Cyber Security Engineer

Job Description
WilmerHale is a leading, full-service international law firm with 1,000 lawyers located throughout 12 offices in the United States, Europe and Asia. Our lawyers work at the intersection of government, technology and business, and we remain committed to our guiding principles of providing quality, excellent legal and client services; developing diversity among our lawyers and staff and cultivating an environment that promotes an ambitious spirit, collaboration and collegiality by drawing on the extraordinary talents and dynamic experience of our lawyers. Our goal is to reflect the diversity of our clients and the communities in which we practice.

Serves as the expert providing solutions and services to defense against malicious threats by delivering foundational security solutions and services. The role must identify evolving trends, weakness, and vulnerabilities and craft robust countermeasures to prevent malicious attacks. The role develops, implements, and supervises cybersecurity technology solutions and Tier I, II and III security operation center (SOC) contracted services to protect information resources, services, infrastructure, and endpoint solutions. The role must design and implement cybersecurity strategies and contribute to comprehensive cybersecurity architecture. The expert identifies, defines, and documents system security requirements and recommends solutions to senior management. Additionally, the role configures, troubleshoots, and maintains security infrastructure software and hardware in coordination with IT infrastructure, application, help desk and endpoint management functional groups.

The person leads in monitoring systems for irregular behavior and sets up preventive measures. In partnership with the Director of Information Security, the person plans, develops, implements, and updates the firm's information security strategy. The expert investigates and analyzes all response activities related to cybersecurity incidents within the IT enterprise and external party systems and services. The expert collects data/logs/events/alerts from a variety of IT systems and tools including intrusion detection/prevention, insider threat, data loss prevention, endpoint detection response, firewall, antivirus, email security gateway, infrastructure, and host systems to analyze events that occur across the information technology enterprise and Internet interface.

About This Role

• Detect, identify, report, respond, and recover from possible malicious attacks/intrusions, anomalous and misuse activities.
• Administer technologies that directly support cybersecurity and the protection of firm information technology systems, services, data resources, and firm/client data.
• Provides cybersecurity operational support for identity and access, access control, endpoint protection, firewalls, intrusion detection, network controls, software patch, endpoint, and vulnerability management
• Provides cybersecurity operational support to service tickets, reporting and dashboard reporting
• Regularly audits and reviews the technical configuration and operational policies of information security tools and work with governance, risk and compliance (GRC) personnel and auditors to ensure compliance across firm systems.
• Recommends and implements mitigation actions in response to sophisticated information security vulnerabilities and risk mitigation concepts based on the analysis and ISO 27001 and NIST guidance
• Performs scripting and information analysis in general support of firm technology infrastructure. Perform initial, forensically sound collection of log data and security events to support security event investigation and analysis.
• Provides options for persistent monitoring of all designated networks, enclaves, and systems.
• Coordinate and support information security remediation projects and plan-of-action activities to ensure they are efficiently implemented across Information Services departments and report on progress to management.
• Lead the analysis of alerts, notifications, events, and log entries from several sources including Security information and event management (SIEM), endpoint Detection and Response (EDR) tools and Manages Security Service providers (MSSP) and correlates incident data to identify specific vulnerabilities and appropriate remediations.
• Leads contractors to complete network, system, or application vulnerability assessments and penetration testing using reverse engineering techniques to analyze impacts to firm systems.
• Evaluate system security configurations and provide recommendations for the remediation of weaknesses though technical or non-technical changes that improve the security posture of the firm.
• Coordinate cyber defense and incident triage, to include ascertaining scope, vitality, and potential impact, identifying the specific vulnerability, and making recommendations that enable immediate and complete remediations and threat mitigation.

Required Skills
Your Qualifications/What You Will Bring

• Demonstrated problem solving abilities, analytical skills, and demonstrable ability to meet ambitious deadlines required.
• Makes logical conclusions, anticipates obstacles, and considers different approaches that are relevant to the decision-making process.
• Ability to lead as part of a cybersecurity threat response team, with coordination of efforts between internal IT groups and contractors.
• Experience with the use and development of a Splunk security incident and event management system (SIEM), DLP solutions, UEBA tools, and host/network forensic solutions.
• Authority in the fundamentals of quantitative and qualitative risk scoring, threat analysis, and threat modeling.
• Experience and work knowledge of MITRE ATT&CK/D3FEND, NIST and Center for Internet Security (CIS) standards and frameworks.
• Experience with MS Windows Active Directory (AD) and Azure AD security monitoring.
• Proven experience with custom scripting and Python for log analysis, data collection, and the production of security reports and dashboards.
• Effectively meets challenges, influences, and drives consensus within the team.
• Proven interpersonal and written communication skills.

Required Experience

Experience

• 6+ years or more work experience required supporting information security in a large and sophisticated environment or other equivalent combination of education and experience that provides the required knowledge and skills. Extensive experience in crafting cyber security solutions including cloud security configuration, computer network defense tools, incident response, threat assessment, and use of security event and information management technologies.
• 1+ years of AI experience in large, complex environments, including experience completing an AI implementation.

Education

• Bachelor's degree in computer science, information security, or related field; or equitable work experience.
• Security certification (e.g., CISSP, CEH, CompTIA Security+) preferred.

This job description is intended to describe the general nature and level of the work being performed by employees in the position. It is not intended to be a complete list of all responsibilities, duties, and skills for positions. The firm reserves the right at all times, in its sole discretion, to add or subtract duties and responsibilities, as it deems necessary.

Wilmer Cutler Pickering Hale and Dorr LLP (WilmerHale) is an equal opportunity employer and is committed to compliance with all applicable laws prohibiting employment discrimination. It is our policy to take all employment actions and make all employment decisions without regard to race, color, religion, creed, gender, sex (including pregnancy), sexual orientation, gender identity or expression, national origin, ancestry, age, marital status, citizenship status, genetic predisposition or carrier status, disability, military status, status as a disabled or other protected veteran, or any other protected status under applicable law. WilmerHale will make reasonable accommodations for qualified individuals with disabilities and otherwise as required by applicable law.

For more information about Equal Employment Opportunity, please click here.