The Information Security Engineer is responsible for maintaining and supporting the firm’s cybersecurity tools, systems, and operations. This hands-on technical role ensures alignment with established policies, procedures, and security objectives by assisting in the implementation, configuration, and monitoring of security technologies. The Information Security Engineer will work closely with IT and security teams to identify and respond to threats, remediate vulnerabilities, and uphold the security of firm assets and data.

This position plays a critical role in the day to day operations of the firm’s information security program. The ideal candidate will possess strong technical expertise, attention to detail, and the ability to clearly communicate security concepts. The Information Security Engineer must be capable of acting swiftly and decisively during incidents and will contribute to the firm’s proactive defense strategies and compliance initiatives.

Responsibilities 

• Monitor and support daily security operations, including analysis and maintenance of cybersecurity tools and infrastructure. 
• Investigate, respond to, and document security incidents, assist with root cause analysis and corrective actions. 
• Manage and contribute to cybersecurity projects by planning, coordinating, and executing initiatives such as security tool deployments, configuration enhancements, and remediation efforts.
• Assist in the execution of the firm’s vulnerability management program and risk mitigation efforts across IT systems. 
• Maintain and optimize security tools such as SIEM, EDR, vulnerability management platforms, and secure email gateways. 
• Collaborate with IT teams to incorporate security best practices into system implementations and configurations. 
• Recommend and apply technical controls to enforce security policies and support compliance with regulatory and client requirements. 
• Contribute to the delivery of security awareness training and education in partnership with the Information Governance team. 
• Provide status updates and reports to the Director of Information Security on operational performance, risks, and project progress. 
• Assist in the completion of client security assessments and the implementation of related remediation tasks. 
• Support the management of relationships with security vendors and third-party service providers, ensuring deliverables meet expectations. 
• Participate in security assessments and testing of systems, networks, and applications. 
• Contribute to the development and refinement of security policies and procedures based on evolving threats and best practices. 
• Work cross functionally with IT and other departments to ensure alignment with the firm’s cybersecurity goals. 
• Support compliance and audit efforts by gathering evidence, tracking remediation, and reporting as needed. 
• Stay current on emerging security threats, technologies, and industry trends. 
• Assist in the continuous improvement of security operations, tools, and incident response processes.

Experience and Requirements

• Bachelor’s degree in information systems, cybersecurity, or related field, or equivalent experience. 
• CISSP or similar certification is required, additional certifications (e.g., CISM, CEH, GIAC) are a plus. 
• Minimum of 4 years of experience in information security or a related IT security focused role. 
• Hands-on experience with security technologies, including SIEM, EDR, vulnerability management tools, firewalls, and email security platforms. 
• Demonstrated ability to investigate and respond to security incidents and alerts. 
• Familiarity with information security frameworks such as NIST CSF or ISO 27001. 
• Knowledge of relevant regulatory and compliance standards (e.g., HIPAA, GDPR, SOX). 
• Ability to draft and contribute to security documentation, policies, and procedures. 
• Strong analytical, troubleshooting, and problem-solving skills. 
• Effective written and verbal communication skills, with the ability to explain complex topics to various audiences. 
• Experience contributing to or supporting security awareness initiatives is preferred. 
• Highly organized and capable of managing multiple tasks in a fast paced environment.