Senior Information Security Engineer

Gibson Dunn is a leading global law firm, advising clients on significant transactions and disputes. Our exceptional teams craft and deploy creative legal strategies that are meticulously tailored to every matter, however complex or high-stakes.

The firm’s work is distinguished by a unique combination of precision and vision.

Based in New York, Washington D.C. or Los Angeles, the Senior Information Security Engineer will be responsible for implementing, managing and maintaining the firm’s information security infrastructure and responding to and investigating information security incidents to closure or escalation.

The Senior Information Security Engineer advises the Information Security Team on emerging vulnerabilities and newly introduced risks to firm systems and takes a proactive approach in continually assessing the security of firm systems throughout their lifecycle, providing recommendations for enhancing security and adapting to new threats and vulnerabilities.

This role reports to the Manager, Information Security Operations.

Responsibilities include :

• Providing technical leadership for all information security platforms.
• Performing on-going threat analysis and research.
• Serving as the subject matter expert (SME) for information security platforms where assigned as the primary engineer.
• Playing a significant role in responding to and containing information security related incidents.
• Participating in the vulnerability management program, including pre-deployment risk and compliance assessments.
• Conducting regular technical risk assessments of systems and infrastructure.
• Overseeing and directly participating in the installation, configuration, and management of information security technologies.
• Managing information security projects as assigned.
• Playing a role in the selection and architecture of new information security technologies.
• Analyzing and interpreting network packet captures.
• Participating in the maintenance and development of the Information Security Management System
• Assisting in the development and knowledge transfer to all team members, as well as other IS or firm groups.

Qualifications

• Strong written and oral communication skills.
• Excellent customer service skills and sense of urgency when resolving issues.
• Strong knowledge of information security principles and practices.
• Understanding of advanced security concepts and their application.
• Experience with software and security architectures.
• Ability to relate to non-technical users in user-friendly language.
• Ability to understand the technical implications of security threats.
• Ability to effectively prioritize and action threat intelligence.
• Ability to work collaboratively across departments.
• Ability to motivate and lead a team of diverse technical professionals.
• Ability to manage multiple concurrent objectives or activities, and effectively make judgments in prioritizing and time allocation in a high-pressure environment.
• Ability to write clear and concise reports, including executive summaries.
• Must demonstrate the ability to maintain strict confidentiality of the firm’s internal and personnel affairs.

Experience

• University Degree in a technology related discipline or 3 years of relevant experience.
• 5 years of experience in dedicated information security roles.
• 3-5 years of experience in information technology in an area such as networking, desktop engineering, programming or systems administration.
• One or more of the following certifications : CISSP, SSCP, CISSP, CSXP, GSEC
• Strong working knowledge of IDS / IPS, firewalls, web application firewalls and other network security technologies.
• Strong working knowledge of host-based information security technologies
• Strong working knowledge of SIEM concepts is desired.
• Strong knowledge of Incident Analysis and Response.
• Strong knowledge of security implications involving a variety of technologies including but not limited to; Microsoft, Cisco, Unix / Linux and other market leaders in technology solutions, including mobile devices.
• Strong working knowledge of TCP / IP protocols.
• Ability to interpret network packet captures (PCAP).
14 days ago