*** LARGEST LAW FIRM GLOBALLY BY HEADCOUNT + REVENUE ***
REMOTE ROLE but has to live in one of these states:
- New York
KEY JOB FUNCTIONS:
The Security Architect, Orchestration & Automation is responsible for integrating and connecting disparate security toolsets in an effort to achieve synergies that improve the overall effectiveness and efficiency of the Firm’s security operations.
The architect will apply SOAR principles to existing Firm systems and actively seek new opportunities for the implementation of these principles across technical teams and platforms. Direct technical support of key SOAR infrastructure, including development and maintenance of supporting tools, scripts, dashboards, and metrics is required.
The role exists to protect the confidentiality, integrity, availability, and recoverability of information, systems and facilities in compliance with organizational policies and standards.
Key responsibilities of this position include:
The individual will critically analyze proposed and existing solutions for adherence to the Firm’s design requirements, including requirements resulting from the ISMS Policy, client contracts, the regulatory environment, and professional obligations.
The individual will provide expert counsel to constituents regarding their information security obligations and facilitate an acceptable outcome based upon the tenets of the Firm’s Risk Management Framework. Frequent interfacing with technical, legal, and business operations personnel is expected.
Travels occasionally to provide information security services.
Additional responsibilities include:
- Architect, implement, and support event management and logging solutions identified as necessary for the protection of Firm assets.
- Integrate and connect disparate systems to achieve synergistic incident detection, reporting, and response outcomes.
- Seek new opportunities for the application of SOAR technologies, principles, and concepts across technical teams, processes, and systems.
- Develop, maintain, and support key SOAR infrastructure, including toolsets, scripts, dashboards, and metrics.
- Work closely with key constituents, such as SOC/IR, to deliver SOAR capabilities consistent with design requirements.
- Provide input, create documentation, and review information security policies and procedures.
- Utilize common security toolsets (SIEM, sniffer, IDS, etc) to identify issues and analyze compliance with existing policies and procedures.
- Provide high quality, business-level reports to management.
- Contribute to the Firm’s security-related information repositories (web, database, SharePoint)
- Monitor and report on compliance with the Firm’s information security policies and procedures.
- Monitor internal control systems to ensure that appropriate information access levels and security clearances are maintained.
- Stay abreast of the threat, capability, and technology landscape.
- Report compliance failures to appropriate management for immediate remediation.
- Participate in the definition of the organization’s IT disaster recovery and continuity plans for security event management systems.
- Serve as an internal information security consultant and mentor regarding security event logging to the Security Team and other constituents by monitoring information security technologies and trends, providing expert guidance, and assisting with knowledge development/mentoring activities.
- Serve as a 3rd-level support resource for the purposes of ticket resolution and change management activities.
- Analyze, recommend, and implement controls as determined necessary by management.
- Support Firm standard security applications, utilities, and processes. Utilize remote control and remote access software in the performance of duties.
- Utilize standard security tools such as a SIEM, IDS and other event logging systems.
- Expert understanding of security concepts, technologies, controls, and best practices.
- Working knowledge of information security frameworks such as ISO27001, NIST, and CIS.
- Ability to synthesize contract language and convert such language to controls.
- Authoritative understanding of security threats, qualitative and quantitative risk valuation models, and effective tools, tactics, and techniques for risk reduction.
- Expert understanding of SIEM/SOAR concepts and toolsets, including how to architect, automate, and integrate effectively with Incident Response.
- Masterful understanding of collecting and utilizing security event telemetry and threat intelligence sources to protect critical assets.
- Authoritative understanding of data communications and information systems hardware and software.
- Authoritative understanding of principles, theories, techniques, and methods of information system analysis and programming, particularly secure coding practices.
- Thorough knowledge of data processing and data communications concepts and services.
- Working knowledge of encryption technologies and standards, both at-rest and in-flight.
- Familiar with BCP/DR concepts and practices.
- Thorough knowledge of computer monitoring systems, endpoint security controls, vendor-supplied packaged programs, macros, utilities, and other highly technical programs.
- Expert analysis skills, including the gathering and analyzing of facts, formulating objective conclusions modified by subjective and experience-based qualifiers when appropriate, defining problems, and promoting solutions.
- Ability to adapt, integrate, and modify existing programs or vendor-supplied package programs for use with existing information systems.
- Proficient in the delivery of training and informational sessions to technical and non-technical constituencies.
- Proficient in oral and written English.
- Ability to be productive and maintain focus without direct supervision.