Security Engineer

• Location: New york, New York
• Remote: Remote
• Type: Direct Placement
• Job #78297
• Salary: $165,000 Annually

Our client, a leading law firm is hiring a Security Engineer.

Work Location:

New York, NY (Remote Working Option Possible)

Summary:

The client seeks a Security Engineer. As a Security Engineer, you will play a crucial role in developing and maintaining the firm’s cybersecurity infrastructure. This role includes hands on design and administration of the Microsoft 365 Security stack (Defender for Endpoint, Identity, Cloud Apps, and O365) as well as Azure, Entra ID, Purview and much more. The security engineer will be essential to our team’s success as they contribute across our hybrid environment and lead assigned technical projects. This individual will analyze, research, and make recommendations on the client’s existing designs and strategies, as well as the business practices that may bear security risk.

The client is a preeminent law firm that prides itself on providing an extremely collaborative and collegial environment that is perfect for your career growth. We are leading the legal industry in the use of cloud and AI technologies and would love for you to join our team. We offer unmatched flexibility for hybrid work as well as providing a lovely office downtown to meet and work alongside your peers in Information Technology.

Responsibilities

Cloud Security:

• Design, implement, and maintain a secure and resilient cloud architecture, encompassing Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) solutions. This includes Azure, AWS, Office365, and all manner of SaaS applications.

• Design and build continuous audit and alerting capabilities in our cloud environments using native toolsets. 

Identity and Access Management:

• Develop and implement robust identity and access management strategies for cloud environments, ensuring proper authentication and authorization controls.

• Monitor and manage user access permissions, following the principle of least privilege. 

Data Protection:

• Use leading edge Microsoft 365 Security and Purview technologies to establish and enforce data protection policies to safeguard sensitive information.

• Monitor for data leakage to and from the cloud and on prem. 

Incident Response:

• Lead incident response efforts for security incidents, coordinating with internal and external stakeholders.

• Implement logging and monitoring solutions to detect and respond to security events in real-time. 

Security Infrastructure Management:

• Design, implement, and manage security infrastructure to safeguard the firm’s networks, systems, and applications.

• Conduct regular security assessments and vulnerability scans to identify and address potential risks.

• Incident Response and Investigation.

• Lead incident response efforts and conduct thorough investigations in the event of security incidents or breaches.

• Collaborate with legal and IT teams to ensure proper documentation and reporting of security incidents. 

Collaboration and Communication

• Work with key stakeholders and internal IT contacts to conduct risk assessments against new technologies being considered for use. Formally document these risk assessments such that they can be easily understood by stakeholders.

• Collaborate with IT, legal, and compliance teams to align security initiatives with overall business objectives.

• Communicate security risks and recommendations to both technical and non-technical stakeholders.

Required Qualifications:

• Bachelor’s degree in Information Systems, Information Security, Risk Management, or a related field

• At least three years experience in Information Security or similar type role

• Awareness of basic tenets of secure software development

• Solid understanding of networking concepts, such as routing, firewalls, NAT translation, proxies, and other next gen SASE solutions.

• Familiarity with Data Loss concepts and strategies

• Deep level security information and event management (SIEM) log analysis

• Ability to fulfill responsibilities in a timely manner and with exactitude

• Extreme thoroughness and the ability to be directed on important initiatives, but to work independently to ensure the optimal outcome, reporting back to senior management on important milestones or issues that arise.

• Several Information Security certifications are considered a significant plus (Microsoft, CISSP, CISM, Palo Alto, Splunk, Cisco are a few that would be considered standout achievements).

Pay Range:  $135,000 to $165,000