Hinshaw & Culbertson LLP, a national law firm, currently has an excellent full-time employment opportunity for an Information Security Analyst. We offer competitive compensation and an excellent benefits package.
Location: Flexible and in any state where the firm has an office.
The Information Security Analyst is a crucial role in that it provides hands-on technical expertise to the Security Operations Center of the firm. This position is responsible for monitoring the IT security environment to immediately detect, verify and respond swiftly to cyber threats, e.g. vulnerability exploitation, malware, cyber-attacks, etc. This role effectively enhances the incident response operations of the organization by working closely with IT and business stakeholders to execute in a non-disruptive manner across the firm. This position within the Information Security & Governance area of the IT Department and is instrumental in increasing the security posture of the firm. Working in conjunction with various IT infrastructure & Operations personnel, this position will be a key contributor in executing the IT Security strategy, Security roadmap and formulation of the Security process relative to threat intelligence, security monitoring, security automation, security awareness as it pertains to security monitoring, intrusion detection/prevention, purple teaming, endpoint security, Third Party Security Assessment, SIEM and SOC.
Duties and Responsibilities:
- Implement, administer and support endpoint security software.
- Knowledge of a wide range of current security technologies such as vulnerability assessment tools, SIEM, firewalls, proxies, network and host-based intrusion prevention, DLP, etc.
- Conduct investigations of security events (e.g., unauthorized access, non-compliance with company policies, fraud, service exploitation, etc.) to determine malfunctions, breaches, and remediation steps
- Responds to daily service issues, problems, and critical situations to support resolution and minimize downtime
- Administration and daily operation of SIEM technologies, including rule creation, reporting, correlation and performance monitoring
- Execute automation playbooks for automated incident response investigations
- Leverage firms’ threat intelligence sources & partners to maintain an understanding of emerging security threats and advanced threat actor’s capabilities
- Integrate threat intelligence feeds and sources with firm’s security monitoring infrastructure
- Leverage firm’s Continuous Testing framework to identify, design and deploy tests for firm’s security monitoring controls
- Identify and implement tools to baseline activity and alert or limit suspicious activity and insider threat among networks, databases, data and users
- Assist in selecting, implementing and managing of systems, tools, and processes that will keep the firm at the leading edge of security. This includes a continually-evolving inventory of gaps to be mitigated and formulation of a proactive strategy to evaluate and implement mitigating technologies
- Continuously remain current on emerging security threats and technologies
- Assists in the development and implementation of security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines)
- Enforces security policies and procedures by administering and monitoring security profiles, reviews security violation reports and investigates possible security exceptions, updates and maintains and documents security controls
- Prepares status reports on security matters to develop security risk analysis scenarios and response procedures
- Other duties as assigned
Qualifications and Prior Experience:
- Bachelor’s Degree in Cybersecurity or equivalent subject matter area.
- 1 to 3 years experience working in a Security/Cybersecurity environment, and 3 to 5 years of solid IT experience in network or server administration.
- Thorough knowledge of software applications and design tools including knowledge of Microsoft Office Suite of application products and knowledge of relational databases, database administration and reporting tools.
- Thorough command of the industry language and the ability to effectively communicate technical information to a variety of technical and non-technical users.
- Strong analytical and problem solving skills, ability to organize and prioritize multiple assignments, use initiative and judgment to accomplish results, participate as a team leader or member of a team, work under pressure and complete job assignments in an accurate, timely and professional manner.
- Excellent presentation, communication, interpersonal and customer service skills required and ability to interact effectively and professionally with all learning styles, personality types and levels of management, staff and a variety of external entities including clients and prospective clients of the Firm.
- Passion for the role and for continuous learning.
As an EEO/AA employer, Hinshaw & Culbertson LLP will not discriminate in its employment practices due to an applicant’s age, race, color, religion, sex, sexual orientation, gender, gender identity, gender expression, national origin, protected veteran or disability status or any other factor prohibited by law.