Winston & Strawn
New York - Information Security Engineer
Winston & Strawn, New York, New York, us, 10261
ABOUT USFor professional staff, Winston & Strawn presents an exciting opportunity to be a part of a leading global law firm. With our commitment to excellence, diversity, a collaborative work environment, and an emphasis on professional growth, Winston offers a platform for individuals seeking to advance their careers in a dynamic and rewarding environment. Winston is known for its collaborative and collegial culture. We believe teamwork is an essential component in providing high-quality legal services and we value the talents and skills of our entire professional staff team.POSITION SUMMARY:The firm is looking for a highly motivated, driven, and collaborative professional to join Winston & Strawn's Information Risk and Security team. The Information Security Engineer will be responsible for building, implementing, and managing a variety of security technologies across the firm's security program. This role will require an individual to be capable of working with a high-level of autonomy, as well as collaborating with other teams, departments, and practice areas. The ideal candidate has diverse security background, is comfortable with change, and has a genuine passion to learn.DUTIES AND RESPONSIBILITIES:Supports and maintains a wide variety of security processes and technologies across several functional security domains, including identity solutions (IdP, PAM, MFA), network and software firewalls (NGFW), intrusions detection/prevention systems (IDS/IPS), web and DNS filtering (SWG, CASB), end-point security solutions (NGAV/EDR), security event monitoring (SIEM) platforms, vulnerability scanning, and data loss prevention (DLP) solutions.Supports operational security activities and existing processes to drive continuous improvement.Supports security monitoring, alerting and incident investigation activities. Assists with threat hunting and enhancing the firm's detection capabilities.Assists with the monitoring and handling of internal information security support tickets and escalations.Coordinates and drives remediation of identified risks and control deficiencies.Assists and supports threat and vulnerability management processes, including threat identification and patching procedures.Assists in developing and prototyping security automation integrations and runbooks.Provides information security guidance and risk management advisory on planned projects and changes.Assists in the development of security policies, procedures, and hardening guides / baseline security standards.BASIC QUALIFICATIONS:3 + years of years of hands-on experience in multiple domains of information security required.Minimum of one + years of scripting or programming language. Capable of working with various APIs in a security context required.This role is fully remote but must reside in a commutable distance to a local office required.ADDITIONAL QUALIFICATION:Bachelor's degree in information security, information technology, computer science, or related field preferred.COMPETENCIES:Solid understanding of fundamental information technology concepts (networking, system administration, endpoint management, identity, etc.).Strong understanding of security fundamentals and best practices.Knowledge and hands-on experience in at least two of the following areas:
Demonstrates knowledge and hands-on experience with various cloud provider platforms (e.g., Azure, AWS, GCP).Has practical experience working with endpoint security products (CrowdStrike, MS Defender, Sentinel One).Has practical experience working with leading identity and privileged management platforms (e.g., Okta, Entra, CyberArk, BeyondTrust).Experience building out use cases in leading security automation platforms (e.g., Tines, XSOAR, CS Fusion).Has practical experience working with leading log management and SIEM platforms (e.g., Splunk, CrowdStrike LogScale, Cribl).Has hands-on experience working with leading vulnerability scanners (Nessus, NeXpose, Qualys).
Strong problem-solving skills and the ability to resolve complex issues.Approaches unknowns and challenges with tenacity; ability to solve problems with creativity.Ability to work both independently and collaborate in cross-functional teams; communicates effectively.Excellent written and verbal communication skills. Ability to write with purpose, clarity, and accuracy.BENEFITSWinston offers comprehensive benefits that provide a full spectrum of coverage and support for our full-time employees and their families. Additional information about benefits and rewards can be found here.SALARYNew York based applicants only:
The target annual salary range for this role is currently $135,000- $152,000 based on a regular, full-time schedule. The amount of compensation offered will be determined by several factors, including but not limited to experience, qualifications ,market data and internal equity. Total compensation may include an annual discretionary merit bonus, yearly retirement plan contribution, and a comprehensive benefits package.L
os Angeles based applicants only:
The target annual salary range for this role is currently $125,000 - $141,000 based on a regular, full-time schedule. The amount of compensation offered will be determined by several factors, including but not limited to experience, qualifications, market data and internal equity. Total compensation includes a comprehensive healthcare benefits package, yearly retirement contribution, and may include an annual discretionary merit bonus.
We value diversity in the workplace. EOE/Minorities/Females/Vets/Disabled (EOE=Equal Opportunity
Employer)
#LI-DC2
Demonstrates knowledge and hands-on experience with various cloud provider platforms (e.g., Azure, AWS, GCP).Has practical experience working with endpoint security products (CrowdStrike, MS Defender, Sentinel One).Has practical experience working with leading identity and privileged management platforms (e.g., Okta, Entra, CyberArk, BeyondTrust).Experience building out use cases in leading security automation platforms (e.g., Tines, XSOAR, CS Fusion).Has practical experience working with leading log management and SIEM platforms (e.g., Splunk, CrowdStrike LogScale, Cribl).Has hands-on experience working with leading vulnerability scanners (Nessus, NeXpose, Qualys).
Strong problem-solving skills and the ability to resolve complex issues.Approaches unknowns and challenges with tenacity; ability to solve problems with creativity.Ability to work both independently and collaborate in cross-functional teams; communicates effectively.Excellent written and verbal communication skills. Ability to write with purpose, clarity, and accuracy.BENEFITSWinston offers comprehensive benefits that provide a full spectrum of coverage and support for our full-time employees and their families. Additional information about benefits and rewards can be found here.SALARYNew York based applicants only:
The target annual salary range for this role is currently $135,000- $152,000 based on a regular, full-time schedule. The amount of compensation offered will be determined by several factors, including but not limited to experience, qualifications ,market data and internal equity. Total compensation may include an annual discretionary merit bonus, yearly retirement plan contribution, and a comprehensive benefits package.L
os Angeles based applicants only:
The target annual salary range for this role is currently $125,000 - $141,000 based on a regular, full-time schedule. The amount of compensation offered will be determined by several factors, including but not limited to experience, qualifications, market data and internal equity. Total compensation includes a comprehensive healthcare benefits package, yearly retirement contribution, and may include an annual discretionary merit bonus.
We value diversity in the workplace. EOE/Minorities/Females/Vets/Disabled (EOE=Equal Opportunity
Employer)
#LI-DC2