Legal Staff Information Technology in Salt Lake City, UT

Law Firm

Salt Lake City, UT

Legal Staff Information Technology in Salt Lake City, UT

Legal Staff

Min 5 yrs required

No

Job Title: Senior Cybersecurity Analyst

Job Responsibilities:
The Senior Cybersecurity Analyst is tasked with maintaining the health, operational effectiveness, and efficiency of the security system's monitoring, detection, response, and incident response functions within the law firm's information security program. Key responsibilities include:

- Understanding the core business activities of the law firm and deploying information security solutions to protect these activities.
- Maintaining operational effectiveness of Information Security tools like Enterprise Syslog Servers, IDS/IPS, Microsoft Sentinel SIEM, CASB, and others, ensuring systems are updated and backed up.
- Implementing, maintaining, and monitoring the SIEM, IDS/IPS, CASB, XDR/EDR Agents, and Syslog Servers to ensure the completeness and effectiveness of security monitoring.
- Creating new SIEM detections aligned with the MITRE ATT&CK framework and recommending improvements to leadership.
- Leading the security team in maintaining and improving secure and resilient cloud and on-premises monitoring processes, including Incident Response Plan, playbooks, threat hunting, SOC metrics, KPIs, and service level objectives.
- Automating repetitive tasks within the SOAR environment using ML/AI to enhance efficiency.
- Refining and updating playbooks, policies, procedures, and Information Security Standards to align with industry best practices.
- Coordinating activities and escalations with managed security service providers (MSSP).
- Examining log source data across various platforms for expert analysis of logging, malware, or other malicious activity.
- Recommending adjustments to security tool configurations to minimize false positives and improving monitoring, logging, identity management, data protection, detection, and preventative controls.
- Collaborating with platform or business owners to identify security improvements and remediation efforts post-security assessments.
- Maintaining strong partnerships with security engineering, incident response, infrastructure, and IT teams to enhance monitoring and response capabilities.
- Serving as third-level triage support for cybersecurity, handling complex security alerts, events, and incidents, and mentoring junior Security Operations Center staff.
- Participating in a rotating on-call schedule for escalation of security issues.
- Assisting with security standards and configuration baseline updates for systems and business applications.
- Serving as a member of the information security change management team.
- Attending and participating in technical and non-technical project meetings, serving as a security consultant to guide secure application and infrastructure configurations.
- Assisting with compliance and risk assessments with internal and external auditors as needed.
- Reporting on the state of the SOC to the Information Security Director and stakeholders upon request.
- Performing other analyst duties as required.

Education and Experience Information:
- A High School diploma or . equivalent with some post-secondary coursework and/or equivalent experience is required.
- At least 5 years of information security/SOC experience, or a combination of 3 to 5 years of IT system administration with security experience in a security operations center or incident response role.
- Ability to create detections aligning with the MITRE ATT&CK framework.
- Expertise in incident response, system monitoring, and analysis, with knowledge of SIEM, IDS/IPS, web proxies, EDR, XDR, SIEM, CASB, DNS security, sandboxing, and firewalls.
- Proficiency in analyzing log files, network packets, and other security tool information outputs across multiple system types.
- Expertise in multiple computing platforms, including Windows, OSX, Linux, Unix, networks, and endpoints.
- Strong knowledge of Information Security, Incident Management, Security Monitoring, Threat Intelligence, Incident Response, and Risk Classification functions.
- Experience in analyzing email headers, links, and attachments for malicious content and executing appropriate remediation techniques.
- Strong interpersonal and collaborative communication skills, with the ability to articulate business needs versus security concerns to management.
- Demonstrated technical knowledge through experience or certifications.
- Ability to multi-task, prioritize, work under pressure and tight deadlines, maintain integrity, and adapt to changing environments.
- Excellent problem-solving abilities, analytical mindset, and attention to detail with a focus on staying current with the evolving threat landscape.
- Team-oriented and skilled in collaborative environments, with the ability to document and explain technical details clearly.

Required Technical Skills (minimum of six):
- Microsoft Azure Microsoft Sentinel SIEM experience of two years or similar SIEM experience.
- Microsoft Defender Endpoint Admin experience of two years or similar EDR.
- Microsoft Defender for Server Admin experience of two years or similar EDR.
- Microsoft CASB Admin experience of two years or similar CASB.
- Identity and Access Management Tool Admin Experience of two years, including Microsoft EntraID, Microsoft Active Directory, or similar.
- Advanced Windows and Linux operating system skills.
- Advanced HPE Intrusion Detection System Administration skills or similar SD WAN IDS skills.
- Proficient in scripting languages such as PowerShell and Python, and skilled in using KQL.

Preferred:
- Bachelor’s degree.
- Experience with ISO 27001:2022 compliance requirements.
- SANS GSEC GCIA, CISSP, CCSP certifications are a plus.

Salary Information:
The pay range for this position in Minnesota and Colorado is an annual salary of $96,000 to $118,000. This range is a good faith estimate of likely compensation at the time of posting. Actual pay will depend on factors including the candidate’s experience, qualifications, skills, and location and may fall outside of the indicated range.

About the Law Firm:
The law firm is an international legal entity with more than 575 lawyers in 21 offices across the United States, Canada, Europe, and Asia. It serves as a premier legal counselor to companies worldwide in various industries, including banking, financial institutions, development, infrastructure, energy, natural resources, food, beverage, agribusiness, healthcare, life sciences, and technology. The law firm offers opportunities for advancement in a collaborative and dynamic environment, with competitive pay and excellent benefits. Benefits include comprehensive medical insurance, dental and vision insurance, 401(k) retirement savings plan with firm contribution, life insurance, disability coverage, paid time off, parental leave, adoption assistance, and more. The law firm values diversity and encourages individuals with diverse backgrounds and experiences to apply. It has received external recognition for its welcoming workplace and offers reasonable accommodations for disability, religious, pregnancy, or lactation-related needs. The law firm is committed to equality and participates in E-Verify.

Application Process:
The law firm accepts online applications through its website. Candidates are directed to complete the online application form available in the "Careers" section. The law firm does not accept application materials by mail or email and is not currently accepting search firm submissions for this role.