Skills

Communication Time Management Network Security Incident Response Risk Management Cloud Security Monitoring Strategic thinking Problem-solving Networking Research Training Architecture Linux Operating Systems Windows Oral and Written Communication Artificial Intelligence Active Directory TCP/IP Unix/Linux

Job Specifications

The Information Technology Department of Arnold & Porter has an opening for an Information Security Engineer in the Washington, DC office or may work 100% virtual/remote in a firm-approved U.S. state as part of the Gideon office. The Information Security Engineer is a technical security expert responsible for supporting security operations, engineering, and architecture functions and efforts for Arnold & Porter. Under the direction of the Manager of Information Security, the Information Security Engineer helps to ensure the overall security posture of the firm, and is expected to be involved in day-to-day security operations and contribute to ensuring the integrity and availability of the firm's IT and application infrastructure and the confidentiality, integrity, and availability of the firm's data in support of enterprise IT objectives and client service delivery needs.
Responsibilities include but are not limited to:
Security Operations

Performing security log and event analysis taking appropriate action as directed or required to address security risk issues or events/incidents using EDR, SIEM and log aggregation systems.
Monitoring and proactively executing the vulnerability management program to prevent or reduce IT hygiene risk issues from impacting production systems.
Maintaining and managing security toolsets as assigned, that help to mitigate or respond to security events and incidents including, but not limited to:

Application control systems
EDR/AV
Email Security platform
Attack simulation platform
Threat intelligence/hunting
Security related artificial intelligence tools
Supporting security incident response and investigation efforts as directed.
Helping validate and track IT operational activities to ensure compliance with policy, standards, and other applicable requirements, or as directed by organizational needs.
Researching and identifying security vulnerabilities and relevant industry/cybersecurity trends for follow-up and action.
Regularly reporting and tracking IT security events and metrics along with remediation activities.
Helping support third-party risk management efforts as assigned.
Helping support the firm security awareness training program as assigned.
Helping support the firm's IT Compliance efforts as assigned.
Participating in IT Security on-call rotation.
Security Engineering & Architecture

Advising and assisting with planning of security systems and standards by evaluating network and security technologies, developing security requirements for the enterprise infrastructure, and maintaining overall user access and data protection control in support of enterprise objectives and client service delivery.
Reviewing newly requested applications and SaaS and application changes for security impacts and possible remediation to address security risk.
Actively participating in the enterprise Change Advisory Board (CAB).
Conducting research and providing recommendations on methods, software, and technologies to mitigate risk exposures.
Helping to develop and contribute to security policies, standards and procedures to maintain an appropriate security posture and/or compliance with applicable requirements.
Qualifications:
Education/Experience

Four year college degree preferred; equivalent experience will be considered.
Minimum of three (3) years of experience in Information Security, or equivalent experience in IT-related fields with secondary security responsibilities.
Technical Skills

Experience and understanding of Windows, Unix/Linux, and Active Directory.
Solid understanding of core networking protocols, including TCP/IP, UDP, DNS, DHCP, HTTP/HTTPS, routing protocols.
Experience and technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, application security, and cloud security.
Proficient in Windows operating systems, Microsoft Office Suite, and related software.
Skilled in leveraging artificial intelligence tools for daily work.
Strong remote collaboration capabilities.
Communication & Writing

Communicate complex technical information clearly to non-technical audiences.
Excellent oral and written communication, including reports, business correspondence, and procedure manuals.
Effective presenter to diverse groups, including managers, clients, and the public.
Ability to identify and apply the appropriate method of communication.
Professionalism & Judgment

Strong personal initiative, judgment, and professionalism.
High level of confidentiality and discretion.
Exceptional client service for both internal and external stakeholders.
Problem-Solving & Strategic Focus

Strong problem-solving skills and strategic thinking.
Ability to define goals, prioritize tasks, and follow through to achieve results.
Detail-oriented with excellent organizational and time management skills.
Capable of handling multiple tasks in fast-paced environments.
Flexibility & Commit

About the Company

ARNOLD & PORTER FOUNDATION is an investment management company based out of 601 MASSACHUSETTS AVE NW, Washington, Washington DC, United States. Know more