The Information Technology Department of Arnold & Porter has an opening for an Information Security Engineer in the Washington, DC office or may work 100% virtual/remote in a firm-approved U.S. state as part of the “Gideon” office.  The Information Security Engineer is a technical security expert responsible for supporting security operations, engineering, and architecture functions and efforts for Arnold & Porter.  Under the direction of the Manger of Information Security, the Information Security Engineer helps to ensure the overall security posture of the firm, and is expected to be involved in day-to-day security operations and contribute to ensuring the integrity and availability of the firm’s IT and application infrastructure and the confidentiality, integrity, and availability of the firm’s data in support of enterprise IT objectives and client service delivery needs.

Responsibilities include but are not limited to:

• Security Operations
  
  • Performing security log and event analysis taking appropriate action as directed or required to address security risk issues or events / incidents using EDR, SIEM and log aggregation systems.
  • Monitoring and proactively executing the vulnerability management program to prevent or reduce IT hygiene risk issues from impacting production systems.
  • Maintaining and managing security toolsets as assigned, that help to mitigate or respond to security events and incidents including, but not limited to:
    
    • Application control systems
    • EDR/AV
    • Email Security platform
    • Attack simulation platform
    • Threat intelligence/hunting
    • Security related artificial intelligence tools
  • Supporting security incident response and investigation efforts as directed.
  • Helping validate and track IT operational activities to ensure compliance with policy, standards, and other applicable requirements, or as directed by organizational needs.
  • Researching and identifying security vulnerabilities and relevant industry / cybersecurity trends for follow-up and action.
  • Regularly reporting and tracking IT security events and metrics along with remediation activities.
  • Helping support third-party risk management efforts as assigned.
  • Helping support the firm security awareness training program as assigned.
  • Helping support the firm’s IT Compliance efforts as assigned.
  • Participating in IT Security on-call rotation.
• Security Engineering & Architecture
  
  • Advising and assisting with planning of security systems and standards by evaluating network and security technologies, developing security requirements for the enterprise infrastructure, and maintaining overall user access and data protection control in support of enterprise objectives and client service delivery.
  • Reviewing newly requested applications and SaaS and application changes for security impacts and possible remediation to address security risk.
  • Actively participating in the enterprise Change Advisory Board (CAB).
  • Conducting research and providing recommendations on methods, software, and technologies to mitigate risk exposures.
  • Helping to develop and contribute to security policies, standards and procedures to maintain an appropriate security posture and/or compliance with applicable requirements.

Qualifications:

• Education/Experience
  
  • Four year college degree preferred; equivalent experience will be considered.
  • Minimum of three (3) years of experience in Information Security, or equivalent experience in IT-related fields with secondary security responsibilities.
• Technical Skills
  
  • Experience and understanding of Windows, Unix/Linux, and Active Directory.
  • Solid understanding of core networking protocols, including TCP/IP, UDP, DNS, DHCP, HTTP/HTTPS, routing protocols.
  • Experience and technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, application security, and cloud security.
  • Proficient in Windows operating systems, Microsoft Office Suite, and related software.
  • Skilled in leveraging artificial intelligence tools for daily work.
  • Strong remote collaboration capabilities.
• Communication & Writing
  
  • Communicate complex technical information clearly to non-technical audiences.
  • Excellent oral and written communication, including reports, business correspondence, and procedure manuals.
  • Effective presenter to diverse groups, including managers, clients, and the public.
  • Ability to identify and apply the appropriate method of communication.
• Professionalism & Judgment
  
  • Strong personal initiative, judgment, and professionalism.
  • High level of confidentiality and discretion.
  • Exceptional client service for both internal and external stakeholders.
• Problem-Solving & Strategic Focus
  
  • Strong problem-solving skills and strategic thinking.
  • Ability to define goals, prioritize tasks, and follow through to achieve results.
  • Detail-oriented with excellent organizational and time management skills.
  • Capable of handling multiple tasks in fast-paced environments.
• Flexibility & Commitment
  
  • Reliable, dependable, and motivated.
  • Flexible to work additional hours as needed.
  • Willingness to travel (1–4 weeks per year, or more if required).

The anticipated base salary for this position is $122,000 to $160,000. The actual base salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job.

For benefits information, please click here https://www.arnoldporter.com/en/careers/professional-staff/benefits.

The firm may provide a discretionary bonus annually.