Information Security Engineer -- Audits

Position Summary:

The Information Security (InfoSec) Engineer will assist the firm by preparing for and responding to client security assessments and audits. They will also conduct on-site and on-line security assessments of our vendors and other third-parties to ensure these entities follow client security requirements and industry best-practices. The InfoSec Engineer will help to organize, oversee and coordinate other annual testing and assessment projects, including business continuity assessments and penetration testing. Candidates must have hands-on technical expertise with GRC tools, intrusion prevention and detection and direct experience with security audits.

Reports to:  

Information Security Manager
Key Responsibilities:

Respond to client security audits by assessing firm policy, technology and process to identify any gaps. Help develop plans to remediate and resolve gaps and match firm security systems to support our clients while maintaining the most efficient workflow possible for our letterhead attorneys. Provide backup coverage to other InfoSec staff, as necessary. Manage, tune and maintain log aggregation, vulnerability management, data loss prevention, privileged session management and threat intelligence alerting systems. Manage, tune and maintain web filtering, mobile device management and firewall systems. Develop and maintain concise documentation for all InfoSec staff. Respond to daily requests from attorneys, managers and other staff regarding security or related technology.

Candidate Qualifications:

Education and Professional Qualifications:

Candidates must have a bachelor’s degree in Information Assurance, Computer Science, Business, or Information Systems from an accredited institution. Certified Information Systems Security Professional (CISSP) and Certified Network Security Engineer (CNSE) - Palo Alto are both preferred certifications.

Knowledge, Skills and Experience:

Strong client-service orientation and focus with excellent written and verbal presentation skills. Five (5) years experience with relevant technologies and similar professional setting. Fundamental understanding of risk management, applicable legislative frameworks, policy requirements and risk/policy assessment. Understanding of different attack scenarios and methodologies, attacks targeting each OSI layer and countermeasures used to prevent those attacks. Basic understanding of cryptosystems, cryptography, hashing, digital signatures, and certificates. Experience managing web filtering and monitoring solutions. Prior relevant experience in a large law firm setting and an understanding of security and datacenter operations including servers, storage systems and backups; remote access/thin client environment; email and messaging systems; and database applications operations. Implement and maintain network and security infrastructure to insure high availability, system integrity, and client confidentiality.

Travel: Periods of heavy travel will be periodically required in order to conduct vendor assessments. At times, travel could be as much as 30-40%.

For consideration, please submit your resume, cover letter and salary requirement to Human Resources at; Munger, Tolles & Olson LLP, 355 S. Grand Ave., Los Angeles, CA 90071

Munger, Tolles & Olson LLP is an equal opportunity employer.