Information Security Analyst

This role is primarily responsible for executing the tactical and strategic initiatives of the Information Security team to include programs such as risk and vulnerability management, incident response, security architecture, cloud security and third-party vendor management. Work is typically assigned by the Information Security Manager, although the Information Security Analyst is expected to operate with minimal oversight and be able to identify areas of opportunity to get involved with information security tasks and initiatives. The ideal candidate is comfortable working in a fast-paced environment, communicating to technical and non-technical staff, and capable of switching between tasks as situations and criticality arise and be passionate about learning and continuous education.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned.

• Execute on security strategy as defined by the Information Security Manager.
• Participation in the Firm’s Vulnerability Management Program, working with cross-functional teams to identify, manage and mitigate security vulnerabilities across the Firm.
• Assist with the administration of the Firm’s Vendor Risk Management process, including analyzing and responding to third-party risk assessments.
• Monitor and respond to information security alerts and notifications (IDS/IPS, SIEM, AV/EDR, etc.).
• Design, review and administer Azure cloud security controls and architecture, including auditing Azure cloud environments.
• Utilize scripting languages such as PowerShell and Python to automate tasks and improve security operations.
• Collaborate and advise on IT projects to ensure security issues are addressed throughout the project life cycle.
• Assist other IT teams in developing and employing security solutions across various applications and product platforms.
• Administer and utilize various endpoint and network security tools, such as CrowdStrike, SIEM tools, Fortinet or other comparable advanced detection and response tools.
• Administer and utilize vulnerability scanning, packet analysis and exploitation tools such as Nessus, nmap, Wireshark, tcpdump, Metasploit or similar technologies.
• Design, review and aid with implementation of secure networks and system architecture (ex. network topology reviews, firewall ruleset reviews, minimum security baselines, etc.).
• Apply appropriate controls referenced in various security frameworks and standards, such as the NIST CSF Framework, NIST -, CIS Controls, etc.
• Monitor and secure Microsoft client and server systems, along with Fortinet and Cisco (or comparable) network devices.
• Assist with the management and maintenance of user security policy education, training and awareness programs.
• Conduct security research to stay abreast of latest security issues, including laws and regulations which may affect the Firm.
• Other duties as requested and assigned.

QUALIFICATION REQUIREMENTS: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

EDUCATION/EXPERIENCE:

• Bachelor’s Degree in Computer Science, Management Information Systems or related field with a minimum of - years of experience in Information Technology, or equivalent combination of education and experience. This must include - years of experience in Information Security with two or more of the following domains: Windows Systems Administration, UNIX/Linux Systems Administration, Networking, Access Control, Incident Response, and Information & Data Security.
• Preferred Certifications: Certified Information Systems Security Professional (CISSP) GIAC GSEC, GCIH, GCIA, GCWN, or equivalent certification CompTIA Security+, CySA+, Network+, CASP or equivalent certification Microsoft Azure Security Certifications ( AZ-, SC- to SC-)

TECHNICAL SKILLS:

• Demonstrated proficiency in Microsoft Office Suite including Word, Outlook, Excel, and PowerPoint.
• Proven aptitude to learn new software applications.

LANGUAGE SKILLS:

• Very strong communication skills, both written and oral. Excellent interpersonal communication skills necessary to maintain effective relationships with staff, trusted third-party partners, attorneys and clients. Establish credibility with staff and attorney base through quality work and communications that bring to bear the right mix of confidence, tact, persistence and reliability. Written communications must be concise, professional and accurate.

MATHEMATICAL SKILLS:

• Ability to add, subtract, multiply, and divide in all units of measure, using whole numbers, common fractions, and decimals.

REASONING ABILITY:

• Ability to apply common sense understanding to carry out instructions furnished in written, oral, or diagram form.
• Ability to deal with problems involving several concrete variables in standardized situations.
• Ability to define problems, collect data, establish facts and draw valid conclusions.
• Ability to interpret an extensive variety of instructions and deal with several abstract and concrete variables.
• Exhibit independent thinking and decision making.
• Ability to interpret an extensive variety of instructions in mathematical or diagram form and deal with several abstract and concrete variables.
• Ability to think strategically, develop tactics and execute pragmatically.

OTHER SKILLS and ABILITIES:

• Excellent organizational and planning skills with ability to prioritize multiple tasks and projects to meet deadlines.
• Ability to work under pressure in a fast-paced environment with demanding individuals.
• Strong analytical and organizational skills with a tolerance for uncertainty and an ability to prioritize and complete simultaneous projects with minimal supervision.
• Outstanding creativity; flexibility and persistence; motivation and energy with the ability to work with little supervision and collaborate with other members of the team.
• Ability to work overtime when needed. Work occasionally requires more than hours per week to perform the essential duties of the position.
• A tolerance for uncertainty and an ability to prioritize and complete simultaneous projects with minimal supervision.
• Thorough understanding of technologies that can be applied to firm operations and enhance working efficiency.
• Ability to exercise discretion with confidential and sensitive information.

PHYSICAL DEMANDS: The physical demands described here are representative of those that should be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• While performing the duties of this job, the employee is regularly required to sit; use hands to finger, handle, or feel objects, documents, books, pen/pencil, paper, controls and manipulate a keyboard, and input data into a PC; and talk or hear. The employee is frequently required to walk.
• The employee is occasionally required to use hands to prepare correspondence and reports on a personal computer.
• The employee is occasionally required to stand and reach with hands and arms. And stoop, kneel, bend, crouch or crawl.
• Ability to operate a variety of standard office equipment including a computer, copy and facsimile machines.
• The employee must occasionally lift and/or move up to pounds.
• Specific vision abilities required by this job include close vision, distance vision, peripheral vision, depth perception and the ability to adjust focus.

WORK ENVIRONMENT: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• The noise level in the work environment is usually moderate.

The salary offered in any location will be determined by a wide range of factors, including, but not limited to, experience level, education/training, geographic region, and relevant skills. Associates also participate in a performance- and hours-based bonus program. The expected annual salary for this position ranges from $,- $,

Baker & Hostetler LLP is an Equal Opportunity Employer.

LI-Remote