- Dechert LLP
- $60,980.00 -139,430.00/year*
1103 Market St
The Information Security Engineer is a member of the technology team that helps evaluate the Firm's technology and information systems and to develop security strategies and solutions to protect the Firm from internal and external threats.
This position supports the firm's overall information security program by evaluating, testing, documenting, and implementing products and solutions, continuous management and monitoring of software, analyzing and remediation of security incidents and alerts. The Information Security Engineer is accountable for assisting with the planning and execution of security projects to improve the Firm's overall security posture; for creating and maintaining of security-related documentation and for other various security-related tasks. Information Security Engineers are responsible for the protection of all Information Assets, including physical and digital data, technology infrastructure, cloud and on-premise applications, user endpoints, identities and other Technology Resources.
Information Security Engineers must continually adapt to understand and stay a step ahead of the latest cyber threats. The ideal candidate is passionate about security, is intellectually curious, and thrives on learning and teaching. The Dechert security team values and is committed to fostering a cooperative leadership and learning environment from every chair, regardless of title.
ESSENTIAL JOB FUNCTIONS:
* Support the planning and execution of Information Security projects. Represent the security team on projects owned by other IT teams.
* Perform security and privacy reviews of IT services and changes (e.g., new technologies being added to the environment or that are undergoing significant changes). Monitor change management database activity to stay abreast of developments in the IT environment.
* Based on the Firm's IT Risk Assessment, help plan for the lifecycle, implementation and integration of future security technologies with other security and non-security technologies. Recommend and drive technology and process improvements for Information Security Programs.
* Help define and document the Firm's Information Security Architecture and Roadmap
* Collaborate actively with other IT teams to design solutions that satisfy the priorities of each individual IT team involved, while also providing the best possible user experience and appropriate security assurance.
* Interface and cooperate with internal and external audit and exam teams as required.
* Establish architectures and baseline configurations for various security technologies, including: anti-malware, endpoint detection and response (EDR), security monitoring, systems security, network security, identity and access management, public-key infrastructure (PKI), deception technologies, DLP and web/e-mail content filtering.
* Design and maintain strategies for Information Security documentation, including runbooks, procedures, processes and hardware and software inventory detail
* Implement and operate technical security solutions across a wide range of technologies, and serve as a third-tier support resource and SME for these technologies as required.
* Participate in technical and non-technical projects requiring information security oversight to ensure policies, procedures and standards are met.
* Serve as a member of the Computer Security Incident Response Team (CSIRT), assisting with incident response (IR) with the IR and security operations center (SOC) efforts.
* Recommend new security solutions as well as effective improvements to existing security controls that do not negatively impact business innovation.
* Assist with threat and vulnerability management activities, including: triage of new vulnerabilities, root cause analysis, threat modeling and mitigation planning.
* Coordinate closely with Information Security Governance, Security Operations and various teams throughout the firm to align information protection strategies with technologies and functions throughout the firm.
* Publish, edit and maintain appropriate Information Security policies, documentation and standards to help guide selection and implementation of various technologies, throughout the IT organization.
* Assist with Information Security program management, including defining and documenting corporate security policies and procedures, security metrics, and coordinating the security awareness program.
* Help automate workflows for security processes and procedures. Identify and drive improvements to Information Security programs.
* Provide technical guidance, training and direction to less experienced staff. Take a proactive approach to mentoring other staff members.
* Participate in DR planning and testing activities.
* May require on-call as assigned.
* Other duties as assigned.
QUALIFICATIONS / KSAs:
* Bachelor's degree in Computer Science, Information Systems, Computer Engineering or related discipline, or equivalent experience.
* CISSP, GSEC, CISA, or similar certification desired.
* At least 4 years of relevant experience.
* Technical knowledge and understanding of security concepts, for example: network/perimeter security, security event monitoring, vulnerability assessment, intrusion detection and response, encryption technologies, enterprise authentication (e.g., SAML/SSO, Active Directory, etc.), EDR, PAM and content monitoring/filtering.
* Possess technical knowledge and understanding of key technology platforms including Microsoft Windows Server, Cisco IOS, UNIX, and Linux.
* Possess good working knowledge of network and security protocols including TCP/IP, SMTP, FTP, SSH, TLS, SSL, HTTP, IPSec and other VPN protocols.
* Strong written and verbal communications skills. Ability to speak and explain complex security issues to audiences without similar backgrounds.
* Ability to effectively communicate business risk as it relates to information security.
* Excellent time management and organizational skills to effectively meet multiple objectives.
* Results oriented, self-motivated and capable of performing several tasks simultaneously.
* Strong analytical, process and troubleshooting skills.
* The desire, commitment and ability to be a team player.
* Professional attitude and presentation.
Additional Job Description
PHYSICAL EFFORT / WORK CONDITIONS
* This position operates in a professional office environment which is generally free of hazards and exposure to adverse environmental conditions.
* This position requires regular attendance on-site at a Dechert location with some travel to different sites using various modes of private and commercial transportation. Incumbents may be required to work extended hours including evenings and weekends.
* This position routinely operates standard office equipment such as computers, phones, photocopy machines, fax machines and filing cabinets, and requires frequent communication with the firm's employees and partners as well as third parties.
* This position is mainly sedentary. Primary functions require sufficient physical ability and mobility to work in an office setting; to read, sit and type for sustained periods of time; to walk, stand, reach, and bend; to open and close filing cabinets and access and retrieve materials in file rooms; to lift, carry and move files or other items of light to moderate weight; to operate equipment requiring repetitive hand movement and fine coordination; and to verbally communicate to exchange information.
* This position requires a normal audio range, with or without correction. It also requires the normal visual range, with or without correction. Specific vision abilities required include close vision, distance vision, color vision, depth perception, and the ability to adjust focus.
Dechert LLP is committed to ensuring equal employment opportunity and non-discrimination. The Firm prohibits unlawful discrimination in any term or condition of employment against any employee or applicant for employment because of the individual's race, color, creed, religion, sex, age, marital status, national origin, ancestry, citizenship, sexual orientation, gender identity or expression, genetic information, disability, membership or service in the armed forces, or any other characteristic protected by law.
Associated topics: cybersecurity, identity, identity access management, information technology security, phish, protect, security, security analyst, security officer, vulnerability
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.
Loading some great jobs for you...