Sr Director, Secure Development Lifecycle

Posted 16 days ago by Thomson Reuters
Location Nottingham Salary Excellent
Posted 16 days ago Apply by Friday, 5 October 2018
Job Type Permanent Job Functions Cyber Security, Head of Cyber Security, Director of IT Security,
Job Reference 191533 Sector Advertising, Creative & Media , Business & Management Consultancy , Technology, ICT & Telecoms

Financial & Risk is looking for a few highly skilled cyber security specialists to help staff a new location in the central business district of downtown Nottingham, UK. This new facility will be home to a number of critical cyber security disciplines, designed to improve the overall security posture of F&R– including its assets, data and operations. Be part of an exciting, fast-paced environment that will help F&R strengthen its position.

F&R’s Information Security & Risk Management (ISRM) team is looking for a strategic, innovative change agent to drive security design principles and requirements into secure development. In this role, you will collaborate with technology peers and dedicated business unit software & product developers to implement security into disparate solutions. This role will be responsible for baking security policy, best practices and guidance across our software development processes.

The ideal candidate will possess the right demeanor, skillset and experience to understand and explain strategic security issues to audiences of mixed technical abilities. A passion and solid understanding of software development, cloud technologies, open-source, and developing the latest technologies in a dynamic agile environment. Able to deal with innovative ideas and solutions, while remaining grounded in solid security practices.

Essential Responsibilities:

  • Significant hands on software engineering experience
  • Successful track record of delivering quality results in complex cross-functional projects
  • Experience with large-scale distributed systems and client-server architectures
  • Experience leading a complex distributed systems project
  • Experience with automation, monitoring
  • Experience with Cloud Computing platforms (e.g. Amazon AWS, Microsoft Azure, OpenStack, Google Compute or App Engine, Hadoop, etc.)
  • Solid understanding of the Software as a Service (SaaS) model
  • Java and object oriented development experience
  • Python, Ruby or other scripting language experience


  • Bachelor's degree in an IT discipline
  • Extensive hands-on experience in software engineering
    • Fully competent in most of the programming languages, software engineering methodologies, and software development tools our team uses:
      • Java, Groovy, jUnit, Spock, SQL, Elasticsearch
      • Angular2, ngrx, HTML5, JSON
      • AWS, UNIX/Shell, Jenkins, Gradle
      • IntelliJ, GIT, TFS
      • Aspose, JxBrowser
  • Proven experience within banking or a significantly financially-regulated organisation
  • Extensive experience of application/product security experience in a large enterprise.
    • Demonstrated and hands-on experience in the following areas:
      • Source code auditing, penetration testing, product assessments, vulnerability research, and reverse engineering
  • Strong understanding of the software development lifecycle (SDLC).
  • Willing to travel internationally up to 20%.
  • Familiarity with common software flaws that lead to exploits, and experience with techniques for securing embedded systems (e.g. ASLR).
  • Strong experience in conducting static analysis (SAST), dynamic analysis (DAST), security technical implementation guide (STIG), and fuzz testing (FUZZY) and vulnerability scans
  • Experience with various security tools and products (Fortify, Burp Suite, HP Webinspect, Checkmarx, Nessus, IBM AppScan, etc.)
  • Experience with common security scoring systems – CVSS v3 and CWSS, and secure coding standards/best practices
  • Experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
  • Excellent verbal and written communication skills.
  • Successful candidate should be passionate about open source software and sharing information.  For example, this may include presenting at conferences or working collaboratively within Thomson Reuters.  
  • Industry-related certifications such as CISSP or Amazon Certified Solutions Architect
  • Must have unrestricted authorization to work in U.K.
  • Must submit to a background investigation, including verification of past employment, criminal history and educational background


Desired Characteristics:

  • Familiarity with security automation tools for cloud resources such as AWS, Azure, and Office365
  • Good business acumen with a successful track record in aligning to business drivers
  • Strong Report writing and document creation skills, including Microsoft PowerPoint
  • Critical thinking and analysis skills
  • Team player with ability to execute in a matrix structure, across time zone and national boundaries
  • Proven track record of problem solving and creative thinking
  • Exceptional communication skills
  • Contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications.


At Thomson Reuters, we believe what we do matters. We are passionate about our work, inspired by the impact it has on our business and our customers. As a team, we believe in winning as one - collaborating to reach shared goals, and developing through challenging and meaningful experiences. With more than 45,000 employees in more than 100 countries, we work flexibly across boundaries and realize innovations that help shape industries around the world. Making this happen is a dynamic, evolving process, and we count on each employee to be a catalyst in driving our performance - and their own.

As a global business, we rely on diversity of culture and thought to deliver on our goals. To ensure we can do that, we seek talented, qualified employees in all our operations around the world regardless of race, color, sex/gender, including pregnancy, gender identity and expression, national origin, religion, sexual orientation, disability, age, marital status, citizen status, veteran status, or any other protected classification under country or local law. Thomson Reuters is proud to be an Equal Employment Opportunity/Affirmative Action Employer providing a drug-free workplace.

Share this Job


Thomson Reuters provides professionals with the intelligence, technology and human expertise they need to find trusted answers. We enable professionals in the financial and risk, legal, tax and acc...

Live Jobs: 16 - View all Jobs