Information Security Engineer- New York, NY
· Provides technical assistance with the operation and maintenance of information security controls including but not limited to firewalls, vulnerability scanning systems, software patching systems, access control management system, security awareness training.
· Assists with developing, measuring and reporting of firm-wide information security training and awareness program.
· Acts as the primary technical support for workstation security controls, including but not limited to anti-virus, patching and forensics, etc.
· Prepares timely initial response to firm client's security questionnaires and requests; track the deadlines and produce necessary reports.
· Performs regular security review activities, including but not limited to user account recertification, vendor security recertification, etc.
· Assists in the development, implementation, and day-to-day maintenance of IT security & control infrastructures.
· Provides technical assistance with the set-up, operation and maintenance of systems that support information security including virus detection systems, firewalls, content filtering systems, email security systems, intrusion detection systems, intrusion prevention systems, and software patch management systems.
· Evaluates information system bug reports, security exploit reports, and other information security notices issued by information system vendors, government agencies, universities, professional associations, and other organizations.
· Performs periodic vulnerability identification scans and runs related tools to highlight errors in systems configuration, the need for the update of software with fixes and patches, and other security related issues.
· Interprets information security policies, standards, and other requirements and assists with the implementation of these policies, standards and requirements.
· Serves as an active member of the IT Security Team and participates in security incident response efforts.
· Attends conferences, professional association meetings, and technical symposia to remain aware of the latest information security technological developments.
· Researches new tools and methods for delivering security awareness training to Firm personnel and makes suggestions for use of these new tools and methods as appropriate.
· Assists with firm's ISO 27001 certification preparation, certification audit and surveillance audit.
· Assists infrastructure Operations engineers in the performance of their responsibilities to the best of their ability.
· Performs other job related duties as assigned.
· Bachelor's degree in Information Technology or related field and/or training; or equivalent combination of education and experience.
· Obtain or work progressively to obtain one information security certification (GSEC, CISSP, Security +, etc.), at minimum.
Experience and Skills Required:
· Previous law firm or professional services experience desired.
· 5 years of experience in systems, network and/or systems security administration with track record of success.
· Familiarity with information security tools such as access control systems, patching systems, antivirus systems, firewalls and vulnerability management tools.
· Working knowledge of information security concepts.
· Excellent communications skills (written and verbal) and collaboration skills
· Familiarity with digital media manipulation tools.