Senior Security Engineer Fulltime Remote

As a Senior Security Engineer you will play a crucial role in developing and maintaining the firms cybersecurity infrastructure. This role includes hands on design and administration of the Microsoft 365 Security stack (Defender for Endpoint Identity Cloud Apps and O365 as well as Azure Entra ID Purview and much more. The Senior Security Engineer will be essential to our teams success as they contribute across our hybrid environment and lead assigned technical projects. This individual will analyze research and make recommendations on existing designs and strategies as well as the business practices that may bear security risk.

Responsibilities

Cloud Security:

• Design implement and maintain a secure and resilient cloud architecture encompassing Infrastructure as a Service (IaaS) Platform as a Service (PaaS) and Software as a Service (SaaS) solutions. This includes Azure AWS Office365 and all manner of SaaS applications.
• Design and build continuous audit and alerting capabilities in our cloud environments using native toolsets.

Identity and Access Management:

• Develop and implement robust identity and access management strategies for cloud environments ensuring proper authentication and authorization controls.
• Monitor and manage user access permissions following the principle of least privilege.

Data Protection:

• Use leading edge Microsoft 365 Security and Purview technologies to establish and enforce data protection policies to safeguard sensitive information.
• Monitor for data leakage to and from the cloud and on prem.

Incident Response:

• Lead incident response efforts for security incidents coordinating with internal and external stakeholders.
• Implement logging and monitoring solutions to detect and respond to security events in realtime.

Security Infrastructure Management:

• Design implement and manage security infrastructure to safeguard the firms networks systems and applications.
• Conduct regular security assessments and vulnerability scans to identify and address potential risks.
• Incident Response and Investigation.
• Lead incident response efforts and conduct thorough investigations in the event of security incidents or breaches.
• Collaborate with legal and IT teams to ensure proper documentation and reporting of security incidents.

Collaboration and Communication

• Work with key stakeholders and internal IT contacts to conduct risk assessments against new technologies being considered for use. Formally document these risk assessments such that they can be easily understood by stakeholders.
• Collaborate with IT legal and compliance teams to align security initiatives with overall business objectives.
• Communicate security risks and recommendations to both technical and nontechnical stakeholders.

Qualifications

• Bachelors degree in Information Systems Information Security Risk Management or a related field
• At least five years experience in Information Security or similar type role
• Law firm experience preferred
• Awareness of basic tenets of secure software development
• Solid understanding of networking concepts such as routing firewalls NAT translation proxies and other next gen SASE solutions.
• Familiarity with Data Loss concepts and strategies
• Deep level security information and event management (SIEM) log analysis
• Ability to fulfill responsibilities in a timely manner and with exactitude
• Extreme thoroughness and the ability to be directed on important initiatives but to work independently to ensure the optimal outcome reporting back to senior management on important milestones or issues that arise.
• Several Information Security certifications are considered a significant plus (Microsoft CISSP CISM Palo Alto Splunk Cisco are a few that would be considered standout achievements).

The estimated base salary for this position is $160000 to $190000 at the time of posting.