F&R is looking for a few highly skilled cyber security specialists to join the a rapidly growing cyber security team in central Nottingham. The Cyber Security team will consist of a number of critical cyber security disciplines, designed to improve the overall security posture of F&R– including its assets, data and operations. Be part of an exciting, fast-paced environment that will help F&R strengthen its position.
Our Information Security & Risk Management (ISRM) team is looking for a Senior Cyber Security Analyst – Penetration Testing with a proven track record in conducting automated and manual infrastructure penetration tests against large enterprise systems.
- Define testing scope by collaborating with project stakeholders.
- Conduct automated and manual infrastructure penetration tests against servers, network devices, and databases.
- Document security findings identified during the assessments and report them in a timely manner.
- Present security findings to senior management and project stakeholders to provide guidance with remediation steps, standards, and best practices.
- Stay current with security trends, testing tools, exploit techniques, and relevant industry news.
- Collaborate globally and share knowledge with team members via formal and informal methods.
- Provide support and timely feedback to junior staff through mentoring.
- Lead initiatives to improve internal penetration testing practice with new ideas or processes.
- Follow company’s policies, goals, standards, and processes relating to security penetration testing.
- A Bachelor’s degree in Cybersecurity, Computer Science, Computer Engineering, Information Technology, or related field.
- Proven experience in the information security industry, particularly with vulnerability assessments and penetration testing using industry standards (e.g. OWASP, PTES, and others).
- Working experience with Windows and Linux operating systems.
- Familiar with various vulnerability scanning and exploitation tools (e.g. Kali, Nessus, nmap, Metasploit, Burp etc).
- Working knowledge of security principles, techniques and technologies.
- Excellent diagnostic and analytical skills.
- Excellent collaboration and communication skills (both written and verbal).
- Ability to work in a team environment with aggressive deadlines and multiple priorities.
- Professional Security Certification(s), such as Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), Penetration Tester (GPEN), or CompTIA Security+.
- Red Team experience is a plus.
- Familiar with key concepts of database management systems.
- Working experience with scripting languages, such as Python or PERL.
At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one - collaborating to reach shared goals, and developing through challenging and meaningful experiences. With more than 45,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance - and their own.
As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.