Senior Penetration Tester

LSEG is seeking a Senior Penetration Tester to join our internal offensive security team. This role is hands-on and deeply technical, responsible for planning and driving penetration tests across a wide range of systems and applications. The successful candidate will be a skilled offensive security professional with a passion for uncovering vulnerabilities and improving security posture through thorough testing and teamwork.

Key Responsibilities

• Conduct in-depth penetration tests on applications, infrastructure, and cloud environments.

• Take full ownership of assigned penetration testing engagements end-to-end and deliver with limited oversight.

• Compile technical scoping documents, track and document assessment metadata

  • Engagement details (who, what, when, where)

  • Testing team members and roles

  • Tools and methodologies used

  • Schedule and timelines

  • Target systems and environments

  • Constraints, exclusions, and limitations

  • Testing activities and event logs

• Document findings clearly and concisely, providing actionable remediation guidance.

• Collaborate with application teams to scope, perform, and report on security assessments.

• Contribute to team improvement efforts and ensure all initiatives and feedback are well documented for future references.

• Contribute to the continuous improvement of testing methodologies, tooling, automation.

• Stay ahead of emerging threats, vulnerabilities, and offensive security techniques.

• Participate in R&D initiatives as guided from leadership.

• Support educational sessions and mentoring within the team.

• Develop and maintain custom tools, scripts, and exploits to support testing activities.

Required Skills & Experience

• Proven hands-on experience in penetration testing of Web Applications, APIs, Thick Client and Common Infrastructures (Active Directory, Cloud and Cloud-native based environments).

• Proficiency with tools such as Burp Suite, common command-line tools, and ability to write custom scripts when needed.

• Experience in automating pentesting tasks.

• Solid understanding of application security, network protocols, and operating systems.

• Experience with cloud platforms (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes).

• Ability to write clear, technical reports and communicate findings to both technical and non-technical customers.

• Experience working in large, sophisticated enterprise environments.

• Proficient interpersonal skills in English, both written and verbal.

• Relevant certifications and engagement with the security community is a plus

• Threat Modelling experience is a plus.

• Experience working in large, sophisticated enterprise environments.

• Proven track record of successfully managing and driving security engagements for various organizations with differing operational and technical profiles.

• Ability to identify, assess, and communicate technical and project risks to partners.

• Understanding project requirements and aligning results with agreed upon objectives and timelines.