Senior AI Red Team Analyst

Thomson Reuters is seeking a Senior AI Red Team Analyst who supports offensive security operations by simulating realistic adversary behavior in enterprise environments. The role focuses on hands‑on execution of red team activities and close collaboration with detection, response, and threat engineering teams to improve security visibility, detection coverage, and defensive outcomes.

• Execute scoped red team and adversary simulation activities.
• Perform offensive testing across endpoint and identity environments, Active Directory and authentication flows, and Cloud and SaaS platforms (AWS, Azure, GCP, etc.).
• Use real‑world attacker techniques to validate preventive and detective controls.
• Participate in purple team exercises with Detection Engineering and Blue Team partners.
• Document findings and support post‑engagement reporting.
• Contribute to attack playbooks and scenario development, tooling reuse, refinement, and documentation, and repeatable adversary behaviors aligned to MITRE ATT&CK.
• Stay current on emerging attacker techniques, tools, and tradecraft.

• 2+ years of experience in Red team/offensive security or penetration testing.
• Working knowledge of Windows systems, basic Active Directory concepts, and common attacker behaviors (credential access, lateral movement, persistence).
• Familiarity with MITRE ATT&CK and common red team or offensive security tooling.
• Basic scripting or automation skills (Python, Power Shell, or similar).
• Ability to collaborate with teammates and clearly communicate technical findings.
• Practical experience using AI tools (e.g., ChatGPT, Claude) for security‑related tasks, such as researching attacker techniques, assisting with payload generation, scripting, automation, or drafting or refining detection ideas, attack scenarios, or documentation.

• Public write‑ups, blog posts, conference talks, or other authored security content (research, walkthroughs, lessons learned, tooling notes, etc.).
• Experience with purple team exercises or detection validation.
• Exposure to cloud security or identity‑focused attacks or endpoint Detection & Response (EDR) platforms.
• Deeper experimentation with AI‑assisted workflows.

• Hybrid Work Model:
  Flexible hybrid working environment (2-3 days a week in the office depending on the role).
• Flexibility & Work‑Life Balance:
  Supportive workplace policies, including work from anywhere for up to 8 weeks per year.
• Career Development and Growth:
  Continuous learning and skill development programs.
• Industry Competitive Benefits:
  Flexible vacation, two company‑wide Mental Health Days off, Headspace app access, retirement savings, tuition reimbursement, and wellness resources.
• Culture:
  Inclusive, flexible, and balanced work environment.
• Social Impact:
  Two paid volunteer days off annually and opportunities to contribute to pro‑bono projects and ESG initiatives.
• Real‑World Impact:
  Contribute to justice, truth, and transparency through trusted information services.

Pay Range – United States: $94,900‑$176,300 USD. Ontario, Canada: $100,000‑$145,000 CAD. Base compensation is aligned with experience and internal equity considerations. The role may also be eligible for an annual bonus.

Thomson Reuters is an Equal Employment Opportunity Employer and provides a drug‑free workplace. We welcome applicants of all protected classifications. We make reasonable accommodations for applicants with disabilities and for sincerely held religious beliefs in accordance with applicable law. For more information about accommodations, please contact our Human Resources Department