Senior Information Security Specialist

Department

The Information Security Group is responsible for the firm’s information and cyber security.

Role Summary/Purpose of Job

The Senior Information Security Specialist is responsible for safeguarding our enterprise-level systems and data through managing threat hunting, vulnerability management, remediation, and conducting advanced red teaming exercises. The Senior Information Security Specialist will work collaboratively with cross-functional teams, ensuring security measures align with industry best practices, including the NIST and ISO Frameworks.

Key Responsibilities and Deliverables

• Conduct advanced threat hunting activities to identify and mitigate security threats.

• Lead vulnerability assessments and oversee the remediation process across enterprise systems.

• Plan, execute, and manage internal and external red teaming exercises to identify security gaps and weaknesses in systems, processes, and defences.

• Develop actionable recommendations based on red teaming results to enhance organisational security.

• Collaborate with internal stakeholders to ensure red team findings are understood and integrated into continuous improvement efforts.

• Maintain and enhance security operations in alignment with the NIST frameworks.

• Develop and implement security measures tailored to hybrid environments, with a focus on Azure and Google Cloud platforms.

• Utilise and manage Microsoft Defender, SIEM, and other threat management tools for monitoring and responding to incidents.

• Collaborate with IT, engineering, and business teams to mitigate threat and align to security practices across the firm.

• Stay current on emerging cyber threats and technologies, advising on potential impacts to the firm.

Key Requirements

• Experience in cybersecurity, with a focus on enterprise-level systems.

• Extensive experience in threat hunting, vulnerability management, and remediation.

• Proven expertise in managing and securing hybrid environments, particularly Azure and Google cloud.

• Strong understanding of technology infrastructure, including servers, networks, and databases.

• Demonstrated experience planning and conducting red teaming exercises, both internally and with external partners, to uncover vulnerabilities or gaps in security.

• Strong understanding of the methodologies and tools used in red teaming, including penetration testing techniques, social engineering, and physical security assessments.

• In-depth knowledge of the NIST frameworks and its practical implementation.

• Good knowledge of industry risk frameworks including specifically ISO27001:2022.

• Hands-on experience with Microsoft Defender, SIEM, and other leading threat management tools.

• Strong analytical skills with the ability to interpret complex data and develop actionable insights.

• Excellent communication skills for effectively liaising with technical and non-technical stakeholders.

Desirable

Relevant information and cybersecurity certifications (e.g., CISSP, CISM, CEH, or equivalent) are highly desirable

Inclusion

Freshfields is an equal opportunities employer and all applications received by the firm will be considered based on their merit alone and we welcome applications from all suitably qualified individuals regardless of background. All offers of employment will be conditional on the candidate having/securing the right to work in the UK and providing the firm with evidence of that right (as required by the Immigration, Asylum and Nationality Act 2006) prior to employment commencing.

Freshfields is a Ban the Box employer. We ask applicants to disclose criminal convictions only when a conditional job offer is made. A conviction does not automatically lead to withdrawal of the offer: we make decisions on a case-by-case basis and take a number of factors into account (e.g. the role you are applying for and the circumstances of the offence). You would have the opportunity to discuss the matter with us before we make a decision.