What are the responsibilities and job description for the Consulting/Principal Security Engineer position at LexisNexis?
What You’ll Actually Be Doing
Setting Direction, Not Just Following It
Must-Haves
We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location.
Setting Direction, Not Just Following It
- Provide strategic and tactical technical guidance that shapes how we approach security across the organization — with real input into leadership decisions
- Research emerging threats, new attack techniques, and novel mitigation approaches, then translate that research into actionable guidance before those threats hit our doorstep
- Own escalations that require deep expertise — you’re the person the team calls when things get interesting
- Design and evolve our secure software development lifecycle — threat modeling, security design reviews, developer enablement, and the toolchain that ties it all together
- Integrate modern security tooling (SAST, DAST, SCA, secrets detection) into CI/CD pipelines in ways engineers actually embrace rather than route around
- Build and run security champions programs that make developers your allies, not your adversaries
- Track what’s working with real metrics and communicate risk clearly to technical and non-technical audiences alike
- Lead security reviews and threat modeling for AI-powered features — LLMs, RAG pipelines, vector databases, agentic workflows, the works
- Get hands-on with the OWASP, NIST, and the latest research on prompt injection, model supply chain risks, inference-based data leakage, and insecure tool use
- Evaluate AI tools and APIs being introduced into the SDLC — not just for security risk, but for how they change the attack surface entirely
- Define internal standards for building AI-integrated applications responsibly, so our teams can move fast without leaving the door wide open
- Use AI-powered security tooling yourself — we expect you to be fluent in the tools reshaping how AppSec work gets done, not skeptical of them
- Design innovative solutions that protect the confidentiality, integrity, and availability of our systems and data — efficiently, not bureaucratically
- Stay curious about new technologies: evaluate them, understand the security implications, and give leadership the insight they need to make smart bets
- Collaborate across engineering, GRC, legal, and privacy to ensure our controls hold up in a regulated environment (HIPAA, FedRAMP) without slowing everything to a crawl
- Shape multi-year technical strategy for the AppSec program and influence engineering organization-wide
- Serve as a go-to authority on AI/LLM security for senior engineering and product leadership
- Mentor the next generation of security engineers and raise the bar across the team
Must-Haves
- 7 years in application security, security-focused software engineering, or a closely related discipline
- Real experience with threat modeling (STRIDE, PASTA, or your preferred framework) applied to complex, distributed systems
- Strong command of web application and API security vulnerabilities and how to actually fix them — not just how to find them
- Hands-on experience embedding SAST, DAST, SCA, and secrets scanning into developer workflows
- Enough coding ability (Python, Java, Go, TypeScript, etc.) to meaningfully review code for security issues and build lightweight automation
- Experience working in or alongside a regulated industry with real compliance requirements
- The ability to write a clear, compelling security finding — and explain it to a VP without losing them
- Strong collaboration ethos. The security team is an enabler of the business, not a hindrance.
- Practical experience securing AI/ML systems or LLM-integrated applications — this is increasingly central to the role
- Familiarity with agentic AI security risks: tool misuse, prompt injection chains, privilege escalation via agents
- Experience building developer security education or security champions programs that actually stick
- Cloud security depth (AWS, Azure, or GCP) — IAM, workload security, IaC hardening
- Container and Kubernetes security experience
- Offensive security background that informs how you think defensively
- Relevant certifications: OSCP, CSSLP, GWEB, GPEN, cloud security specialty, or equivalent
- Prior experience in legal research or AI workflow
We know your well-being and happiness are key to a long and successful career. We are delighted to offer country specific benefits. Click here to access benefits specific to your location.
Salary : $104,900 - $174,700