Information Security Analyst

Perkins Coie LLP is seeking an experienced Information Security Analyst. This position will perform duties related to keeping Perkins Coie information systems, data and personnel secure through the implementation and maintenance of an effective information security program. Specifically, the Threat and Vulnerability Analyst will use their specialized expertise to implement a proactive program that identifies vulnerabilities in operating systems and applications and incorporates threat intelligence information to define a risk-based management program that improves the firm’s security posture.

Primary responsibilities:

• Collection, analysis and reporting of actionable intelligence for the Information Security team and supporting organizations.
• Manage, monitor, and communicate the information security risks associated with inherent and residual vulnerabilities that may result in harm or disruption.
• Work closely with key stakeholders from IT, Business and Support functions to gather requirements, understand priorities, and communicate impact and context of vulnerabilities.
• Develop metrics that will measure the effectiveness of practices and controls to mitigate threats and vulnerabilities on a periodic basis.
• Develop dashboards that illustrate the effectiveness of risk mitigation over time.
• Responding to security incidents and reports from monitoring systems and personnel.
• Implement appropriate security controls, to meet security objectives and standards while allowing flexibility for the practice of law.

The ideal candidate will possess work experience in the areas of information security, vulnerability management, application testing, systems development and/or computer programming. They will have a detailed knowledge of at least one operating system and corresponding security controls such as Microsoft Windows, Apple macOS or Linux. The candidate must have experience with threat intelligence platforms and integration of threat information into a vulnerability management program. Excellent oral and written communications skills are a plus, as well as experience conducting penetration, application or vulnerability testing against a variety of platforms. Ability to exercise command scripts and execute programs to obtain the desired results and experience with patch management systems, such as SCCM and Flexera, are needed.

This position requires 2 year of information security operations experience, Bachelor’s degree preferred. Certifications in a related security domain such as SANS GCIA, or GSEC preferred.