Working hours: Full-time (9:30 am - 5:30 pm Monday to Friday)
Department: Information Technology
Location: London
The firm
Simpson Thacher & Bartlett LLP is one of the world’s leading international law firms. The Firm was established in 1884 and has more than 1,000 lawyers. Headquartered in New York with offices in Beijing, Brussels, Hong Kong, Houston, London, Los Angeles, Palo Alto, São Paulo, Tokyo, and Washington, D.C., the Firm provides coordinated legal advice and transactional capability to clients around the globe.
Description/Job Summary
Reporting to the Security Operations Center (SOC) Senior Manager, this person will work alongside an expanding team of information security professionals with the shared goal of protecting the Firm’s security posture and staying one step ahead of threat actors. The person in this role will develop and integrate an Incident Response (IR)/SOC security infrastructure to monitor the Firm’s on-prem and cloud environments, articulate technical security requirements, monitor the effectiveness of the IR/SOC, make recommendations for enhancements, and help raise the level of security awareness.
The Senior IR-SOC Engineer serves as a critical bridge between operations and engineering. This very skilled professional has developed additional experience integrating SOC systems, people, and process. This role includes implementation, maintenance, and configuration of key SOC technology initiatives.
Responsibilities/Duties
* Drive and improve continuous monitoring and incident response, serving as a senior resource in our SOC and Incident Response processes.
* Configure and integrate platforms, tools, service providers, and solutions into our IR/SOC systems, making recommendations as needed.
* Consolidate and improve security logging and monitoring solutions on-premise and in the cloud to detect and respond to security threats in real time.
* Drive and guide efforts to automate and accelerate the detection and response processes.
* Coach and mentor SOC Analysts on process, tools, and skills development.
* Partner with Security Engineers to assess and select appropriate security controls and technologies related to continuous monitoring and incident response.
* Ensure integration of input from the Firm’s deployed suite of security tools to SOC systems (e.g., SIEM/SOAR), including, but not limited to, IDS/IPS, End Point Protection, MDR/XDR, PAM, MFA, DNS Security, and cloud security posture management.
* Ensure the Firm's Incident Response and security monitoring systems adhere to security best practices and baselines to ensure a secure configuration of platforms and resources.
* Advise and work closely with the Identity and Access Management (IAM) team to ensure IR/SOC visibility into authentication to the Firm’s resources.
* Participate in the computer security incident response team efforts and other security investigation activities as assigned, including on-call escalation rotation.
* Assist leadership with trend analysis, reporting, and metrics development to drive continuous improvement.
* Lead tactical and strategic level efforts to develop processes and runbooks as well as capture lessons learned and improve tools and processes.
* Provide technical assistance to IT staff in the detection and resolution of security problems.
* Coordinate multiple projects concurrently and influence the decision-making process.
* Communicate and report issues, status, and results to senior management.
* Perform other duties as assigned.
Required Skills
* 8+ years of hands-on experience in information security related responsibilities with a strong focus on SOC engineering, incident response, and threat detection/hunting.
* In-depth knowledge of IR/SOC monitoring, alerting and investigation tools platforms, process, and architecture.
* Experience working with cloud security technologies (AWS, Azure DevOps, Kubernetes, GCP, etc.) including cloud log analysis, monitoring, detection, and incident response.
* Experience with SOC use of SIEM, SOAR, IDS/IPS, DLP, and Endpoint security.
* Experience with third-party security monitoring solutions and providers.
* Ability to effectively prioritize and execute tasks.
* Ability to effectively present information verbally and in writing.
* Must be able to work collaboratively in a team environment and independently.
* Ability to handle sensitive and/or confidential material and information with suitable discretion.
* Excellent interpersonal skills and a professional demeanor; ability to work effectively with all levels of Firm personnel and vendors.
Required Education
Required:
* Bachelor’s (or Master’s) degree in information security, IT, related discipline, or equivalent experience.
Preferred:
* Professional certifications such as GIAC Certified Incident Handler (GCIH); GIAC Certified Intrusion Analyst (GCIA); Certified Information Systems Security Professional (CISSP).
Details
Salary and Benefits: Competitive.
Simpson Thacher is committed to ensuring that everyone can reach their full potential, irrespective of background, identity, or circumstance. We know that we are at our best when we bring together diverse experiences and perspectives. This is why we are focused on fostering a collegial environment that maximizes collaboration, empowering every individual to thrive and succeed.
#J-18808-Ljbffr