Silver Search Inc
Lead Information Security Engineer New York, NY
Premier NYC legal organization has an immediate need for a Lead Information Security Engineer that will design, integrate, implement and monitor the firm’s information systems and security infrastructure. This role is remote for now, and then onsite 2-3 days/week in the future.
- In conjunction with Information Technology Operations personnel, leads the design, implementation and support of security measures including but not limited to: Cloud Security, Vulnerability Management, Email Security, Endpoint Security, Document Management Systems, Privileged Account Management, Advanced Threat Defense, Data Loss Prevention, Incident Response.
- Leads the monitoring and investigation of security related activity identified in logs and alerts from those systems.
- Evaluates proposed IT projects and emerging technology while making security recommendations to ensure the risk is controlled at an acceptable level.
- Leads the analysis, resolution, and communication of cyber security problems and issues.
- Performs various assurance and auditing activities to ensure that the security controls are designed and implemented appropriately.
- Develops and maintains appropriate escalation procedures for the different types of alerts that the various monitored systems generate.
- Evaluates threat intelligence feeds, vulnerability reports, security exploit reports, and other information security notices as needed and makes recommendations to internal management and technical staff to take precautionary steps.
- Administers the reporting functions of security monitoring systems, assisting in the identification and creation of appropriate reports for delivery to management.
- Interprets information security policies, standards, and other requirements and assists with their implementation.
- Previous financial services, professional services or law firm experience desired.
- Must have at least one security certification (CISSP, CISM, SANS, etc.).
- Minimum 7 years of progressively advancing hands-on experience in Information Security field with track record of success.
- Knowledge of or experience with ISO 27001 framework is desired.
- Expert knowledge of information security methodology and tools such as access control, threat intelligence, zero-day threats, incident response and vulnerability management tools.
- Strong hands-on experience in Azure cloud security, network architecture and security assessment.
- Ability to work in a team environment, as well as independently.
- Strong analytical skills.
- Data privacy and other compliance experience are a big plus.