Friedman Williams
Senior IT Security Engineer Washington DC
Job ID: 16876
Summary: The Senior IT Security Engineer is part of a team of engineers who architect, design, build, maintain, and support the Firm’s portfolio of security technologies and solutions, inclusive of Perimeter Defense, Monitoring & Logging, and Identity, Access, and Authorization Management. This role leads the lifecycle management of the Identity, Access, and Authorization Management (IAM) portfolio, with focus on system access management across the Technology ecosystem throughout the employee / user lifecycle from onboard to offboard. The senior engineer manages the necessary balance of delivering solutions that provide an optimal experience for our lawyers, staff, practice groups, and clients, without making concessions that add unacceptable risks to the Firm. To accomplish this objective, the Senior IT Security Engineer partners closely with functional IT leadership and staff, along with Information Security, Compliance, and other cross-functional stakeholders to continuously adapt solutions to meet the evolving needs of the Firm. The role requires an individual with the skills to think both strategically and tactically to handle the operational needs of the Firm, all with the objective of delivering gold-standard services.
Duties and Responsibilities:
• Owns the IAM solutions portfolio to protect the Firm’s technology estate, including but not limited to system access management across the technology ecosystem, throughout the employee / user lifecycle from onboard to offboard.
• Partners closely with the Cyber organization and other IT Security Solutions engineers to establish common standards and objectives for the Firm’s security solutions, supports broader IT Security functional objectives as needed.
• Implements, integrates, and upgrades the portfolio of solutions for IAM (including Data Loss Prevention).
• Leads system access management / access review processes in coordination with the cyber team.
• Leads data classification management capabilities (e.g., how data is classified and managed across the firm using guidelines and standards set by the Cyber team).
• Partners closely with Information Security, Compliance, and IT leadership to architect solutions that uphold the Firm’s policies, standards, and requirements (e.g., DLP, System Access Management, Data Classification).
• Works closely with IT technical teams to evaluate, design, and uphold security standards for Firm information, computer, network, and processing systems, with particular focus on IAM (e.g., user and group provisioning, role-based access control, identity lifecycle management, privileged access management, single sign-on, multi-factor authentication).
• Ensures the confidentiality, integrity, and availability of Firm data during processing, transmission or at rest to/from/between Firm workstations, servers, databases, and applications whether on-premises or externally hosted.
• Intakes and prioritizes the response and remediation of Information Security incidents and requests, and measures performance.
• Leads continuous process development, improvement, and automation of IAM related solutions and support activities.
• Participates in the design and implementation of recommended information security controls associated with new project application/system deployments.
• Contributes to the design and supports the execution of vulnerability assessments, penetration tests, and security audits.
• Collaborates well with cross-functional stakeholders and third-party providers.
• Recommends policies, standards, procedures, and training programs for lawyers and staff to make effective use of technology.
• Delivers technology solutions for the Firm’s security related projects.
• Stays current on trends and issues in the security industry, including current and emerging technologies.
• Stays current on applicable compliance and regulatory requirements for information security controls. Assists with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements.
Qualifications:
• College degree required, preferably in Computer Science, Information Systems, or a related technical discipline. Master’s degree is preferred.
• Appropriate technical certifications are preferred.
• 5+ years of relevant experience, ideally in a large law firm setting, a comparable professional services organization, or a legal information services provider
• Demonstrated experience with IAM concepts, principles, and leading industry practices, including but not limited to: user and group provisioning, role-based access control (RBAC), identity lifecycle management, privileged access management (PAM), single sign-on (SSO), and multi-factor authentication (MFA).
• Demonstrated experience in deploying and managing global IAM solutions across a variety of platforms, tenants, and environments, including on-premises and cloud-based systems.
• Demonstrated experience with IAM integration across various systems (e.g., Active Directory, LDAP, HR / financial systems).
• Demonstrated experience working with various IAM technologies, such as identity governance and administration, access management, and identity analytics (e.g., Microsoft Identity Manager, Okta, CyberArk).
• Experience leading IT system access management and review processes and constructing a portfolio of solutions for identity and access management (with focus on data loss prevention).
• Experience with network and system security administration, including operating system security configuration and account management best practices.
• Knowledge in vulnerability assessment and penetration tools for systems and web security.
• Proven experience working in a fast paced environment.
• Demonstrated ability to serve as a change agent, leading and inspiring others to act, especially under circumstances when change is unpopular.
• Ability to establish rapport and elicit cooperation from personnel across all levels, including executive management, and cross-functional leadership.
• Ability to develop and motivate technology teams, inclusive of staff, and 3rd party vendors/consultants.
• Skilled in communications to all levels in the organization in writing, speaking, and presentation skills for work with the Firm leadership, the user community, and clients.
• Excellent problem solving and debugging skills required.
• Ability to manage complex information systems and technical personnel.
• Must be able to reliably deal with multiple competing priorities and remain calm under pressure.
• Ability to fulfill on-call duties for IT emergencies outside of Firm business hours.