Skip to Main Content

Information Security Engineer

Simpson Thacher & Bartlett LLP New York, NY

  • Posted: June 15, 2021
  • Full-Time

Description/Job Summary The Information Security Engineer must understand that legacy, present-day systems and applications may have weaknesses that can be exploited by external threat actors and potentially lead to a breach. Given that vulnerability management and risk exposure extend across all technical systems Firm-wide, the Engineer will be responsible for reporting, remediation, identifying assets and vulnerabilities, and continuous assessment. In addition, the Engineer is responsible for monitoring the IT security infrastructure within the Firm's network and assist with implementation, maintenance and configuration of key firm security initiatives. Responsibilities/Duties Manage and lead the Firms vulnerability management program. Responsible for the Qualys Vulnerability Management environment and the supporting processes for the detection and assessment of identified vulnerabilities across applications, endpoints, databases and networking devices assets. Document, prioritize and formally report asset and vulnerability state, along with remediation recommendations and validation with the infrastructure teams. Risk rank vulnerabilities based on the threat level to the Firm. Understanding of SCCM with the ability to troubleshoot SCCM issue on workstations and servers. Contribute and participate with the deployed suite of security tools, including, but not limited to, SIEM, AV/EDR, IDR, Deception technology, IDS/IPS, Password Management, MultiFactor Authentication, Single Sign on, NAC, DNS security, DLP, etc. Analyze potential threats from a multitude of log sources and decide whether events are false positives or potential security threats. Continuously improve the Firms logging and alert systems, to reduce false positives and increase accuracy of alerts. Leverage the Firms SIEM to create dashboards and analytics based on multiple log sources and security alerts. Interface with the Firms 24/7 managed IDR/MSSP and respond to alerts triggered from the SIEM or MSSP. Respond to security incidents, and proactively consider how to prevent the same type of incidents from occurring again in the future. Respond to and assist in analysis of suspicious phishing emails. Show initiative to communicate with other IT team members on any security concerns and enhancements to help protect the Firm. Build and maintain relationships with other members of IT. Maintain a high level of rigor to stay up-to-date with advancements in technology, while also retaining knowledge of older systems and applications in use. Work with the IT Security Team to assist with annual penetration tests and remediation. Assist IT security colleagues on the deployment of security technologies. Stay up-to-date on information technology trends and security standards Required Skills Minimum 3-4 years of relevant experience Solid understanding of information security Must be able to work collaboratively in a team environment and independently Ability to handle sensitive and/or confidential material with discretion Excellent interpersonal skills and a professional demeanor; ability to work effectively with all levels of Firm personnel and vendors Excellent written and verbal communication skills, ability to communicate clearly and concisely Strategic thinker with strong analytical and problem-solving skills Demonstrated project management skills, organizational and execution skills with strong attention to detail Ability to manage multiple concurrent objectives or activities, and effectively make judgments in prioritizing and time allocation Must be flexible in order to respond quickly and positively to shifting demands Strong understanding of threat detection or monitoring techniques. Strong understanding of vulnerability management. Understanding of Active Directory and TCP/IP protocols. Red, Blue, and/or Purple teaming experience. Understanding of the MITRE Attack Framework. Experience in computer scripting languages particularly PowerShell. Understanding of secure cloud environments. Required Education* * Bachelor's degree required, IT related discipline Preferred Education * Major in Computer Science, or related field

Simpson Thacher & Bartlett LLP


New York, NY
10261 USA



View all jobs at Simpson Thacher & Bartlett LLP

What email should the hiring manager reach you at?

By clicking the button above, I agree to the ZipRecruiter Terms of Use and acknowledge I have read the Privacy Policy, and agree to receive email job alerts.