Friedman Williams
IT Security Engineer Washington DC
Job ID: 19864
Looking for an IT Security Engineer who is ready to hit the ground running, hungry for a challenge and wants to work in a predominantly Mac OS environment! We are seeking a highly skilled and detail-oriented Security Engineer to join our law firm’s IT department. The Security Engineer will be responsible for implementing and maintaining robust security measures to protect our firm’s sensitive data, including client and firm information, legal documents, and communications. The ideal candidate will have a deep understanding of cybersecurity principles, experience with security infrastructure, and the ability to anticipate and mitigate potential security threats. This role will also provide support to subsidiaries.
Key Responsibilities
• Conduct regular security assessments, vulnerability testing, and risk analysis to identify potential threats
to the firm’s IT systems. Recommend and implement appropriate risk mitigation strategies.
• Primary contact for third party audits of the Firm’s security practices in connection with potential
certifications (ISO Certification)
• Develop and maintain firm incident response plans and corporate security policies and procedures.
Lead investigations of security incidents and respond promptly to security incidents, minimizing the
impact on the firm’s operations. Conduct regular IRP testing.
• Ensure compliance with relevant legal and regulatory requirements (e.g., CCPA, GDPR, HIPAA). Develop,
update, and enforce security policies and procedures tailored to the law firm environment.
• Work with external teams (SOC, EDR vendors) to continuously monitor network traffic, security logs, and
alerts for suspicious activity. Generate and present regular reports on the security status to senior
management.
• Manage and deliver security awareness training for staff, promoting best practices and reducing the
risk of human error.
• Administer and maintain user end point security measures and provide expertise in all security related
applications and software.
• Review, complete and submit third party security questionnaires from clients and review outside
counsel guidelines
• Work closely with legal teams, IT staff, and external vendors to ensure that security measures are
integrated into all aspects of the firm’s operations, including new projects and technologies.
• Manage the regular updates and patching of security agents to systems and software to protect
against vulnerabilities.
• Assist in the design, implementation and management of the firm’s security solutions, including
firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, encryption protocols, and
secure access controls
• Collaborate with the IT team and other administrative personnel in review of new or existing systems
and software to ensure security requirements are satisfied, (including risk assessment).
• Manage the firm’s vendor management program including the evaluation and audit of security
practices of third-party vendors.
• Other duties may be assigned.
Qualifications
• Bachelor’s degree in computer science, Information Security, or a related field. Equivalent experience
may be considered.
• Minimum of 3+ years of similar level role in cybersecurity, with a focus on security engineering.
Experience in the legal or financial sector is a plus.
• Industry certifications such as CISSP, CISM, or equivalent are highly desirable.
Technical Skills
• Proficiency in security technologies, including firewalls, VPNs, SIEMs, IDS/IPS, and endpoint protection.
• Strong understanding of encryption technologies, secure coding practices, and network security
protocols.
• Familiarity with compliance requirements such as CCPA, GDPR, HIPAA, and other relevant regulations.
• Familiarity with security certifications (e.g, ISO, SOC)
• Strong problem-solving and analytical skills, with the ability to identify and mitigate risks effectively.
• Excellent written and verbal communication skills, with the ability to convey complex security concepts
to non-technical staff.
• High level of attention to detail and the ability to manage multiple tasks in a fast-paced environment.
• Experience with cloud platforms such as Microsoft Azure, MFA and Identity components within Entra
(Enterprise Applications/App Registrations, etc.).
If you are interested in this position, please email me your resume to tgrossman@friedmanwilliams.com