We are always seeking talented, motivated, growth-minded, and creative individuals. Our firm is committed to providing employee support and advancement, while embracing inclusion and innovation as keys to a stronger future.
We invite you to explore the position below and to submit your application to join our team!
The Information Security Analyst will assist with the execution of IT security standards and best practices to ensure information system security across the enterprise. The Analyst will execute routine security operation procedures in response to security toolset alerts and security related service desk tickets, which may include SIEM analysis, malware analysis, cyber forensics, and system or application troubleshooting. The Analyst ensures information security controls are prioritized and maintained when clients and/or vendors require access to internal databases/applications.
Essential Duties and Responsibilities:
Provide consultation on security issues, staying abreast of current malware and other potential internet security threats.
Monitor compliance with information security policies and procedures, referring problems to the appropriate department manager.
Manage the Event Log Management system(s), investigating alerts, notifications, and events.
Perform security assessments of systems using tools to monitor and audit events.
Maintain current knowledge of information security changes, and plan for changes in response to dynamic business needs.
Continually develop skills, knowledge, and abilities to improve processes and procedures as well as to keep updated on trends and developments in the industry.
Participate in information security programs as needed and when directed.
Maintain information security policies and procedures to ensure security strategies are followed to meet the organizational security goals and standards.
Identify and resolve risks in accordance with the Firm’s security risk assessment processes.
Act as a liaison to the Information Systems department and monitor compliance with security standards; direct unsolved issues to the appropriate stakeholders/system owners.
Report information security incidents as per the incident response policy; manage RCA and remediation as directed by department leadership.
Review vulnerability scanning results regularly and report gaps to appropriate managers.
Analyze suspicious emails for potential threats and make remediation recommendations.
Analyze and respond to alerts from state-of-the-art endpoint detection and response toolsets.
Knowledge, Skills, and Abilities:
Knowledge of host hardening, auditing, logging and monitoring, network security, SIEM deployments, security analytics, anomaly detections, etc.
Possess a high level of personal integrity, the ability to professionally handle confidential matters, demonstrate the appropriate level of judgment and maturity, and instill confidence in both internal clients and team members.
Demonstrate a high degree of initiative and ability to work with little supervision.
Possess excellent written, verbal, and interpersonal skills to communicate and collaborate between highly specialized groups of professionals and law firm personnel, including partners and administrative managers.
Critical thinker with strong problem-solving, analytical, and organizational skills.
Strong knowledge of technological trends and developments in information and cyber security.
Demonstrated ability to analyze complex information security problems and recommend or implement solutions.
Ability to multi-task as well as prioritize appropriate actions to ensure obligations are met.
Education and/or Experience:
Bachelor’s degree in Cyber Security, Computer Science, Information Systems or related field; any equivalent combination of training, education and experience to meet the core responsibilities of the role may be considered.
Minimum of three (3) years of information security work experience in areas such as security operations, cyber forensics, and incident response.
Information security certifications (e.g. CISA, Security+, CySA+, PenTest+, GSEC) preferred.
Direct experience with Microsoft Active Directory, Group Policy Object management, email security, networking, firewalls, web filtering solutions, and malware detection and prevention techniques; Windows Server 2016, 2019, and 2022 Administration, Windows Event Management, and Windows Advanced Firewall experience is preferred.
Previous experience with cloud technologies (e.g., Azure AD, Entra ID, Intune) beneficial.
Demonstrated experience with next-generation cybersecurity software, such as CrowdStrike, Carbon Black, Windows Defender, Zscaler, Proofpoint, Cisco Umbrella, and similar, is preferred.
The Firm will comply with any applicable city or state workplace mandates in effect in regards to Covid-19.
This position description is intended to describe the general content of and requirements for the performance of the job. The statements contained in the position description are not necessarily all-inclusive and additional duties and responsibilities may be assigned as determined by business needs.
This position description does not constitute a written or implied contract of employment.
Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
California Applicants: Please visit our Privacy Notice and Notice at Collection to learn about our information practices in the Job Application and Employment context.
Equal Employment Opportunity
Troutman Pepper adheres to a policy of equal opportunity and will make all employment decisions, which include hiring, promotion, transfer, demotion, evaluation, compensation and separation, without regard to race, color, religion, sex, age, sexual orientation, gender identity or expression, national origin, pregnancy, citizenship, disability, genetic information, marital or armed forces status and any other classification as protected by law.
Compensation is dependent on several factors, such as position, location, education, training, and/or experience.
Hiring Salary Range: