Job Title: Senior Security Engineer
Job Responsibilities:
The Senior Security Engineer at the law firm is tasked with managing the firm’s information security systems and processes. Under the guidance of the Director of Security Engineering and Operations, the responsibilities include ensuring the enforcement of security policies, managing the information security threat lifecycle, and analyzing and responding to security events escalated by the Security Operations Center (SOC). The role requires coordination to limit risks identified through automated systems and providing expertise in security engineering, incident response, and risk management. Specific duties include:
- Providing subject matter expertise in information security related to networks and systems.
- Managing the firm’s security technology, including anti-virus, vulnerability scanning, intrusion detection, content filtering, and insider threat systems.
- Reviewing security events from monitoring environments not integrated with the firm’s Security Information and Event Management (SIEM) system and those escalated by the SOC, following defined incident response processes.
- Coordinating with relevant parties to ensure timely deployment of security patches, applications, and maintaining current security application patch levels.
- Monitoring threats to the firm’s environment and notifying impacted parties about actions needed to mitigate threats, managing the threat lifecycle.
- Leading evaluations of the firm’s environment by external third parties and producing recommendations that align with the firm’s business needs.
- Maintaining knowledge of information security needs of firm clients and implementing measures to meet those requirements efficiently.
- Keeping abreast of emerging security technologies and developments, making recommendations that align with the firm’s needs.
- Designing and building operational environments that scale to meet security product needs and ensure reliability.
- Supporting general troubleshooting related to information security and providing support to end users as needed.
- Providing security consulting services to other teams, responding to requests for additional information, and assisting with specific projects.
- Performing related duties as assigned by the supervisor and maintaining compliance with all company policies and procedures.
Education and Experience Information:
- A Bachelor’s degree is required for this position.
- The candidate should have over 5 years of experience in Information Security.
- One or more of the following certifications are required: GIAC, CISSP, CISM, CEH, CIPP.
- Extensive knowledge of traditional security controls and technologies, including SIEM systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus, and firewalls. Familiarity with newer technologies such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies, and application controls is also required.
- Experience with wireless security, network monitoring, network design, Windows desktop/server security, database security, routing protocols, and incident management.
- Knowledge and experience with varying information security processes and tools.
- Ability to identify security technology risks.
- Extensive knowledge of TCP/IP networking and understanding of the cyber kill-chain.
- Experience in cloud computing technologies, including software-, infrastructure-, and platform-as-a-service, as well as public, private, and hybrid environments.
- Experience working in a law firm or professional services firm environment is desired.
- Excellent verbal and written communication skills, including the ability to communicate effectively with internal and external customers, and with people from both technical and non-technical backgrounds.
- Proficiency in MS Office (Word, Excel, and Outlook).
- Ability to work under pressure, meet deadlines, maintain a positive attitude, and provide exemplary customer service.
- Ability to work independently and carry out assignments to completion within prescribed routines and standard accepted practices.
Salary Information:
The primary location for this job posting is in Washington, ., but other locations are available. The actual base pay will depend on various factors, including the selected candidate’s qualifications, years of relevant experience, level of education, professional certifications and licenses, and work location. The anticipated pay range for this position is:
- San Francisco and Silicon Valley: $131,750 - $178,250 per year
- Austin, Boston, Boulder, District of Columbia, Los Angeles, New York, San Diego, Seattle, and Wilmington: $119,000 - $161,000 per year
- Salt Lake City and all other locations: $105,400 - $142,600 per year
The compensation for this position may include a discretionary year-end merit bonus based on performance. The law firm offers a highly competitive salary and benefits package, and they are an Equal Opportunity Employer (EOE).
