
• Ability to write clear, technical reports and communicate findings and fixes to both technical and non-technical partners.
• Experience working in large, complex enterprise environments.
• Proficient communication skills in English, both written and verbal.
• Relevant certifications and engagement with the security community is a plus
• Threat Modelling experience is a plus.
• Proven track record of successfully managing and driving security engagements for various organizations with differing operational and technical profiles.
• Ability to identify, assess, and communicate technical and project risks to partners.
• Understanding project requirements and aligning work with agreed upon objectives and timelines.

Join us and be part of a team that values innovation, quality, and continuous improvement. If you're ready to take your career to the next level and make a significant impact, we'd love to hear from you.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.

You will be part of a collaborative and creative culture where we encourage new ideas. We are committed to sustainability across our global business and we are proud to partner with our customers to help them meet their sustainability objectives. Our charity, the LSEG Foundation provides charitable grants to community groups that help people access economic opportunities and build a secure future with financial independence. Colleagues can get involved through fundraising and volunteering.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it’s used for, and how it’s obtained, your rights and how to contact us as a data subject.

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.