Information Security Engineer

Duane Morris LLP

Philadelphia

Description

Job Title: Information Security Engineer

Department: Information Services

FLSA Status: Exempt

Overview: Duane Morris LLP, a global law firm with 900+ attorneys in offices across the U.S. and around the world, offers innovative solutions to the legal and business challenges presented by today’s evolving global markets.

Summary:

The Information Security Engineer is a technical leader and hands-on practitioner responsible for safeguarding the Firm's information assets. This individual engineers, deploys and administers security solutions and controls that defend the enterprise against evolving threats while preserving business agility and innovation. The role spans across networks, systems, and data environments, partnership with IT and business stakeholders for Security projects, and participation in incident response. The engineer brings a consultative mindset, anticipating stakeholder needs and driving security projects that elevate the Firm's overall posture. The ideal candidate combines deep technical curiosity, a passion for security and a desire to learn continuously and share knowledge with others.

Engineering Responsibilities:

  • Implement, administer, and improve security solutions and controls across endpoints, networks, cloud platforms, identity systems, email, and data protection solutions.
  • Partner with IT teams and internal and external business stakeholders to embed security into hardware and software evaluation, selection, installation, and configuration.
  • Analyze existing network, system, and application architectures, recommend improvements, and document how new systems or interfaces alter the security posture of the current environment.
  • Automate repeatable security tasks and improve reporting where possible.
  • Security Operations
  • Build, administer, and establish baseline configurations for a broad portfolio of security controls, including next-generation firewalls, zero trust, threat and detection engineering, EDR, vulnerability management, SIEM, identity and access management, and DLP.
  • Operate these solutions across a diverse technology landscape, acting as a subject matter expert as required.
  • Monitor, investigate, and respond to security alerts and suspected incidents.
  • Lead vulnerability and threat management activities, including scanning, triage, remediation planning, reporting, and validation.
  • Design and maintain Information Security documentation including procedures, processes and contribute to overall Information Security program management

Risk Assessment

  • Continuously evaluate the threat landscape, assess systems for resilience, and implement new security technologies or controls to mitigate evolving risks.
  • Conduct regular security assessments to identify vulnerabilities and potential exposures.
  • Perform information and cyber security reviews of changes across the technology environment.
  • Work with IT and business stakeholders to make sure security is part of how new hardware and software gets evaluated, selected, and configured.
  • Support the review of cybersecurity policies, architectures, and standards.

Incident Response

  • Serve as an Incident Response Team member, supporting forensics and incident response activities including containment, recovery, root cause analysis, and post-incident improvement.
  • Apply cybersecurity and digital forensic tools and techniques to automate security tasks, streamline incident workflows, and continuously improve the Firm's overall security posture.

Project Management

  • Plan and execute Information Security projects and represent the Information Security team on initiatives led by other groups.
  • Create and maintain accurate documentation
  • Contribute to the security awareness program.
  • Support audits, client security reviews, and due diligence requests as needed.

Qualifications:

  • Bachelor's degree in Computer Science, Information Systems, Computer Engineering, Digital Forensics or a related discipline (or equivalent experience and technical background). Minimum of 4 years of hands on security experience required; SOC, DFIR or security engineering background preferred. CISSP, GSEC, GCIH, CISA, or comparable certification preferred.
  • Technical depth in two or more areas such as IAM, VPN, network monitoring, intrusion detection, web server security, wireless security, cloud security or digital forensics. Hands-on experience with web content filtering, anomaly detection, and vulnerability scanning.
  • Strong understanding of security domains across network/perimeter security, zero trust, event monitoring, vulnerability assessment, intrusion detection and response, encryption, enterprise authentication (e.g., SAML/SSO, Active Directory, 802.1x, passwordless), EDR, PIM/PAM, content filtering and data protection.
  • Working knowledge of protocols such as TCP/IP, SSH, SSL, HTTP, GRE/IPSec.
  • Experience with security standards and frameworks such as NIST CSF, ISO 27001, SOC2, CIS, OWASP including the ability to assess compliance requirements and implement necessary controls.
  • Strong written and verbal communication skills with the ability to articulate complex security topics to less or technical audiences and translate technical risk into business impact.
  • Sharp decision-making, problem-solving, and troubleshooting abilities.
  • Self-motivated, results-driven, and collaborative, with excellent time management and organizational skills. Able to manage multiple concurrent projects, forecast needs, motivate peers, and contribute to a positive, professional team culture.

Preferred Qualifications:

  • Experience in a law firm, professional services, or consulting environment.
  • Experience with Microsoft security tools such as Defender, Sentinel, Entra ID, Purview, or Intune.
  • Experience with scripting or automation using PowerShell, Python, or similar tools.
  • Security certifications such as CISSP, GSEC, GCIH, CISA, Security+, Microsoft security certifications, or similar credentials.

Ideal Candidate:

  • Hands-on, practical, and technically curious.
  • Comfortable working across multiple security areas.
  • Clear, professional, and effective in communication.
  • Able to operate independently while knowing when to escalate.
  • Interested in helping build a security function, not just operate existing tools.
  • Strong sense of ownership, judgment, and accountability

Benefits:

  • Comprehensive healthcare, dental, vision, and prescription plans.
  • Commuter, HSA and FSA spending accounts
  • Short-term and long-term disability and life insurance coverage
  • 401k and Pension Plan
  • 20 vacations days, 11 paid holidays
  • Employee Referral Bonus ($3,000.00)

Accommodation Statement: If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please contact Nate Maxwell at 215-979-1000.

California Applicants: Please visit our Privacy Notice and to learn about our information practices in the application and employment context.

Disclaimer: The above is intended to describe the general content of and requirements for the performance of this job. It is not a contract or employment agreement and is not to be construed as an exhaustive statement of all functions, responsibilities or requirements. In addition, Duane Morris reserves the right to amend, suspend or terminate any benefit plan, in whole or in part, at any time. The authority to make such changes rests with the Plan Administrator