Foster Garvey PC, one of the Pacific Northwest's leading law firms, is looking for an Information Technology Security Engineer to join our Seattle office IT team. This position will lead the charge in developing, testing, documenting, and implementing information security controls and solutions firm wide. The ideal candidate will be an innovative forward thinker with a track record of successfully leading teams in proactive security compliance.
Responsible for developing, implementing, monitoring, and enforcing security policies and procedures for the Firm’s Information Technology.
Define, build, and manage control test plans to test, validate, and audit controls. Test plans may include hands on testing of infrastructure to validate control effectiveness.
Recommend new and enhance existing policies, standards, procedures, and guidelines to prevent the unauthorized use, release, modification, or destruction of firm data.
Perform network and systems audits, vulnerability scans, and implement system hardening standards.
Design and build the security infrastructure for all IT related projects.
Manage and maintain configuration and patch management process.
Research and analyze emerging security threats and recommend industry best practices for mitigating the Firm’s risk.
Collaborate with local IT teams, consultants, Information Governance, and General Counsel in promoting and establishing an ideal security structure for the all firm practices.
Communicate complex concepts with senior management, IT personnel, auditors, and external stakeholders in a clear and concise manner.
Key stake holder for change control process and procedures.
Perform Vendor Risk Assessments.
Provide security awareness orientation, training, and direction to all Firm employees.
Perform other tasks under the direction of management.
Specific Duties & Responsibilities, Percentage Of Time
50% Technical Security
25% Project Management
10% Liaison to other department heads, users and stakeholders.
10% Research and analysis.
5% Other duties as assigned.
5 + years' experience operating as a security resource in an enterprise environment
Must hold a current Certified Information Systems Security Professional (CISSP) certificate
Certifications in one or more of the following preferred: ISO 27001 Lead Auditor/Implementer, GIAC, GPEN, CISA, CRISC
Cisco, Juniper, and Sonicwall networking security experience required
Prince2, PMP, ITIL, MCSE certifications a plus
Scripting skills in Python, Bash, Pearl, and/or Powershell a plus
Hands on experience with security tools and solutions – PKI, AV, IPS/IDS, vulnerability and penetration testing, OS Hardening, VPN, Content Filtering, Proxies etc.
Direct experience building enterprise security compliance policies
Strong time management and organization skills required
Strong project management skills required
Must be a team player with excellent interpersonal and communication abilities
Ability to communicate at a technical level with technical professionals and communicate complex technical concepts to non-technical Firm management
BA/BS Degree in Computer Science, Information Technology/Security/Assurance, or other engineering discipline is desirable but not required.
Medical, dental, 401K, competitive wages and transportation subsidy.
To apply for this position, visit www.foster.com/careers and complete the online application, including your resume and a cover letter.