Senior Penetration Tester

LSEG is seeking a Senior Penetration Tester to join our internal offensive security team. This role is hands-on and deeply technical, responsible for planning and driving penetration tests across a wide range of systems and applications. The successful candidate will be a skilled offensive security professional with a passion for uncovering vulnerabilities and improving security posture through thorough testing and teamwork.

Key Responsibilities

• Conduct in-depth penetration tests on applications, infrastructure, and cloud environments.
• Take full ownership of assigned penetration testing engagements end-to-end and deliver with limited oversight.
• Compile technical scoping documents, track and document assessment metadata, including:
  • Engagement details (who, what, when, where)
  • Testing team members and roles
  • Tools and methodologies used
  • Schedule and timelines
  • Target systems and environments
  • Constraints, exclusions, and limitations
  • Testing activities and event logs
• Document findings clearly and concisely, providing actionable remediation guidance.
• Collaborate with application teams to scope, perform, and report on security assessments.
• Contribute to team improvement efforts and ensure all initiatives and feedback are well documented for future references.
• Contribute to the continuous improvement of testing methodologies, tooling, automation.
• Stay ahead of emerging threats, vulnerabilities, and offensive security techniques.
• Participate in R&D initiatives as guided from leadership.
• Support educational sessions and mentoring within the team.
• Develop and maintain custom tools, scripts, and exploits to support testing activities.

Required Skills & Experience

• Proven hands-on experience in penetration testing of Web Applications, APIs, Thick Client and Common Infrastructures (Active Directory, Cloud and Cloud-native based environments).
• Proficiency with tools such as Burp Suite, common command-line tools, and ability to write custom scripts when needed.
• Experience in automating pentesting tasks.
• Solid understanding of application security, network protocols, and operating systems.
• Experience with cloud platforms (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes).
• Ability to write clear, technical reports and communicate findings to both technical and non-technical customers.
• Experience working in large, sophisticated enterprise environments.
• Proficient interpersonal skills in English, both written and verbal.
• Relevant certifications and engagement with the security community is a plus.
• Threat Modelling experience is a plus.
• Ability to identify, assess, and communicate technical and project risks to partners.
• Understanding project requirements and aligning results with agreed upon objectives and timelines.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone's race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.