Lead Cyber Security Analyst CIRT – F&R, Thomson Reuters, Nottingham UK

  • Full Time
  • Nottingham
  • Location: Nottingham
  • Title: Lead Cyber Security analyst CIRT - F&R
  • Salary: Competitive

Website Thomson Reuters

Thomson Reuters provides professionals with the intelligence, technology and human expertise they need to find trusted answers. We enable professionals in the financial and risk, legal, tax and accounting, and media markets to make the decisions that matter most, all powered by the world's most trusted news organization

This role sits within our Financial & Risk (“F&R”) business.  On January 30, 2018, Thomson Reuters announced that it signed a definitive agreement to enter into a strategic partnership with private equity funds managed by Blackstone related to the company’s F&R business. As part of the transaction, Thomson Reuters has agreed to sell a 55% majority stake in Financial & Risk and will retain a 45% interest in the business.  Thomson Reuters will maintain full ownership of its Legal, Tax & Accounting and the Reuters News businesses. The transaction is expected to close in the second half of the year and is subject to specified regulatory approvals and customary closing conditions. When the transaction closes, this role will be included in the new F&R entity.  Further information on this can be found at https://www.thomsonreuters.com/en/press-releases/2018/january/thomson-reuters-and-blackstone-announce-strategic-partnership-for-thomson-reuters-financial-and-risk-business.html

F&R is looking for a few highly skilled cyber security specialists for Incindent response

The Information Security Risk Management (ISRM) group protects the information assets of Thomson Reuters through managing risk, deploying effective security risk framework and ensuring regulatory compliance.  This role will sit within the Security Operations group which provides protects and defends the F&R enterprise. The Lead Cyber Security Analyst – CIRT Tier 3 will work in both a team environment and independently to analyze Information Security systems and threat intelligence to identify incidents and recommend mitigation strategies. This position will analyze information systems in order to detect and respond to potential threats in the environment.  Additionally, they will act as the Lead Cyber Security Analyst in resolving security incidents.

Essential Responsibilities:

Serve as a focal technical lead on incident events and incidents
Provide technical, hands-on incident investigation and support and serve as a primary point of contact with management
Lead the investigative process for network intrusions and other cyber security incidents to determine the cause and extent of cyber attacks
Summarize events and incidents effectively to different constituencies such as legal counsel, executive management and technical staff, both in written and verbal forms
Manage the chain of custody for all evidence collected during incidents, security, and forensic investigations
Monitor for and investigate suspicious or malicious activity and alerts
Ongoing review of SIEM dashboards, system, application logs, and custom monitoring tools
Perform advanced malware and threat analysis
Monitor and analyze SIEM, UBA, network traffic, Intrusion Detection Systems (IDS), security events and logs
Prioritize and differentiate between potential incidents and false alarms.
Lead and train Tier 1 and Tier 2 incident responders in the steps to take to investigate and resolve computer security incidents.
Stay up to date with current vulnerabilities, attacks, and countermeasures.

Qualifications / Requirements:

Bachelor’s degree in Computer Science/Information Security/similar major or commensurate related field experience
Significant work experience in Information Technology
Extensive experience in security incident handling and forensics skills including knowledge of common probing and attack methods, network/service discovery, system assessment, viruses and other forms of malware.
Experience mitigating and addressing threat vectors including Advanced Persistent Threat (APT), Distributed Denial of Service (DDoS), Phishing, Malicious Payloads, Malware, etc.
Experience with Information Security technologies such as but not limited to SIEM, IPS/IDS, Vulnerability Management Software, User Behavior Monitoring, Unstructured Data Monitoring tools or Internet Content Filters.
Experience reading and understanding system data, including, but not limited to, security event logs, system logs, and firewall logs
Intermediate understanding of network technologies such as TCP/IP, IDS/IPS, firewalls, LAN/WAN, routing and switching.
Intermediate knowledge of the following platforms in an enterprise environment – Microsoft Windows, Solaris, Linux.
This position requires strong analytical skills and attention to detail, which will allow advising on how best to respond to abnormal network/system behavior.
Must possess excellent written and verbal communication skills
Travel (including international) may be required up to 15%.
Evening and weekend hours expected during incidents

Desired Characteristics:

Any of the following professional certifications are a plus: CISSP – Certified Information Systems Security Professional. CEH – Certified Ethical Hacker, CompTIA Security +, SANS GIAC
Microsoft, Linux, Networking or related certifications
Knowledge of offensive security techniques
Experience working in a global financial company
Knowledge of common security assessment frameworks such as MITRE ATT&CK Matrix, NIST, HITRUST, COBIT, etc.
Familiarity with scripting languages and data analysis tools
Experience leading small teams

At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one – collaborating to reach shared goals, and developing through challenging and meaningful experiences. With more than 45,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance – and their own.

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.

Intrigued by a challenge as large and fascinating as the world itself? Come join us.

To learn more about what we offer, please visit thomsonreuters.com/careers.

More information about Thomson Reuters can be found on thomsonreuters.com.

You must register to apply for this job.