Senior Security Engineer

Developing cyber defense capabilities to protect the group from cyber threats which seek to impact the confidentiality, integrity and availability of group assets. Domain area is Network Security.

Reports to

Senior Manager, Network Security

Direct reports

May run contingents and vendor/partner resources in their deliveries.

Key relationships & committees

Collaborators include the wider security team including security architecture, cyber strategy business function, governance, risk and compliance, global security operations center. Program management. Entity level Business Information Security Officers (BISOs). Infrastructure & Cloud operations, engineering and architectures teams. Internal risk and audit functions. Architecture and corporate approval forums. External collaborators partners/vendors and industry schemes.

Responsibilities

Contribute to domain strategies and architectures, leads on the engineering and the associated artefacts within the domain area.

Be responsible for the controls related to the domain area and ensure they remain effective.

Ensure vital business as usual tasks are undertaken and detailed as standard operating procedures. Process and procedures are reviewed at a regular cadence.

Lead and deliver smaller scale projects or discrete workstreams for larger projects as part of the cyber program and other initiatives.

Lead and deliver changes to controls as vital which are not part of project activity.

Develop key indicators, analysis and artefacts to continually evidence and report control efficiency and risk for the group.

Critical issue support for any operational incident from operations or global security operations center for related domain technologies.

Accountable for ongoing activities and objectives for the domain area.

Solve sophisticated problems related to the domain area.

Remain current with principles, concepts and new technologies related to the role.

Influence vendor roadmaps and functionality in support of LSEG objectives.

Leadership responsibilities

This role is an individual contributor and leads no FTE headcount.

Critical work

Delivery of activities against of agreed cyber security strategies. Shapes project delivery with the project management team and the senior manager of the domain area.

Delivery of key artefacts associated with the role, artefacts support evidencing and assurance activities.

Ongoing control operation and efficiency and evidencing of such.

Reporting, development and management of agreed measures, key performance indicators and key risk indicators.

Impact

As a group level function the role has impact across all parts of the business as it has responsibility for the relevant group security controls which seek to mitigate the risk and impact to the group from cyber-attacks. Impacts include financial, economic, regulatory, customer and brand.

The role is key to addressing regulatory concerns for all of our regulated entities related to cyber security and cyber resilience.

Key critical metrics

Delivery of projects and BAU activities within agreed timescales to the required standard.

Issues that are identified are fixed and remain fixed and are not recurring.

Key artefacts for the activities performed by the role exist, are accurate and of required standard.

Agreed measures related to controls owned by the role, for example Key Risk Indicators, are delivered and managed.

Technical / job functional knowledge

Knowledge and experience of enterprise and service provider network engineering and operations.

Knowledge and experience of network security engineering and operations. Level of knowledge in the domain technology area would be considered in-depth.

Knowledge and experience of modern and emerging network security control capabilities and technologies. Network security monitoring platforms, IDS, IPS, NDR.

Engineering of layered control capabilities.

An understanding of information security principles and standard methodologies.

Adversary Tools, Techniques and Procedures. A good understanding of TTP s is required.

In-depth knowledge in domain area and basic knowledge across non-core domain areas.

Modern engineering practices, automation to drive efficiencies. Infrastructure as Code attitude. Code / scripting for practical tasks and tool integrations.

Structured and methodical solve practices for resolving complex problems.

Policies, standards and security frameworks, NIST, CIS. Solid skills to author formal documentation.

Understanding of security metrics to measure control operation and risk.

The role holder works independently with minimal guidance. The role holder is expected to solve problems with sound judgement and in a way that is aligned to good practice and in the long-term interests of the organisation.

The role holder is likely to hold one or more of the following security or engineering/architecture specific certifications, CISSP, SSCP, OSCP, TOGAF, GIAC, CCNP, JNCIP or those relevant to the role/domain area.

Business and sector expertise

Experience and knowledge of technology in financial services and/or regulated environments and industry compliance schemes (for example SWIFT) preferred.

Must have experience of working in security focused roles. Likely will have greater than 4 years full time in security roles as part of an overall career in technology of around 8 years focused predominantly in the domain area for the role. Expected to have direct hands-on experience in some of the domain area technologies

Leadership and management experience

Experience in advocating for and influencing change in order to reach the best outcome based on the needs of the organisation, collaborators and from monitoring industry trends.

Personal skills and capabilities

Collaborating across the group to deliver successful sustainable outcomes for the group and its collaborators.

Takes ownership and commits to delivering sustainable outcomes and resolving problems.

Demonstrates a bias for action.

Strong track record of delivering results without compromising on quality.

Critical thinker, takes in broad perspectives to assess and make decisions.

Willingness and flexibility and to work across different technologies.

Capability to quickly assimilate new concepts and technologies.

Takes ownership of own career development and learning.

Supports colleagues with less experience to help in their professional growth.

Adapts messaging and presentation styles to the needs of a different audience.

Is measured and considered in challenging and high-pressure situations