Senior Analyst, Information Security

About The Position

Requirements

• Technical bachelor’s degree or equivalent IT / Information Security experience (required).
• At least 5 years’ experience working within Information Security infrastructure or vocation to move from another technical discipline.
• Proven ability to adapt quickly to emerging threats or new information, shifting focus as needed.
• Demonstrated expertise in Microsoft 365 Defender and Azure Sentinel for detecting, investigating, and responding to suspicious behaviors and anomalous activities.
• Familiarity with endpoint security solutions and security infrastructure, including EDR, vulnerability management tools, DLP solutions, and removable media encryption.
• Working knowledge of cloud based web and email filtering solutions such as , Zscaler, Mimecast, Proofpoint, or Cisco.
• Experience with securing cloud environments (AWS, Azure, GCP), including configuration management, identity and access controls, monitoring, and incident response.
• Experience with security automation and orchestration, including the use of scripting languages (such as PowerShell or Python) and SOAR platforms to streamline incident response, automate repetitive tasks, and enhance overall security operations.
• Strong knowledge of security technologies (e.g., firewalls, IDS/IPS, EDR, SIEM).
• Experience of introducing Information Security improvement through effective deployment of technology and / or processes to move to a proactive footing in security management or demonstrating similar in current technical discipline.
• Experience working with a service management tool.
• Keen sense of responsibility, ability to set a professional example and desire to adhere to defined security practices.
• Strong technical security understanding.
• Self-motivated and able to work calmly and methodically under pressure.
• Excellent interpersonal skills, exceptional levels of personal integrity and the ability to communicate clearly at all levels through reports, presentations and forming effective matrixed relationships.
• Skilled in applying an agile approach to task management, ensuring responsiveness to dynamic risk landscapes.
• Cooperative, service-orientated, individual and established team worker, comfortable working in a geographically dispersed team.
• Good judgement when it comes to confidentiality and sensitivity of information of which they may become aware through the course of their duties.
• Adaptable and keen to learn new skills.

Nice To Haves

• Security-related certification e.g. CompTIA Security+, GSEC, CISSP, CISA, CCSP (preferred).
• Good understanding of security frameworks such as ISO 27001, NIST, Mitre (preferred).
• Familiarity with cloud security tools (e.g., Microsoft Defender for Cloud, AWS Security Hub), and cloud compliance frameworks (e.g., CIS, CSA CCM) is highly desirable.
• Familiarity with legal tech platforms (e.g., iManage, Relativity, NetDocuments) is a plus.

Responsibilities

• Act as a champion for Information Security best practice and policies.
• Act as an intermediate escalation point and technical mentor for other members of the analyst team.
• Operate and manage security incidents and requests to SLA guidelines.
• Review, action, and escalate, any unusual event behavior identified.
• Assist with development and maintenance of the Firm-wide security infrastructure configuration, policies and procedures, identifying improvements to procedures, and reporting on incidents.
• Actively promote security governance in support of the Information Security policies, to ensure appropriate measures are taken to secure the Firm’s confidentiality and integrity.
• Encourage cooperative working with all business functions to achieve shared goals, ensuring skills transfer and technical security awareness within the teams. This includes writing process documents and conducting training.
• Work cooperatively with project teams to ensure that new project and changes adhere to Information Security policies and governance standards.
• Identify threats and vulnerabilities.
• Keep a technical industry awareness of security risks and exposures and proactively promote effective counter-measures.
• Configure appropriate security parameters in monitoring systems and act as a technical point of escalation for any alerted issues.
• Perform document reviews and privileged account reviews.
• Ability to triage and remediate phishing and impersonation attacks in a timely and efficient manner as the risk dictates.

Benefits

• Norton Rose Fulbright US LLP is committed to providing employees with a comprehensive and competitive benefits package that supports you, your health, and your family.
• Benefit packages include access to three medical plans, dental, vision, life, and disability insurance.
• Employees can also access pre-tax benefits such as health savings and flexible spending accounts.
• Norton Rose Fulbright helps provide financial security by allowing employees to participate in a 401(k) savings plan and profit-sharing plans if eligible.
• Full- time employees are eligible to access fertility benefits designed to support fertility and family-forming journeys.
• In addition to the Firm’s health and welfare benefits above, we offer a competitive paid time off plan, which provides a minimum of 20 days off based on your role and tenure with the firm.
• The firm offers a generous paid parental leave benefit allowing parents to take a minimum of 14 weeks of paid leave to bond with your newborn, or adopted child(ren).
• Employees are also entitled to 11 Firm holidays.