Location: London, England, United Kingdom
LSEG is seeking a Senior Penetration Tester to join our internal offensive security team. This role is hands‑on and deeply technical, responsible for planning and driving penetration tests across a wide range of systems and applications. The successful candidate will be a skilled offensive security professional with a passion for uncovering vulnerabilities and improving security posture through thorough testing and teamwork.
Key Responsibilities
* Conduct in-depth penetration tests on applications, infrastructure, and cloud environments.
* Take full ownership of assigned penetration testing engagements end‑to‑end and deliver with limited oversight.
* Compile technical scoping documents, track and document assessment metadata
o Engagement details (who, what, when, where)
o Testing team members and roles
o Tools and methodologies used
o Schedule and timelines
o Target systems and environments
o Constraints, exclusions, and limitations
o Testing activities and event logs
* Document findings clearly and concisely, providing actionable remediation guidance.
* Collaborate with application teams to scope, perform, and report on security assessments.
* Contribute to team improvement efforts and ensure all initiatives and feedback are well documented for future references.
* Contribute to the continuous improvement of testing methodologies, tooling, automation.
* Stay ahead of emerging threats, vulnerabilities, and offensive security techniques.
* Participate in R&D initiatives as guided from leadership.
* Support educational sessions and mentoring within the team.
* Develop and maintain custom tools, scripts, and exploits to support testing activities.
Required Skills & Experience
* Proven hands‑on experience in penetration testing of Web Applications, APIs, Thick Client and Common Infrastructures (Active Directory, Cloud and Cloud‑native based environments).
* Proficiency with tools such as Burp Suite, common command‑line tools, and ability to write custom scripts when needed.
* Experience in automating pentesting tasks.
* Solid understanding of application security, network protocols, and operating systems.
* Experience with cloud platforms (AWS, Azure, GCP) and containerised environments (Docker, Kubernetes).
* Ability to write clear, technical reports and communicate findings to both technical and non‑technical customers.
* Proficient interpersonal skills in English, both written and verbal.
* Relevant certifications and engagement with the security community is a plus.
* Threat Modelling experience is a plus.
* Proven track record of successfully managing and driving security engagements for various organisations with differing operational and technical profiles.
* Ability to identify, assess, and communicate technical and project risks to partners.
* Understanding project requirements and aligning results with agreed‑upon objectives and timelines.
Career Stage
Senior Associate
We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants’ and employees’ religious practices and beliefs, as well as mental health or physical disability needs.
#J-18808-Ljbffr