Arnold & Porter has an opening for a Senior Information Security Analyst in the Washington, DC office. The Senior Analyst is a technical security lead and expert responsible for supporting security operations, engineering, and architecture functions and efforts for Arnold & Porter. Under the direction of the Director of Information Security & Compliance, the Senior Analyst is a wide ranging, hands-on role encompassing the design, implementation and maintenance of advanced security technologies, performing in-depth security reviews for new projects and technologies, providing frontline response for all security incidents, and performing security risk assessments.
Responsibilities include but are not limited to: • Functioning as the primary resource/lead for the Firm's key security platforms including the coordination of design, implementation, and maintenance of those platforms within the Information Security and other IT operations teams. • Performing and leading as directed and required, the front line security incident response as a member of a 3 person on-call rotation. Providing timely investigation and resolution to all suspicious email reports, malware instances, and other security events. Helping lead continuous improvement of the team's incident response effort through automation, process maturity, and other activities as appropriate and applicable. • Assessing and reviewing the Firm's current technology infrastructure to identify key risk areas, ensuring that adequate controls are in place to address those risks. Taking a lead position to research specific security technologies and controls as requested by senior management. • Helping lead efforts to automate mundane or time-intensive security operations tasks and processes including the integration of these automation efforts and initiatives into the security architecture in a transparent and supportable way to augment the Information Security team’s current abilities. • Using established processes to conduct detailed, written security reviews for vendors, projects, and technologies. The security review process includes conducting initial intake interviews with stakeholders, researching and performing due diligence, using third party risk management tools, conducting risk assessments, and presenting final recommendations for moving forward in a secure manner. • Leading efforts to improve cyber threat intelligence (CTI) gathering, analysis, and management. • Conducting periodic scheduled processes and procedures such as running vulnerability scans, and periodic privileged access reviews as assigned and directed. • Maintaining operational responsibility for the information security team's ticketing queue, primarily relating to the evaluating and managing tickets requesting policy exceptions. • Offering insights and collaborating within the team to provide input to strategic and tactical planning, initiatives, and projects.
Qualifications: • Minimum of five (5) years of experience in Information Security. • Minimum of three (3) years of experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security. • Four year college degree preferred; equivalent experience will be considered. • CISSP, GIAC or other similar certifications are preferred. • Technical expertise, experience and understanding of Windows, Unix/Linux, and Active Directory as well as core networking protocols, including TCP/IP, UDP, DNS, DHCP, HTTP/HTTPS, routing protocols. • Ability to communicate complex technical information to a non-technical audience. • Strong project and task management skills required. • Effective oral and written communication with the ability to identify the appropriate method of communication. • Strong team collaboration, self-initiative and motivation skills. • Excellent organizational and problem-solving skills. • Proficiency in handling a number of projects simultaneously. • Ability to read, analyze, and interpret general business periodicals, professional journals, technical procedures, or governmental regulations. • Ability to write reports, business correspondence, and procedure manuals. • Ability to effectively present information and respond to questions from groups of managers, clients, customers, and the general public.
Arnold & Porter is an equal opportunity and affirmative action employer that does not discriminate on the basis of race, color, creed, religion, national origin, sex (which includes pregnancy, childbirth, breastfeeding and related medical conditions), age, marital status, sexual orientation, gender, gender identity, gender expression, transgender, disability, medical condition, family leave status, citizenship status, ancestry, genetic information, military or veteran status, or any other characteristic protected by local, state, or federal laws, rules, or regulations. Our Firm's policy applies to all terms and conditions of employment. To achieve our goal of equal opportunity, Arnold & Porter maintains an affirmative action plan through which it makes good faith efforts to recruit, hire and advance in employment qualified minorities, females, individuals with disabilities and protected veterans. If you would like more information about your EEO rights as an applicant under the law, please click EEO is the LAW and the Supplement poster.
Arnold & Porter is an Equal Opportunity Employer - M/F/Veteran/Disability/Sexual Orientation/Gender Identity.