Senior Security Engineer I

Are you interested in leading security engineering for an EU project? 

Do you have hands-on ISO-27001 and security tool experience?  

About the Business: 

LexisNexis Risk Solutions is the essential partner in the assessment of risk. Within our Insurance vertical, we provide customers with solutions and decision tools that combine public and industry specific content with advanced technology and analytics to assist them in evaluating and predicting risk and enhancing operational efficiency. Our insurance risk solutions help drive better data-driven decisions across the insurance policy lifecycle all while reducing risk. 

About our Team: 

We are expanding our Information Security team presence into the European Union. This is an opportunity to become a key member of our team, supporting our commercial business lines. With a large part of the Intellectual Property (IP) technology team residing in Farringdon, this will strengthen the collaboration between Information Security and Technology, especially as IP focuses on modernization of their AI products with new features and functions to enrich the users' experience.   

About the Role: 

The Senior Security Engineer will conduct research, design, and engineering tasks for a dedicated project in the European Union. This role requires the ability to identify, investigate, and resolve ISO-27001 security controls, along with hands-on expertise in Endpoint Detection & Response and Vulnerability and Compliance Management tools. 

Responsibilities: 

Monitor and Respond to Security Tools: 

• Review and analyse outputs from Qualys, or equivalent, vulnerability and compliance scans. 

• Actively monitor and respond to alerts from our SIEM (Security Information and Event Management) platform. 

• Monitor and react to activity from Antivirus and EDR (Endpoint Detection and Response) tools. 

Security Requirements & Support: 

• Define and document security requirements for new development efforts. 

• Provide support to Commercial team members to ensure security is considered in product planning and delivery. 

Change Validation: 

• Perform production security validation of infrastructure, application, and network changes to ensure they meet internal policies and standards. 

Compliance & Auditing: 

• Extract and compile audit evidence for internal Security Plans and support external ISO audits and certifications. 

Collaboration & Other Duties: 

• Work cross-functionally with IT, DevOps, and business teams to drive security improvements. 

• Perform other duties as required. 

Requirements: 

• Experience in information security or security operations, typically demonstrated over several years. 

• Practical experience with security tools, including Qualys, SIEM platforms (such as Splunk or Sentinel), and antivirus/endpoint detection and response (AV/EDR) solutions. 

• Solid understanding of network security, infrastructure hardening, and secure application development principles. 

• Familiarity with compliance frameworks, such as ISO 27001. 

• Ability to communicate security risks and recommendations clearly to both technical and non-technical audiences, in writing and verbally. 

• Strong analytical and problem-solving skills. 

Preferred Qualifications 

• Security certifications (e.g., Security+, CEH, GSEC, CISSP) or active pursuit of such credentials. 

• Experience supporting audits and preparing evidence for compliance and certification processes. 

• Experience collaborating with cross-functional development or product teams.