A law firm is looking for a
Sr. Information Security Analyst to join their team in New York, NY.
Compensation: $150,000-170,000
Responsibilities include, but are not limited to:
- Analyze various security logs and related security events to determine risk and develop the necessary action plans.
- Provide vulnerability assessments and provide remediation plans.
- Ensure all Firm information security systems are configured and operating according to Firm policies and standards.
- Operate, configure, and fine tune the Security Information and Event Management (SIEM) system. Investigate and report all information regarding security breaches and other cyber security incidents.
- Develop automated adaptive responses and alerting of detected cybersecurity incidents.
- Assist in client security audits and questionnaire.
- Install and configure security measures and countermeasures to defend against cyber intrusions and attacks.
- Maintain and oversee various identity access management software.
- Monitor and ensure security control effectiveness (eg. system patching, firewall changes).
- Provide reports to management on key metrics pertaining to security-related issues.
- Investigate possible security breaches and vulnerabilities identified through audit reports and follow up accordingly with different departments.
- Assist with risk assessments to ensure data remains protected.
- Work with the business to optimize and automate security-based processes.
Qualifications:
- Bachelor's degree in Computer sciences or related field required.
- Security certification such as CISSP, CCNA Security or CISM preferred.
- 5+ years of IT based experience working in a security role, focusing on information security analysis.
- 5+ years of experience with technologies such as Vulnerability Management, , Identity Management, Data Protection, Security Information and Event Management (SIEM), Anti-Virus, Data Loss Prevention, Endpoint Detection and Response, and Privileged Access Management (i.e. Crowdstrike, LogRhythm, Cisco ASA, Palo Alto, Varonis).
- Experience with network management tools, Active Directory and Group Policy.
- Experience with ISO 27001 certification process or other compliance framework such as HIPAA, PCI, and SOX.
- Excellent written and verbal communication skills including ability to communicate security risks to non-technical people.
- Exceptional interpersonal skills including teamwork, facilitation and negotiation.
22-08480