F&R is looking for a few highly skilled cyber security specialists for Incident response.
The Information Security Risk Management (ISRM) group protects the information assets of Thomson Reuters through managing risk, deploying effective security risk framework and ensuring regulatory compliance. This role will sit within the Security Operations group which provides protects and defends the F&R enterprise. The Lead Cyber Security Analyst – CIRT Tier 3 will work in both a team environment and independently to analyze Information Security systems and threat intelligence to identify incidents and recommend mitigation strategies. This position will analyze information systems in order to detect and respond to potential threats in the environment. Additionally, they will act as the Lead Cyber Security Analyst in resolving security incidents.
- Serve as a focal technical lead on incident events and incidents
- Provide technical, hands-on incident investigation and support and serve as a primary point of contact with management
- Lead the investigative process for network intrusions and other cyber security incidents to determine the cause and extent of cyber attacks
- Summarize events and incidents effectively to different constituencies such as legal counsel, executive management and technical staff, both in written and verbal forms
- Manage the chain of custody for all evidence collected during incidents, security, and forensic investigations
- Monitor for and investigate suspicious or malicious activity and alerts
- Ongoing review of SIEM dashboards, system, application logs, and custom monitoring tools
- Perform advanced malware and threat analysis
- Monitor and analyze SIEM, UBA, network traffic, Intrusion Detection Systems (IDS), security events and logs
- Prioritize and differentiate between potential incidents and false alarms.
- Lead and train Tier 1 and Tier 2 incident responders in the steps to take to investigate and resolve computer security incidents.
- Stay up to date with current vulnerabilities, attacks, and countermeasures.
Qualifications / Requirements:
- Bachelor’s degree in Computer Science/Information Security/similar major or commensurate related field experience
- Significant work experience in Information Technology
- Extensive experience in security incident handling and forensics skills including knowledge of common probing and attack methods, network/service discovery, system assessment, viruses and other forms of malware.
- Experience mitigating and addressing threat vectors including Advanced Persistent Threat (APT), Distributed Denial of Service (DDoS), Phishing, Malicious Payloads, Malware, etc.
- Experience with Information Security technologies such as but not limited to SIEM, IPS/IDS, Vulnerability Management Software, User Behavior Monitoring, Unstructured Data Monitoring tools or Internet Content Filters.
- Experience reading and understanding system data, including, but not limited to, security event logs, system logs, and firewall logs
- Intermediate understanding of network technologies such as TCP/IP, IDS/IPS, firewalls, LAN/WAN, routing and switching.
- Intermediate knowledge of the following platforms in an enterprise environment - Microsoft Windows, Solaris, Linux.
- This position requires strong analytical skills and attention to detail, which will allow advising on how best to respond to abnormal network/system behavior.
- Must possess excellent written and verbal communication skills
- Travel (including international) may be required up to 15%.
- Evening and weekend hours expected during incidents
- Any of the following professional certifications are a plus: CISSP – Certified Information Systems Security Professional. CEH – Certified Ethical Hacker, CompTIA Security +, SANS GIAC
- Microsoft, Linux, Networking or related certifications
- Knowledge of offensive security techniques
- Experience working in a global financial company
- Knowledge of common security assessment frameworks such as MITRE ATT&CK Matrix, NIST, HITRUST, COBIT, etc.
- Familiarity with scripting languages and data analysis tools
- Experience leading small teams
At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one - collaborating to reach shared goals, and developing through challenging and meaningful experiences. With more than 45,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance - and their own.
As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.