Jobs · Legal · Pennsylvania

Information Security Engineer

Duane Morris LLP · Philadelphia, PA · 1 wk ago
HybridLegalFull-time

Overview

Duane Morris LLP, a global law firm with 900+ attorneys in offices across the U.S. and around the world, offers innovative solutions to the legal and business challenges presented by today’s evolving global markets.

Engineering Responsibilities

  • Implement, administer, and improve security solutions and controls across endpoints, networks, cloud platforms, identity systems, email, and data protection solutions.
  • Partner with IT teams and internal and external business stakeholders to embed security into hardware and software evaluation, selection, installation, and configuration.
  • Analyze existing network, system, and application architectures, recommend improvements, and document how new systems or interfaces alter the security posture of the current environment.
  • Automate repeatable security tasks and improve reporting where possible.
  • Security Operations
    • Build, administer, and establish baseline configurations for a broad portfolio of security controls, including next-generation firewalls, zero trust, threat and detection engineering, EDR, vulnerability management, SIEM, identity and access management, and DLP.
    • Operate these solutions across a diverse technology landscape, acting as a subject matter expert as required.
    • Monitor, investigate, and respond to security alerts and suspected incidents.
    • Lead vulnerability and threat management activities, including scanning, triage, remediation planning, reporting, and validation.
    • Design and maintain Information Security documentation including procedures, processes and contribute to overall Information Security program management Risk Assessment
    • Continuously evaluate the threat landscape, assess systems for resilience, and implement new security technologies or controls to mitigate evolving risks.
    • Conduct regular security assessments to identify vulnerabilities and potential exposures.
    • Perform information and cyber security reviews of changes across the technology environment.
    • Work with IT and business stakeholders to make sure security is part of how new hardware and software gets evaluated, selected, and configured.
    • Support the review of cybersecurity policies, architectures, and standards.

Incident Response

  • Serve as an Incident Response Team member, supporting forensics and incident response activities including containment, recovery, root cause analysis, and post-incident improvement.
  • Apply cybersecurity and digital forensic tools and techniques to automate security tasks, streamline incident workflows, and continuously improve the Firm's overall security posture.

Project Management

  • Plan and execute Information Security projects and represent the Information Security team on initiatives led by other groups.
  • Create and maintain accurate documentation.
  • Contribute to the security awareness program.
  • Support audits, client security reviews, and due diligence requests as needed.

Qualifications

  • Bachelor's degree in Computer Science, Information Systems, Computer Engineering, Digital Forensics or a related discipline (or equivalent experience and technical background).
  • Minimum of 4 years of hands on security experience required; SOC, DFIR or security engineering background preferred. CISSP, GSEC, GCIH, CISA, or comparable certification preferred.
  • Technical depth in two or more areas such as IAM, VPN, network monitoring, intrusion detection, web server security, wireless security, cloud security or digital forensics. Hands-on experience with web content filtering, anomaly detection, and vulnerability scanning.
  • Strong understanding of security domains across network/perimeter security, zero trust, event monitoring, vulnerability assessment, intrusion detection and response, encryption, enterprise authentication (e.g., SAML/SSO, Active Directory, 802.1x, passwordless), EDR, PIM/PAM, content filtering and data protection.
  • Working knowledge of protocols such as TCP/IP, SSH, SSL, HTTP, GRE/IPSec.
  • Experience with security standards and frameworks such as NIST CSF, ISO 27001, SOC2, CIS, OWASP including the ability to assess compliance requirements and implement necessary controls.
  • Strong written and verbal communication skills with the ability to articulate complex security topics to less or technical audiences and translate technical risk into business impact.
  • Sharp decision-making, problem-solving, and troubleshooting abilities.
  • Self-motivated, results-driven, and collaborative, with excellent time management and organizational skills. Able to manage multiple concurrent projects, forecast needs, motivate peers, and contribute to a positive, professional team culture.

Preferred Qualifications

  • Experience in a law firm, professional services, or consulting environment.
  • Experience with Microsoft security tools such as Defender, Sentinel, Entra ID, Purview, or Intune.
  • Experience with scripting or automation using PowerShell, Python, or similar tools.
  • Security certifications such as CISSP, GSEC, GCIH, CISA, Security+, Microsoft security certifications, or similar credentials.

Ideal Candidate

  • Hands-on, practical, and technically curious.
  • Comfortable working across multiple security areas.
  • Clear, professional, and effective in communication.
  • Able to operate independently while knowing when to escalate.
  • Interested in helping build a security function, not just operate existing tools.
  • Strong sense of ownership, judgment, and accountability.

Benefits

  • Comprehensive healthcare, dental, vision, and prescription plans.
  • Commute, HSA and FSA spending accounts
  • Short-term and long-term disability and life insurance coverage
  • 401k and Pension Plan
  • 20 vacation days, 11 paid holidays
  • Employee Referral Bonus ($3,000.00)

Accommodation Statement

If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please contact Nate Maxwell at 215-979-1000.

California Applicants

Please visit our Privacy Notice and to learn about our information practices in the application and employment context.

Similar jobs

Information Security Engineer

Allspring Global InvestmentsMilwaukee, WI· 3 wk ago
Information Technology$70k–$95k/yrapply on careers-allspringglobal.icims.com

Information Security Engineer

Jefferson County, ColoradoGolden, CO· 1 wk ago
Information Technology$118k–$122k/yrapply on jefferson.wd5.myworkdayjobs.com