Cyber Threat Specialist (Penetration Tester) Shift Pattern: Standard 40 Hour Week (United Kingdom) Scheduled Weekly Hours: 40 Corporate Grade: E - Associate Reporting Line: (UK Division) Information Technology Location: UK-London Worker Type: Permanent Overall Purpose of Role: The Cyber Threat Specialist works within the Information Security team at the London Metal Exchange (LME). This role will be a member of the penetration testing team to conduct penetration testing of LME systems and applications. Penetration testing will include scoping, performing assessments, identifying vulnerabilities, documenting technical exploitation steps, and providing recommendations and remediation's. The successful candidate will work closely with IT Engineering, Security Operations, and Infrastructure teams to ensure that security controls are effectively implemented and maintained across LME’s platforms. Key Responsibilities: Penetration Testing & Security Assessments Participate in offensive assessments (red team, penetration testing, breach and attack simulation, bug bounty) and defensive security operations (threat hunting, incident handling, investigation and forensics, detection engineering) for LME systems and infrastructure; Participate in Red/Blue Team testing, identify gaps/weaknesses in monitoring capabilities and recommend/implement changes; Review intelligence feeds and generate advisories as needed. Stay up-to-date with current and emerging trends that represent a threat to LME; Participate in Purple Teaming, Adversary Simulation, and other offensive activities at a technical level. Qualifications / Skills Required: Desirable: A University degree or equivalent qualifications in a STEM subject such as Computer Science, or Engineering and/or Information Systems. Desirable: Entry-level certifications such as CompTIA Security, Microsoft SC-900, or AWS Cloud Practitioner. Activity on TryHackMe, HackTheBox, and OSCP-related / Red Team training (or some equivalent the named platforms). Demonstrable activity on Github showing code, tools development, and/or contributing to projects and repos in the offensive security space. Required Knowledge and Experience: Minimum of 2 years’ experience, actively working as a pentester with demonstrable ability to deliver pentests Firm understanding of: Hardening and configuration testing Ethnical Hacking & Penetration Testing Networking and security protocols (TCP/IP, HTTPS, DNS, Firewalls, Proxy). Operating systems (Windows, Linux/Unix, Kubernetes). Scripting or programming (Python, Bash, PowerShell). Security Tooling (e.g. EDR, SIEM, Antivirus) Personal Qualities: Curiosity about emerging threats and technologies Ability to assess and prioritize tasks/risks Attention to detail Enthusiastic about security engineering and automation. Strong analytical and problem-solving skills. Effective communicator with good documentation habits. Team-oriented, proactive, and adaptable in a fast-paced environment. Willingness to learn and grow within a critical infrastructure environment. Commitment to continuous learning The LME is committed to creating a diverse environment and is proud to be an equal opportunity employer. In recruiting for our teams, we welcome the unique contributions that you can bring in terms of education, ethnicity, race, sex, gender identity, expression and reassignment, nation of origin, age, languages spoken, colour, religion, disability, sexual orientation and beliefs. In doing so, we want every LME employee to feel our commitment to showing respect for all and encouraging open collaboration and communication.