Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Jobs InfoSec Jobs

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

This listing has expired and therefore is not publicly viewable.

Senior Information Security Engineer
Company Davis, Polk, and Wardwell LLP
Location NYC
Preferred GIAC Certifications GCIH, GPEN, GCIA
Travel 10%
Salary Not provided
URL Not provided
Contact Name Human Resources
Contact Email hr.ny/at/
Expires 2021-05-05

Job Description

Davis Polk & Wardwell LLP is looking to grow their
Information Security function by adding a hands-on and
dynamic Senior Information Security Engineer that will
be a major contributor.
The firm is looking for a motivated individual to work on a
diverse set of security related projects and operational
This position requires an active hands-on security
practitioner who is at an expert Tier 3 level of
understanding of how to identify, investigate and
respond to potential suspicious activity using best of
class tools and methods. They should have the
capabilities and orientation towards a “purple” team
mindset; the ability to both red team test and validate
security controls using suitable tools, contemporary
techniques and self-developed scripts and then be able
to recommend, champion and assist in implementing
“blue” team solutions and defenses to address risks
identified from that red team testing.
This individual will be involved in the operational and
project sides of cyber security and should be both
enthused and adept at both.
Along with their expert cyber security knowledge, they
should be naturally capable of mature and clear
communication, be team oriented, have appropriate time
management skills, and have the ability to provide
knowledge growth and dissemination throughout the
This is not in any way an auditor or pure pen testing
Essential Duties and
Typical responsibilities include, but are not limited to, the
 Monitor and identify appropriate opportunities to
optimize the performance and status of all cybersecurity
 Participate in the timely root cause analysis, handling
and resolution of security incidents.
 Utilize advanced software and hardware tools to
identify and diagnose problems affecting network
security and/or presenting security risk.
 Perform internal vulnerability assessments and
penetration tests to identify risks.
 Assist in security compliance efforts.
 Work closely with the various technology teams in a
collaborative culture representing operational and
security standards.
 Assist in security project implementation from
conception, design, testing and implementation.
 Contribute to long-term security design strategy and
roadmap, core security architecture, and
 Seek to identify and recommend processes to
continue to optimize the delivery and value of Cyber
security services to the firm.
 MUST HAVE: Direct hands-on working knowledge
with a variety of Security tools including but not
limited to Firewall, VPN, SIEM, IDS/IPS, EDR, Pen
Testing, malware analysis and protection, content
filtering, logical access controls, DLP, Sniffers,
content filtering technologies, vulnerability scanners,
forensics software, and security incident response.
 Solid understanding of standard business processes
including Change Management, Problem
Management, Work Prioritization, Quality Assurance,
and Continuous Improvement best practices.
 Experience in using scripting languages to automate
tasks and manipulate data.
 Keeps well informed of emerging security products,
services, and standards with the goal of
recommending appropriate tech and processes that
move forward the continuous improvement of the
firm’s security posture.
 Ability to work in a fast-paced complex environment,
with the ability to multi-task, change direction,
effectively prioritize, and meet deadlines when
 A commitment to being a motivated part of a
dynamic forward-thinking team, with the ability to
work effectively and optimistically with both local and
remote staff, teammates and managers.
 Strong verbal and written communication skills.
 Ability and desire to share appropriate knowledge
and experience with others.
Education and/or
 Bachelor’s degree in Computer Science, Information
Technology or a closely related discipline is preferred
but not a necessity for a candidate with extensive
 A minimum of 7 or more years required of combined
IT and security work experience (at least 5 of those
years security specific and all 7 years, hands-on and
technical) with a broad exposure to
infrastructure/network and multi-platform
environments (Windows & Unix).
 Security related certifications are a plus. SANS/GIAC
certifications, especially in the 500 Series,