Security Engineer

Security Engineer

Shift Pattern: Standard 40 Hour Week (United Kingdom)

Scheduled Weekly

Hours:

40

Corporate Grade: D - Assistant Vice President

Reporting Line: (UK Division) Information Technology

Location: UK-London

Worker Type: Permanent

The London Metal Exchange is the world centre for industrial metals trading. Most of the world's global non-ferrous futures business is conducted on the LME's three trading platforms totalling $18 trillion, 178 million lots and 4 billion tonnes with a market open interest high of 1.8 million lots in 2024. All trades are cleared and settled by LME Clear.

Participants can transfer or take on price risk against aluminium, copper, nickel, tin, zinc, lead, molybdenum, cobalt, lithium, steel scrap, rebar and hot‑rolled coil as well as alumina, aluminium premiums and alloys.

The LME and LME Clear are HKEX Group companies.

This role is an experienced‑level position within the Information Security team at the London Metal Exchange (LME), responsible for leading the secure design, delivery, and operation of infrastructure, applications, and identity and access management (IAM) across LME's platforms. The Senior Security Engineer serves as a subject matter expert, resolving complex technical and operational challenges by interpreting and applying security policies, guidelines, and best practices.

The successful candidate will have ownership of one or more critical security processes, platforms, or products, and will be contributing to shaping LME's security posture. This includes driving automation, secure configuration management, and the integration and migration of security controls into cloud and on‑prem environments. The role also involves representing the Information Security function in cross‑functional projects, contributing to workflow redesign, and influencing strategic security initiatives.

Ideal candidates will bring 5+ years of experience in security engineering or Dev Sec Ops , with a strong analytical mindset, deep technical expertise, and the capability to manage and drive multiple initiatives to completion, ensuring secure, scalable, and resilient outcomes.

• Lead the deployment, configuration, and lifecycle management of enterprise security platforms such as SIEM, XDR, DLP, Email Security, and Endpoint Protection.
• Design and implement automation frameworks for security tooling, configuration, and updates using Python, Power Shell, Bash, or equivalent.
• Drive Infrastructure as Code (IaC) adoption using Terraform and Ansible, ensuring secure, scalable, and repeatable deployments.
• Define and enforce secure configuration baselines across Windows, Linux, and Kubernetes environments, aligning with regulatory and internal standards.

• Engineer and manage identity and access solutions using SailPoint, Keycloak, Active Directory and Cyber Ark, enforcing least privilege and RBAC across hybrid environments.
• Automate Identity Access Management workflows and integrate identity governance into CI/CD pipelines and cloud‑native platforms.
• Own and continuously improve access review processes, onboarding/offboarding workflows, and privileged access controls.
• Ensure compliance with identity‑related policies and contribute to the evolution of IAM strategy and tooling.

• Lead the integration of security controls into CI/CD pipelines, including SAST/DAST, API security testing, secrets management, and policy enforcement.
• Collaborate with engineering and Dev Ops teams to embed security into build, release, and deployment processes.
• Design and implement secure, resilient infrastructure solutions that align with business and operational requirements.

• Provide expert‑level support for incident response, threat detection, and forensic analysis supporting tools such as SIEM, XDR and XSOAR.
• Support Red/Blue team exercises and coordinate engineering involvement during penetration testing efforts, understanding how to translate findings into actionable improvements of LME's security controls stack.
• Maintain and evolve security…