Principal Security Engineer

Wilson Sonsini Goodrich & Rosati is the premier legal advisor to technology, life sciences, and other growth enterprises worldwide. The Principal Security Engineer is responsible for managing the Firm’s information security systems and processes, enforcing security policies, and responding to security events while providing expertise in security engineering and risk management.

Responsibilities:

• Provide subject matter expertise in information security as it relates to networks and systems
• Manage the Firm’s security technology including but not limited to: anti-virus, vulnerability scanning, intrusion detection, content filtering, and insider threat systems
• Review security events from all monitoring environments not integrated with the firm SIEM, and those events escalated by the SOC, on a daily basis, and follow defined incident response processes in their analysis and reporting
• Monitor appropriate venues for threats to the security of the Wilson Sonsini Goodrich & Rosati environment. Provide notification to all impacted parties related to the actions needed to mitigate threats and manage the threat lifecycle in totality
• Manage and lead evaluations of the firm’s environment by external 3rd parties. Produce recommendations that integrate any findings with the business needs of the firm
• Maintain knowledge of the information security needs of firm clients and implement measures to satisfy those requirements in the most efficient manner
• Keep abreast of emerging security technologies and discipline developments. Make appropriate recommendations that meet the firms needs
• Design and build operational environments that scale to meet the needs of our security products and assure appropriate reliability
• Support general troubleshooting related to information security tasks and provide support to end users as needed
• Provide other teams with security consulting services, including responding to requests for additional information and assisting with specific projects
• Perform related duties as assigned by supervisor
• Maintain compliance with all company policies and procedures

Requirements:

• Bachelor's degree required
• 5+ of experience in Information Security
• Focus on knowledge of direct support for Security Information and Event Management (SIEM) systems (e.g. configuration of feeds, developing alarm/report concepts), Red Teaming concepts and execution, and Linux skills including command line and operational/administrative usage
• Extensive knowledge of traditional security controls and technologies, such as Security Information and Event Management (SIEM) systems, intrusion detection/prevention systems (IDS/IPS), public key infrastructure (PKI), identity and access management (IDAM) systems, antivirus and firewalls, in addition to newer offerings such as endpoint detection and response (EDR), threat intelligence platforms, security automation and orchestration, deception technologies and application controls
• Experience with windows desktop, server, and database security
• Ability to identify security technology risks and perform incident response
• Extensive knowledge of TCP/IP networking including wireless, network monitoring/design and routing
• Extensive understanding of the cyber kill-chain
• Experience in cloud computing technologies, including software-, infrastructure and platform-as-a-service, as well as public, private, and hybrid environments
• Excellent verbal and written communication skills, including ability to effectively communicate with internal and external customers and communicate clearly and effectively with people from both technical and non-technical backgrounds
• One or more of the following certifications preferred: GIAC, CISSP, CISM, CEH, CIPP
• Experience working in a law firm or professional services firm environment desired