Vulnerability Management Engineer

LSEG is seeking a deeply technical, hands-on Infrastructure Vulnerability Management Engineer who is passionate about safeguarding complex environments and tackling challenging problems at scale. You will be responsible for identifying, analysing, and driving remediation of infrastructure vulnerabilities across our diverse estate.

Combining a hacker’s mindset with an engineer’s discipline, you’ll understand how vulnerabilities are exploited, how to detect and mitigate them, and how to design scalable, sustainable fixes. You will work closely with application, infrastructure, and governance teams to enhance our overall security posture and continuously improve our vulnerability management programme.

Who You Are

You are a curious and motivated problem-solver who thrives on technical depth and continuous learning. You enjoy delving into vulnerabilities, understanding how they function, and finding the most effective and scalable solutions. You take pride in making a measurable impact on real-world security, not just scanning and reporting.

You are collaborative, data-driven, and pragmatic, able to balance security rigour with engineering realities. Above all, you bring intellectual curiosity and drive to learn and adapt in an ever-evolving landscape.

Key Responsibilities

Core Capabilities & Remediation

• Perform in-depth technical analysis and validation of infrastructure vulnerabilities, assessing risk, exploitability, and the potential business impact.
• Develop, document, and deliver technical remediation guidance and solutions to enable application and infrastructure teams to remediate efficiently and consistently.
• Collaborate with engineering and platform teams to vulnerability mitigation into systemic solutions like infrastructure as code (IaC) and automation pipelines.

Analysis, Consultation & Coordination

• Analyse and review vulnerability findings from tools that identify infrastructure vulnerabilities; verify accuracy, identify and validate false positives, and identify systemic patterns.
• Act as a trusted consultant to application and infrastructure teams by explaining findings, prioritising fixes, and supporting technical remediation plans.
• Coordinate remediation activities across multiple teams, ensuring timely closure of high-risk vulnerabilities.
• Manage and track the remediation backlog, maintaining focus on risk reduction and measurable progress.

Governance, Metrics & Continuous Improvement

• Report on vulnerability metrics and remediation status, collaborating closely with the Vulnerability Management Governance function.
• Review and approve exceptions or false-positive requests, balancing risk tolerance with operational realities.
• Perform root cause analysis on recurring or systemic vulnerability issues, driving long-term prevention strategies.
• Tune and optimise identification tools (e.g., Qualys) to enhance accuracy, signal-to-noise ratio, and detection coverage.

Required Skills & Experience

• Strong technical background in systems and infrastructure (Linux/Windows servers, networking, virtualisation, cloud platforms).
• Deep understanding of infrastructure vulnerabilities, their root causes, exploitation techniques, and mitigation strategies.
• Hands-on experience with vulnerability management tools such as Qualys or similar platforms
• Familiarity with patch management, secure configuration standards (CIS, NIST, ISO 27001), and change management processes.
• Ability to develop scripts or automation (Python, PowerShell, Bash) to support data analysis and remediation workflows.
• Strong analytical mindset: able to interpret scan data, prioritise based on risk, and communicate actionable insights to both technical and non-technical audiences.
• Proven experience collaborating in cross-functional environments with security, DevOps, and infrastructure teams.

Career Stage:

London Stock Exchange Group (LSEG) Information:

Join us and be part of a team that values innovation, quality, and continuous improvement. If you're ready to take your career to the next level and make a significant impact, we'd love to hear from you.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.

You will be part of a collaborative and creative culture where we encourage new ideas. We are committed to sustainability across our global business and we are proud to partner with our customers to help them meet their sustainability objectives. Our charity, the LSEG Foundation provides charitable grants to community groups that help people access economic opportunities and build a secure future with financial independence. Colleagues can get involved through fundraising and volunteering.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it’s used for, and how it’s obtained, your rights and how to contact us as a data subject.

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.