Security Engineer
Role details
Job location
Tech stack
Job description
-
Support CISO in response to security reviews and questionnaires from clients and third parties.
-
Responsible for providing tier II and III support on security requests (e.g. privi-leged access, website reviews & approvals, etc.) and products including NG-SEIM, firewalls, VPNs, IDS/IPS, encryption, malware detection, anti-spam and anti-spyware security products.
-
Perform analysis of events and drive problems to resolution with minimal su-pervision. Deploy host-based and network security equipment and software including, but not limited to, firewalls, intrusion detection systems, proxies, and MFA
-
Participate in incident response and work with IT stakeholders to build defini-tions in response to new threats
-
Act as a subject matter expert for projects by identifying risks and proposing secure solutions to ensure security & privacy by design are integrated.
-
Review support tickets for trends or repetitive incidents and repair the root cause of the problem.
-
Support investigation and resolution of security incidents.
-
Provides security input into engineering, architectural, IT infrastructure, and application design reviews.
-
Prepare and deliver reports, recommendations, and alternatives that address existing and potential trouble areas in the systems across the organization.
-
Understanding of current Data Privacy (e.g., GDPR, CCPA) and regulations (i.e. HIPAA) and implementing processes and/or technology to ensure compliance and data protection against industry standards such as ISO 27001, NIST, etc.
-
Support the firm's efforts in maintaining ISO 27001 and ISO 22301 certifica-tions by working with third party auditors, gathering and providing evidence, and working to address audit findings.
-
Perform network vulnerability scan for internal and external network to proac-tively identify, evaluate, and report security weaknesses.
-
Conduct and participate in annual Security Tabletop Exercise
-
Support the firm's Security Awareness program.
-
Participate and review bi-annual Penetration Testing. Non-Essential Functions
-
Additional duties as required., * Attention to Detail: Avoid common and frequent mistakes; complete complex projects and tasks with minimal to no error.
-
Innovative: Identify ways to create and design new solutions to help solve complex problems and drive innovation across the IT department on existing solutions.
-
Initiative & Creativity: Identify areas for improvement within personal areas of responsibility, group, department and firm; develop unique and new approaches to address existing challenges and/or positively affect lawyer productivity, client service, and overall fiscal health of the firm
-
Critical Thinking & Problem Solving: Recognize problems or situations that are new or without clear precedent; evaluate alternatives and find solutions using a systematic, multi-step approach; develop improvements and innovations to enhance performance.
-
Communication: Convey goals and objectives clearly and in a compelling manner; listen effectively and clarify information as needed; ensure that project status, issues and successes are communicated to project team, stakeholders, sponsors, steering committee and all levels of management and documented appropriately; ensure open communications within project team.
-
Responsibility & Accountability: Prioritize work; anticipate consequences of actions, potential problems, or opportunities for change; sets and meets realistic deadlines.
-
Exceptional Interpersonal Skills: Interact professionally with partners and staff at all levels of the organization, clients, and other third parties. Work Environment
-
Must be able to comply with all safety requirements in our workplace which may include provision of proof of full vaccination for COVID-19 and adherence to other safety.
-
Non-Smoking Environment.
-
Position may be hybrid or fully remote; required to be in primary office if/as needed.
-
Available to work from 9:00 - 5:30pm Monday through Friday.
-
Must be available to work extended hours and weekends as required.
-
Must be able to work under tight deadlines and stressful situations
-
Must be willing to travel as required.
Requirements
- Solid knowledge of Microsoft/Linux platforms.
- Bachelor's degree in computer science/MIS/IT or equivalent certification from an accredited technical training school or equivalent (4 years) experience in general MIS/computer support.
- CISSP preferred, other IT/security certifications (i.e. GSEC, CEH, CCNA) are a plus.
- 7+ years of experience with security systems and tools design and troubleshooting.
- 5-7 years of experience in security solutions using current monitoring technologies such as: CrowdStrike, Zscaler, Proofpoint, Aruba Central.
- Must be experienced with Microsoft Based Server and Desktop Networks, Office 365, Azure AD, Security, Firewalls, Network and host-based IDS/IPS, SSO, MFA (both RSA and Azure), Web Security, Network Traffic Analysis, BGP, DNS, 802.1x, DHCP, RADIUS, TACACS, VPNs.
- Strong documentation, analytical, and presentation skills required.
Benefits & conditions
The anticipated base salary range for this position is $120,000 - $130,000. The actual base salary offered will be dependent upon the applicant's experience and qualifications, as well as other job-related factors, including but not limited to, relevant skills, education, certifications or other professional licenses held, and if applicable, geographic location.
Steptoe offers a full range of benefits for you and your eligible dependents. Benefits currently include: medical, dental, vision, life, disability, dependent care, health care flexible spending accounts, 401K Plan, Profit-Sharing, Paid Time-Off and a robust Wellness Program.