Senior Security Threat Specialist

Practice Group / Department:

IT Security – Operations and Risk

Job Description

We are a global law firm with a powerful strategic focus and real momentum. Our industry-focused strategy is seeing us take on pioneering work in places that others have yet to reach. Our shared values define our culture and our workplace. You will find us to be unusually collegial, team-oriented, and ready to innovate. We work seamlessly across practices, offices and around the world. This elimination of boundaries has allowed us to evolve into a law firm that works as hard for its culture as it does for its clients.

The Information Security team, led by the Global Chief Information Security Officer (CISO), work with unified principles and processes around the world while maintaining regional stakeholder relationships. High standards are achieved by the adherence to international best practice principles (ISO 27001) and continual improvement methodologies.

The scope of the Information Security function includes all strategic security planning and control oversight to ensure effective risk mitigation takes place within the firm. In many cases, the operational running of security controls is the responsibility of IT Service Delivery teams or departments such as HR, Facilities, Procurement, General Counsel, etc. The Information Security team remains responsible for ensuring the effectiveness of the overall control framework and ensuring that any related risks are identified / incidents managed.

The Role

The Senior Security Threat Specialist is a position in the global Information Security function at Norton Rose Fulbright. The role is responsible for proactively managing the threat landscape at the firm. Primary responsibilities include vulnerability management and threat management (including threat hunting). Other tasks include threat intelligence, threat hunting and service ownership of our vulnerability management products (such as Qualys, Rapid 7, Tenable Nessus, OpenVAS).

The Senior Security Threat Specialist role will work with colleagues and stakeholders in multiple geographies. The Threat Specialist will perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring. They will also determine the relevance of the threat to our business, through the application of a risk-based methodology and take action or pass action on to the relevant teams to counter the threat. The Threat Specialist will also identify vulnerabilities using multiple technologies (Vulnerability management platforms, penetration testing reports, Bitsight ratings, etc.) and operate the vulnerability management process ensuring remediation to target.

The success of this role is dependent upon building a lasting alignment between Information Security technology and business requirements. In particular, the role must take into consideration:

• The special requirements of the Firm with regard to client confidentiality, as well as regulatory requirements such as data protection.
• Achieving a balance between protecting the firm and ensuring that users can work effectively; being pragmatic but cognizant of risk.

Skills and Experience Required

• 5-10+ years in cybersecurity, with at least 3 years specifically focused on threat analysis, incident response, or related roles.
• Experience working in large, geographically dispersed global organizations where IT and Information Security have played a key role to the business.
• Experience in leading teams, projects, or initiatives related to threat intelligence or incident response.
• Direct experience with advanced persistent threats (APTs), nation-state actors, or other sophisticated attack groups.
• Involvement in real-world incident response cases and remediation.
• Experience with governing vulnerability management processes and technologies.
• Experience with the creation of reports, dashboards and metrics for presentation to senior management.
• Technical knowledge of various Information Security technologies and evidence of a continuous learning mind-set.
• Integrity and professionalism, with a consistent and uncompromising adherence to best practice.
• Stakeholder management skills, including the ability to communicate complex Information Security concepts in business language.
• Passionate and driven to exceed expectations and to deliver with integrity.
• A relevant industry certification, such as ethical hacking, CompTIA Security+, CISSP, SSCP, or similar, is an advantage.
• ISO 27001 qualification and / or experience is an advantage.

Norton Rose Fulbright US LLP is committed to providing employees with a comprehensive and competitive benefits package that supports you, your health, and your family. Benefit packages include access to three medical plans, dental, vision, life, and disability insurance. Employees can also access pre-tax benefits such as health savings and flexible spending accounts. Norton Rose Fulbright helps provide financial security by allowing employees to participate in a 401(k) savings plan and profit-sharing plans if eligible. Full- time employees are eligible to access fertility benefits designed to support fertility and family-forming journeys.

In addition to the Firm’s health and welfare benefits above, we offer a competitive paid time off plan, which provides a minimum of 20 days off based on your role and tenure with the firm. The firm offers a generous paid parental leave benefit allowing parents to take a minimum of 14 weeks of paid leave to bond with your newborn, or adopted child(ren). Employees are also entitled to 11 Firm holidays.

Norton Rose Fulbright US LLP is an Equal Opportunity/Affirmative Action Employer and complies with all applicable federal laws and their implementing regulations that require the collection and recording of certain data and information. The information we receive will not be used to make any decision regarding employment and will be kept separate from your application. Similarly, self-identification information is kept confidential and used only in accordance with applicable federal laws and regulations. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Norton Rose Fulbright is committed to providing reasonable accommodation as an Equal Opportunity Employer to applicants with disabilities. If you require assistance or accommodation to complete your application, please contact us.hr@nortonrosefulbright.com. Please provide your contact information and a description of your accessibility issue. We will make a determination on your request for reasonable accommodation on a case-by-case basis.

E-Verify is a registered trademark of the U.S. Department of Homeland Security. This business uses E-Verify in its hiring practices to achieve a lawful workforce.

Equal Employment Opportunity hiring-jobs.com EEO is the Law – Supplement hiring-jobs.com Pay Transparency