About Kirkland & Ellis
Kirkland & Ellis LLP is a preeminent, full-service law firm with offices around the world and a staff as diverse as the practice areas we support. Our clients range from Fortune 100 companies to medium and small corporations, financial institutions, and private equity firms. Known for our commitment to excellence, Kirkland strives to provide superior service to our clients as well as our fellow employees. From Information Technology to Human Resources, Paralegal Services to Business Development, Kirkland offers non-attorney professionals challenging careers in a variety of functional areas. Whether starting or growing your career, Kirkland can offer a performance-driven culture filled with bright and innovative teams of co-workers.
Essential Job Functions
The Security Engineer II performs security risk assessments on new and current technologies, analyzes and reports on vulnerabilities as part of the overall vulnerability management function, collaborates with Security Architecture on projects, and provides subject matter expertise for Information Security.
- Perform Risk Assessments for IT projects, technologies and third-parties (e.g., vendors and service providers). Respond to security assessments, questionnaires and audits from clients and third-party business partners.
- Subject matter expert for Information Security, consulting to technical and non-technical management, and attorneys as necessary.
- Evaluate and recommend security technologies and solutions. Plan and execute projects to implement new technologies and controls or to upgrade existing ones. Create and maintain system, procedural and support documentation.
- Contribute to the development and maintenance of security policies, standards, processes and guidelines.
- Participate in issues management (exception and findings requests) as needed.
- Collect information on emerging threats including software vulnerabilities. Coordinate triage of and response to vulnerability information. Disseminate this information regularly to firm staff and management as appropriate.
- Participate in long-term strategy and planning for Information Security.
Qualifications & Requirements
Education, Work Experience, Skills
- Five (5) years of work experience in IT Security is required
- 4-year college degree in information technology or equivalent experience
- Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) are preferred
- Experience with assessments in Windows and Unix is required
- Knowledge of IT security controls and IT infrastructure is required
- Understanding of cloud technologies such as Microsoft Azure IaaS and SaaS
- Scripting/automation experience such as Python, PowerShell and API integrations is preferred
- Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG… is required
- Outstanding communication (verbal, written, visualization and listening) skills
- Self-starter who can work independently as well as in a team setting
- Interest in understanding customer perspective to aid in the development of the right solution
- Commitment to delivering quality solutions
- Ability to communicate technical topics to a non-technical audience
- The ability to research and solve complex security and networking challenges
- Demonstrated personal skills to effectively cooperate and communicate with business partners
- 2 plus years’ experience in the design of strong security architectures that protect networks from threats and vulnerabilities
- Demonstration of strong business acumen with analytical, interpersonal, multi-tasking, negotiations, industry knowledge, project management and communication, written as well as oral skills
- Knowledge of security technology capabilities
- Knowledge of cloud capabilities, controls and implementation
- Knowledge of security administration and role based security controls
- Knowledge of authentication technologies and their interaction with different platforms, both on-site and remote
- Knowledge of Identity & Access Management technologies
- Knowledge of anti-malware technologies
- Knowledge of Intrusion Detection and Intrusion Prevention technical capabilities
- Knowledge of both client and server firewalling technologies and their configuration and administration
- Knowledge of security systems log correlation and analysis
- Knowledge of data encryption technologies
- Knowledge of Endpoint Detection and Response tools
- Knowledge of vulnerability assessment and forensic tools
- Knowledge of web filtering and email SPAM prevention techniques
Certificates, Licensures, Registrations
- Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) are preferred.
- This job operates in a professional office environment. This role routinely uses standard office equipment such as computers, phones, photocopiers, and filing cabinets.
How to Apply
Thank you for your interest in Kirkland & Ellis LLP. To complete an application and submit your resume, please click "Apply Now."
Equal Employment Opportunity
All employment decisions, including the recruiting, hiring, placement, training availability, promotion, compensation, evaluation, disciplinary actions, and termination of employment (if necessary) are made without regard to the employee’s race, color, creed, religion, sex, pregnancy or childbirth, personal appearance, family responsibilities, sexual orientation or preference, gender identity, political affiliation, source of income, place of residence, national or ethnic origin, ancestry, age, marital status, military veteran status, unfavorable discharge from military service, physical or mental disability, or on any other basis prohibited by applicable law.
The www.kirkland.com job postings and recruiting mailbox are for candidates only. If you are a recruiter, search firm or employment agency, and do not have a signed contract with Kirkland & Ellis LLP ("K&E") and have not been asked specifically to submit candidates, you will not be compensated in any way for your referral of a candidate even if K&E hires the candidate. Direct contact with K&E employees in an attempt to present candidates is inappropriate and will be a factor in determining any future professional relationship with the Firm.