Security Engineer

Shift Pattern:

Scheduled Weekly Hours:

Corporate Grade:

Reporting Line:

Location:

Worker Type:

About the London Metal Exchange and LME Clear:

The London Metal Exchange is the world centre for industrial metals trading. Most of the worlds global non-ferrous futures business is conducted on the LMEs three trading platforms totalling $18 trillion 178 million lots and 4 billion tonnes with a market open interest high of 1.8 million lots in 2024. All trades are cleared and settled by LME Clear.

Participants can transfer or take on price risk against aluminium copper nickel tin zinc lead molybdenum cobalt lithium steel scrap rebar and hot-rolled coil as well as alumina aluminium premiums and alloys.

The LME and LME Clear are HKEX Group companies.

Overall Purpose of Role

This role is an experienced-level position within the Information Security team at the London Metal Exchange (LME) responsible for leading the secure design delivery and operation of infrastructure applications and identity and access management (IAM) across LMEs platforms. The Senior Security Engineer serves as a subject matter expert resolving complex technical and operational challenges by interpreting and applying security policies guidelines and best practices.

The successful candidate will have ownership of one or more critical security processes platforms or products and will be contributing to shaping LMEs security posture. This includes driving automation secure configuration management and the integration and migration of security controls into cloud and on-prem environments. The role also involves representing the Information Security function in cross-functional projects contributing to workflow redesign and influencing strategic security initiatives.

Ideal candidates will bring 5 years of experience in security engineering or DevSecOps with a strong analytical mindset deep technical expertise and the capability to manage and drive multiple initiatives to completion ensuring secure scalable and resilient outcomes.

Key Responsibilities:

Security Engineering & Automation

• Lead the deployment configuration and lifecycle management of enterprise security platforms such as SIEM XDR DLP Email Security and Endpoint Protection.
• Design and implement automation frameworks for security tooling configuration and updates using Python PowerShell Bash or equivalent.
• Drive Infrastructure as Code (IaC) adoption using Terraform and Ansible ensuring secure scalable and repeatable deployments.
• Define and enforce secure configuration baselines across Windows Linux and Kubernetes environments aligning with regulatory and internal standards.

Identity & Access Security

• Engineer and manage identity and access solutions using SailPoint Keycloak Active Directory and CyberArk enforcing least privilege and RBAC across hybrid environments.
• Automate Identity Access Management workflows and integrate identity governance into CI/CD pipelines and cloud-native platforms.
• Own and continuously improve access review processes onboarding/offboarding workflows and privileged access controls.
• Ensure compliance with identity-related policies and contribute to the evolution of IAM strategy and tooling.

DevOps Integration

• Lead the integration of security controls into CI/CD pipelines including SAST/DAST API security Testing secrets management and policy enforcement.
• Collaborate with engineering and DevOps teams to embed security into build release and deployment processes.
• Design and implement secure resilient infrastructure solutions that align with business and operational requirements.

Operational Support

• Provide expert-level support for incident response threat detection and forensic analysis supporting tools such as SIEM XDR and XSOAR.
• Support Red/Blue team exercises and coordinate engineering involvement during penetration testing efforts understanding how to translate findings into actionable improvements of LMEs security controls stack.
• Maintain and evolve security documentation standards and operational procedures.
• Participate in on-call rotations and ensure continuity of security operations across critical infrastructure.

Qualifications Required:

• University degree in Computer Science Engineering Information Systems or a related STEM field.
• Preferred certifications: CISSP GIAC Microsoft SC-200 AWS/Azure Security Specialty CyberArk Defender SailPoint IdentityNow or equivalent.

Required Knowledge and Experience:

• 5 years of hands-on experience in security engineering DevSecOps or infrastructure security.
• Proven expertise in:
• IAM platforms and protocols (SailPoint CyberArk LDAP OAuth SAML).
• Security automation and scripting (Python PowerShell Bash).
• Cloud platforms and CI/CD tools (AWS Azure Bitbucket GitHub Actions).
• Security tooling (ArcSight SIEM XSOAR SonarQube HSMs EDR DLP).
• Operating systems and container orchestration (Windows Linux Kubernetes).
• Network and security protocols (zScaler Squid TCP/IP HTTPS DNS Firewalls VPNs).

Personal Qualities:

• Strong analytical and problem-solving skills with a proactive approach to complex challenges.
• Ability to lead and coordinate multiple concurrent security projects across teams.
• Effective communicator with excellent documentation and reporting habits.
• Detail-oriented adaptable and committed to continuous improvement in a regulated fast-paced environment.
• Passionate about security engineering automation and protecting critical infrastructure.

The LME is committed to creating a diverse environment and is proud to be an equal opportunity employer. In recruiting for our teams we welcome the unique contributions that you can bring in terms of education ethnicity race sex gender identity expression and reassignment nation of origin age languages spoken colour religion disability sexual orientation and doing so we want every LME employee to feel our commitment to showing respect for all and encouraging open collaboration and communication.