Information Technology Security Engineer
ARCHIVED
We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.
Hands-on Security Expertise: Strong real-world security experience, including policy creation for end users, vulnerability management with Arctic Wolf, and endpoint security using CrowdStrike. Must be hands-on with applications, systems, and penetration testing.Technical Environment & Infrastructure: Experience with Azure, Active Directory, Windows Server (2016/2019), Linux, O365, and Veeam. Ability to configure, reconfigure, and manage servers and security tools like Proofpoint, Tenable, and Nessus Cloud.Network & Firewall Security: Backup support for networking tasks, including managing Fortigate firewalls and ensuring security across the network infrastructure.A boutique law firm is seeking a highly skilled IT Security Engineer to strengthen its cybersecurity posture and safeguard sensitive data, including client information, legal documents, and firm communications. This role is ideal for a proactive professional who thrives in a Mac OS environment and is eager to take ownership of security initiatives. The IT Security Engineer will play a critical role in implementing, maintaining, and enhancing security measures, ensuring compliance with industry standards, and mitigating potential risks.Key ResponsibilitiesConduct security assessments, vulnerability scans, and risk analyses to identify and address potential threats.Serve as the primary contact for external security audits and certification processes (e.g., ISO Certification).Develop and maintain incident response plans, corporate security policies, and procedures. Lead security investigations and conduct regular response plan testing.Ensure compliance with legal and regulatory security requirements (e.g., CCPA, GDPR, HIPAA) by maintaining and enforcing firm-wide security policies.Collaborate with external security teams (SOC, EDR vendors) to continuously monitor network traffic, security logs, and alerts for potential risks. Provide regular security reports to senior leadership.Design and deliver security awareness training programs to educate staff on best practices and reduce risks related to human error.Manage and maintain endpoint security measures, ensuring the effectiveness of security applications and software.Review and complete security questionnaires from clients and evaluate outside counsel guidelines for compliance.Work closely with legal, IT, and external vendors to integrate security best practices into firm operations, projects, and technology initiatives.Oversee system and software security updates, ensuring regular patching to protect against vulnerabilities.Assist in the implementation and management of security solutions, including firewalls, IDS/IPS, antivirus software, encryption protocols, and secure access controls.Evaluate new and existing systems and software to ensure alignment with security requirements and conduct risk assessments.Manage the vendor security program, assessing and auditing third-party security practices.Perform additional security-related tasks as required.QualificationsBachelor’s degree in Computer Science, Information Security, or a related field (or equivalent experience).At least three years of cybersecurity experience, with a focus on security engineering. Experience in legal or financial industries is a plus.Industry certifications such as CISSP, CISM, or equivalent are preferred.Technical SkillsHands-on experience with firewalls, VPNs, SIEMs, IDS/IPS, and endpoint protection technologies.Strong understanding of encryption, secure coding practices, and network security protocols.Familiarity with security compliance standards, including CCPA, GDPR, HIPAA.Knowledge of ISO and SOC security certifications.Strong analytical and problem-solving skills with the ability to identify and mitigate risks effectively.Excellent communication skills, with the ability to explain complex security concepts to non-technical audiences.High attention to detail and ability to prioritize tasks in a fast-paced environment.Experience with cloud platforms such as Microsoft Azure, multi-factor authentication (MFA), and Identity components within Entra (Enterprise Applications/App Registrations, etc.).