Security Engineer

Steptoe LLP, a Washington, DC-based Am Law 100 law firm, is seeking a Security Engineer to manage the firm's security systems as well as collaborating in the design, implementation, and support of secure system architectures in a large ever-changing environment. Monitor, analyze, and optimize security alerts and events for all enterprise security infrastructure technologies. Act as a focal point of the firm's Computer Security Incident Response Team (CSIRT) process. Position is both technical and non-technical and requires working across multiple information security domains.

The position is both technical and non-technical and requires working across multiple information security domains.

Essential Functions

• Support CISO in response to security reviews and questionnaires from clients and third parties.
• Responsible for providing tier II and III support on security requests (e.g. privi-leged access, website reviews & approvals, etc.) and products including NG-SEIM, firewalls, VPNs, IDS/IPS, encryption, malware detection, anti-spam and anti-spyware security products.
• Perform analysis of events and drive problems to resolution with minimal su-pervision. Deploy host-based and network security equipment and software including, but not limited to, firewalls, intrusion detection systems, proxies, and MFA
• Participate in incident response and work with IT stakeholders to build defini-tions in response to new threats
• Act as a subject matter expert for projects by identifying risks and proposing secure solutions to ensure security & privacy by design are integrated.
• Review support tickets for trends or repetitive incidents and repair the root cause of the problem.
• Support investigation and resolution of security incidents.
• Provides security input into engineering, architectural, IT infrastructure, and application design reviews.
• Prepare and deliver reports, recommendations, and alternatives that address existing and potential trouble areas in the systems across the organization.
• Understanding of current Data Privacy (e.g., GDPR, CCPA) and regulations (i.e. HIPAA) and implementing processes and/or technology to ensure compliance and data protection against industry standards such as ISO 27001, NIST, etc.
• Support the firm's efforts in maintaining ISO 27001 and ISO 22301 certifica-tions by working with third party auditors, gathering and providing evidence, and working to address audit findings.
• Perform network vulnerability scan for internal and external network to proac-tively identify, evaluate, and report security weaknesses.
• Conduct and participate in annual Security Tabletop Exercise
• Support the firm's Security Awareness program.
• Participate and review bi-annual Penetration Testing.

  Non-Essential Functions

• Additional duties as required.

  Minimum Qualification

• Solid knowledge of Microsoft/Linux platforms.
• Bachelor's degree in computer science/MIS/IT or equivalent certification from an accredited technical training school or equivalent (4 years) experience in general MIS/computer support.
• CISSP preferred, other IT/security certifications (i.e. GSEC, CEH, CCNA) are a plus.
• 7+ years of experience with security systems and tools design and troubleshooting.
• 5-7 years of experience in security solutions using current monitoring technologies such as: CrowdStrike, Zscaler, Proofpoint, Aruba Central.
• Must be experienced with Microsoft Based Server and Desktop Networks, Office 365, Azure AD, Security, Firewalls, Network and host-based IDS/IPS, SSO, MFA (both RSA and Azure), Web Security, Network Traffic Analysis, BGP, DNS, 802.1x, DHCP, RADIUS, TACACS, VPNs.
• Strong documentation, analytical, and presentation skills required.

  Success Factors

• Attention to Detail: Avoid common and frequent mistakes; complete complex projects and tasks with minimal to no error.
• Innovative: Identify ways to create and design new solutions to help solve complex problems and drive innovation across the IT department on existing solutions.
• Initiative & Creativity: Identify areas for improvement within personal areas of responsibility, group, department and firm; develop unique and new approaches to address existing challenges and/or positively affect lawyer productivity, client service, and overall fiscal health of the firm
• Critical Thinking & Problem Solving: Recognize problems or situations that are new or without clear precedent; evaluate alternatives and find solutions using a systematic, multi-step approach; develop improvements and innovations to enhance performance.
• Communication: Convey goals and objectives clearly and in a compelling manner; listen effectively and clarify information as needed; ensure that project status, issues and successes are communicated to project team, stakeholders, sponsors, steering committee and all levels of management and documented appropriately; ensure open communications within project team.
• Responsibility & Accountability: Prioritize work; anticipate consequences of actions, potential problems, or opportunities for change; sets and meets realistic deadlines.
• Exceptional Interpersonal Skills: Interact professionally with partners and staff at all levels of the organization, clients, and other third parties.

  Work Environment

• Must be able to comply with all safety requirements in our workplace which may include provision of proof of full vaccination for COVID-19 and adherence to other safety.
• Non-Smoking Environment.
• Position may be hybrid or fully remote; required to be in primary office if/as needed.
• Available to work from 9:00 - 5:30pm Monday through Friday.
• Must be available to work extended hours and weekends as required.
• Must be able to work under tight deadlines and stressful situations
• Must be willing to travel as required.

The anticipated base salary range for this position is $120,000 - $130,000. The actual base salary offered will be dependent upon the applicant's experience and qualifications, as well as other job-related factors, including but not limited to, relevant skills, education, certifications or other professional licenses held, and if applicable, geographic location.

Steptoe offers a full range of benefits for you and your eligible dependents. Benefits currently include: medical, dental, vision, life, disability, dependent care, health care flexible spending accounts, 401K Plan, Profit-Sharing, Paid Time-Off and a robust Wellness Program.

Steptoe LLP is an equal opportunity employer EOE/Disability/Veteran. All qualified applicants will receive consideration without regard to race, color, religion, gender, national origin, sexual orientation, gender identity and expression, marital status, mental or physical disability, genetic information, or any basis proscribed by applicable statutes.