Senior Security Analyst

  • Full-time

Job Description

Crowell & Moring LLP is an international law firm with offices in the United States, Europe, MENA, and Asia that represents clients in litigation and arbitration, regulatory and policy, and transactional and corporate matters. The firm is internationally recognized for its representation of Fortune 500 companies in high-stakes litigation and government-facing matters, as well as its ongoing commitment to pro bono service and diversity, equity, and inclusion.

Job Summary
The Senior Security Analyst works under the general guidance of the Manager, Information Security, to support the firm’s internal information security program. The analyst configures and maintains the network security infrastructure including, endpoint detection and response (EDR), Data Loss Prevention (DLP), email security, firewall infrastructure, vulnerability detection and remediation, monitoring, log collection/correlation, and intrusion detection/prevention. 
As part of a cross-functional IT Security team, the Senior Analyst will work on multiple daily tasks as well as long-term projects and prioritize according to management direction. The Senior Analyst will work both independently and as part of a team and interface with internal and external stakeholders.

Our Firm is committed to fair and equitable compensation practice in accordance with applicable laws. The salary range for this position is $120,600-$166,500. Additional compensation may include a discretionary bonus. Other benefits include healthcare, vision, dental, retirement, and all-purpose leave. The salary for this position may vary based on location, market data, an applicant’s skills and prior experience, certain degrees and certifications, and other factors.

Job Responsibilities
•    Reviews and responds to anomalies that may indicate security issues or insider threats.
•    Triages, validates, tracks, and investigates security alerts and declares incidents utilizing in-house and custom tools.
•    Tracks vulnerability lifecycle including initial assessment, remediation recommendations, assistance with change control and follow-up to verify mitigation.
•    Enables an innovative approach to system architecture standards which greatly increase the flexibility, scalability, and reliability of IT services.
•    Plans and executes the installation, configuration, monitoring and administration of security technologies including Intrusion Detection/Prevention Systems, VPN, endpoint protection, and others.
•    Performs daily reviews on all security appliances to ensure optimal security.
•    Oversees VPN configuration, technical risk assessment, multi-factor authentication, identity management, and general security consulting for enterprise projects.
•    Supports and communicates security system engineering policies, standards, guidelines and procedures and technical documentations.
•    Produces written reports including metrics of findings, risk, and recommendations, and assists with further development of information security policies, standards and procedures.
•    Works with other IT staff to improve the security of the environment through configuration change recommendations.
•    Implements and maintains Data Loss Prevention (DLP) configuration and agents. Tunes and troubleshoots DLP configuration and alerts as needed.
•    Documents policies and procedures to support certification activities.

Qualifications

Requirements:

Education
The position requires a Bachelor's Degree in an IT related field.  Equivalent training and experience may substitute for education.  

Certifications
The Senior Analyst should have at least one of the following: Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), a SANS certification (GSEC, GCIH, GCWN, etc.), a Cloud Security Alliance certification (CCSK, CCSP), or other similar certification
Other technical certifications are a plus.

Experience
The position requires a minimum of seven (7) years of increasingly responsible, directly related experience during which knowledge, skills and abilities applicable to the position were demonstrated.  

The position requires a minimum of four (4) years of strong direct experience in the Information Security field.

Knowledge, Skills and Abilities 
•    Demonstrated experience with security risk assessment, risk management, compliance, and security policy formulation.
•    Demonstrated knowledge of incident handling, management and computer forensics methodologies.
•    Demonstrated advanced knowledge and working experience with proxy and web content security filtering technologies.
•    Demonstrated ability to communicate clearly and effectively, both orally and in writing with attorneys, staff, and vendors.
•    Demonstrated strong understanding of TCP, UDP, security protocols, IP protocols and packet analysis.
•    Ability to provide quality client service to both internal and external contacts, regarding non-legal matters of a routine nature.
•    Ability to adapt to changing priorities and maintain a productive and committed work effort, meeting deadlines and managing workload.
•    Ability to apply technical knowledge or guidance, analyze and interpret data from several sources, solve problems by applying precedent or extrapolating from previous experience.
•    Demonstrated knowledge of IPS/IDS, desktop/server vulnerability management, next-gen firewalls (Check Point, Cisco, etc.), VPN, public cloud, etc.
•    Demonstrated knowledge of standards, rules and regulations related to information security and data confidentiality (NIST, ISO 2700x, HIPAA, PCI).
•    Exhibits a deep understanding of general networking technologies. 
•    Ability to represent the firm with honesty, integrity, and professionalism, consistently acting in an ethical manner.
•    Ability to work overtime and on-call as needed.

Additional Information

Crowell & Moring LLP offers a competitive compensation and comprehensive benefits package which includes progressive options such as back up child care, wellness programs, cultural events and social activities. We take great pride in our positive, friendly culture that rewards hard work and success, at the same time recognizing the importance of family and community service.

EOE m/f/d/v
Crowell & Moring LLP participates in the E-Verify program.

Privacy Policy