Senior Security Engineer - Excellent Salary Health benefits PTO

Our client, a leading law firm are currently looking to expand cyber security team by hiring a talented Security Engineer. This position will be will be focused on the operations, reporting and monitoring of security technologies in conjunction with the requirements of the Firm’s Information Security and Privacy Programs.

Duties And Responsibilities

• Provide subject matter expertise in information security applications and operations.
• Manage the Firm’s security solutions for vulnerability scanning, MFA, SSO/SAML, Risk based authentication and other security related technologies.
• Support IBM Qradar and CrowdStrike EDR as a backup to other security engineers.
• Develop end user awareness training and constantly reinforce those concepts through monthly phishing simulation.
• Review security events from all security monitoring environments on a rotational basis, follow defined incident response processes during analysis and reporting, and participate as needed in incident response.
• Exercises thought leadership in the creation and maintenance of vulnerability management capabilities, processes, procedures, technologies, metric reporting, and technical capability requirements.
• Creates and maintains a view of IT assets, related attack surfaces, and emerging vulnerabilities to illustrate the flow of data and associated security threats.
• Serves as a cybersecurity subject matter expert, assessing the business impact of cybersecurity risks to the enterprise and identifying options and recommendations for mitigating those risks. Applies root cause analysis to identify and assess issues and critical success drivers.
• Serves as a security subject matter expert in vulnerability management solutioning, including vulnerability identification, assessment, Azure cloud environments, and on-prem infrastructure.
• Coordinate with appropriate parties to prioritize the timely deployment of operating system and application security patches, deployment of security applications and currency of security application patch levels.
• Monitor threat vectors to the security of the Firm’s environment and assess evolving risk posture. Provide notification to all impacted parties related to the actions needed to mitigate threats and manage the threat lifecycle in totality.
• Develop and maintain Firm security policy and procedures and ensure compliance.
• Serves as a subject matter expert in multiple security best practice areas, such as platform, application, storage, network, virtualization, cloud, and mobile security.
• Design and build environments that scale to meet the needs of our security products and assure appropriate reliability.
• Create appropriate measures and metrics related to the security hygiene of the Firm’s environment.
• Support general troubleshooting related to information security technology and provide support to end users as needed.
• Provide other teams with security consulting services, including responding to requests for additional information and assisting with specific projects.

Required Education/Experience

• 3 years of combined hands-on cybersecurity and vulnerability management development and implementation work. Experience with broad exposure to cloud, infrastructure, network, and multi-platform environments.
• Must be able to communicate clearly and effectively with people from both technical and non-technical backgrounds.
• Knowledge and experience with varying information security processes and tools.
• Ability to understand and articulate the tie between vulnerability risk management and the strategy and goals of the greater organization.
• A strong, complete, and working understanding of Microsoft Azure cloud and foundational cloud concepts.
• Ability to visualize, plan and execute any areas of process improvement that increase the efficiency and delivery of our security capabilities.
• Proficient knowledge of IP networking and public cloud security principals.
• Expertise in malware detection technologies and remediation.
• Expertise in the following technologies providers (or comparable): CrowdStrike, Palo Alto, IBM QRadar, Tenable, Azure AD/MFA.
• Experience with wireless security, network monitoring, network design, windows desktop/server security, database security, routing protocols and incident management.
• Understanding of ISO27001/NIST ISMS principles.

Benefits

• Hybrid work schedules - Fully remote not available
• Generous Paid Time Off
• Paid Holidays, including a floating holiday
• WorkWell wellness program, including free use of the Calm App
• Gym Membership
• Caregiving assistance
• Insurance – Medical, Dental, Vision
• 401K Program
• Retirement Savings Program