IT Security Engineer

At Gunderson Dettmer, you’ll find people passionate about making an impact while working alongside pioneering founders and innovators.

In addition to offering competitive salaries, we also offer an excellent benefits package, which includes comprehensive medical, dental and vision coverage; 401(k) Profit Sharing Plan; Flexible Spending Account, Paid Time Off and fertility and family building support.

Gunderson Dettmer has an opening for a full-time IT Security Engineer. We leverage the latest security products and services and correlate multiple telemetry points to furnish a continuous picture of our security readiness. The person filling this role will understand and integrate layers of (sometimes overlapping) technology against the widest array of possible attack vectors while also supporting the Firm’s goals to achieve and maintain industry-recognized security certifications. We are looking for a person with utmost dedication to the discipline of information security and the ability to communicate thoughtfully and concisely across security compliance, risk management, and various technical security domains.

This position reports directly to the Director of Enterprise Infrastructure and will work in collaboration with the Office of General Counsel, and Information Governance team to identify the Firm’s ongoing security needs and drive necessary efforts for securing the Firm’s complex environment.

Job Responsibilities

• Plan, develop, implement and update the Firm’s information security strategy to include thorough documentation of the cybersecurity architecture.
• Design, develop, execute and track the performance of security measures (hardware, software, systems) to protect information and network infrastructure and computer systems.
• Identify, define and document system security weaknesses and threats and recommend solutions to management.
• Configure, troubleshoot and maintain security infrastructure software and hardware.
• Research, assess and recommend security products that monitor systems and networks for security breaches and intrusions.
• Monitor systems daily for security events and alerts through both organic and SIEM-generated log analysis and provide operational support to the greater information security team.
• Develop and implement alerting and detection strategies to identify unusual behaviors.
• Assist the Office of General Counsel in achieving compliance with and maintenance of industry standard security certifications, such as SOC 2 and ISO 27001.
• Lead efforts in preparation for third-party audits, including gathering evidence, maintaining compliance documentation, and working with auditors.
• Assist the Office of General Counsel to educate and train staff on information security best practices.
• Be responsible for evidence collection, documentation, communications, and reporting for all forensic activities including incident response and investigations.
• Stay updated on evolving security regulations, threats, and best practices to enhance security posture.
  
  

Required Knowledge, Experience, Skills, And Abilities

The candidate who will best fill this role will come to us having traversed any number of paths. We want the candidate to join us because they see an organization deeply committed to information security, both in terms of emphasis and resources. The successful candidate will impress us in many ways, including with:

• Proficiency in secure network architectures, encryption technologies and standards, web application security, cloud security, cybersecurity technologies and web-based protocols.
• Working knowledge in identity and access management principles, vulnerability management, social engineering, Advanced Persistent Threats (APTs) and cybersecurity countermeasures.
• Experience with conducting risk assessments and security audits and working with stakeholders to mitigate identified risks.
• Fundamental knowledge of all aspects of a professional service firm’s computing and communications systems with an eye for how they can be breached and ways we can protect them.
• Strong interpersonal skills that establish and sustain close working relationships with functional teams and subject matter experts as well as IT technical, development, and support personnel.
• Understanding and respect for confidentiality and privacy, with strong ethics and compliance aptitude.
• Exceptional oral and written communication skills and expertise with policy writing, crafting educational and impactful emails and other materials. Ability to translate complex technical jargon into understandable and actionable messages.
  
  

Minimum Qualifications

• Candidate must have a degree in Computer Science, Information Systems or related field or equivalent relevant experience.
• Familiarity with information security standards, including ISO 27001, 27002, CIS Benchmarks, NIST and others.
• Demonstrated ability to gain skills, knowledge and certifications as needed.
• Any of the following certifications are helpful in the role:
  
  

Certified Information Systems Security Professional (CISSP),

Certified Internal Systems Auditor (CISA), or

Certified Ethical Hacker (CEH).

Status

• Full Time, Exempt.
• Hybrid Schedule
  
  

The expected starting salary for this position is $140,000 - $175,000 annually, dependent upon qualifications, experience and location.

Gunderson Dettmer is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.