Risk & Compliance Incident Response Engineer

Wilson Sonsini is the premier legal advisor to technology, life sciences, and other growth enterprises worldwide. We represent companies at every stage of development, from entrepreneurial start-ups to multibillion-dollar global corporations, as well as the venture firms, private equity firms, and investment banks that finance and advise them. The firm has approximately 1,100 attorneys in 17 offices: 13 in the U.S., two in China, and two in Europe. Our broad spectrum of practices and entrepreneurial spirit allow our staff exceptional opportunities for professional achievement and career growth.

The firm is actively seeking a Risk & Compliance Incident Response Engineer to join the IT department. This role will be leading the incident response process and part of an operational after-hours supporting team. This position will support projects and tasks under the general direction of the Director of Information Security Governance, Risk & Compliance. This position will also work closely with the Operations, Applications, Security and ServiceDesk teams, as well as many other internal or external engineers as needed or required.

This position is available as a fully virtual work schedule.

Responsibilities:

• Monitor, investigate, report, and respond to incidents (security or operational outages)
• Categorize, prioritize, and normalize an event to determine if it meets the threshold of a potential incident and declare an incident
• Coordinate response, triage and escalation of incidents affecting the information assets, IT operations and IT processes
• Assist in after-action activities resulting from any findings associated with an incident
• Assist and maintain standard operating procedures (SOPs) and runbooks to meet the needs of IR requirements
• Assist in ServiceNow IT service delivery
• Assist in building methodologies to enhance incident investigation processes
• Identifying hidden risks within technical controls, IT operations and processes
• Develop a comprehensive and accurate reports for all incidents
• Review DLP violation reports received from NetDocuments, or O365, and prepare violations reports
• Assist with NIST – CSF audit and provide recommendation for the remediation activities
• Assist in maintaining compliance with all IT policies and procedures
• Interact with threat management systems/tools to find critical/high risk systems and create threat analysis reports and initiate follow-up action, and help reducing the risk

Qualifications:

• Bachelors or higher degree in Computer Science, Cybersecurity, Information Technology, or related field of study desired
• ServiceNow experience and certifications desired
• 3+ year’s relevant experience in risk and compliance and cybersecurity
• One or more security certifications such as GCIH, CISSP, Security +, or other relevant security certification(s) required
• Knowledge of the NIST Cybersecurity Framework (CSF), NIST 800-53 and 800 – 61
• Knowledge of cloud environment such as MS O365 or AWS is preferred
• Possess strong analytical, problem-solving, multitasking and time management skills
• Excellent technical writing and verbal communication skills
• Must be able to work under pressure and meet deadlines, while maintaining a positive attitude and providing exemplary customer service
• Ability to work independently and to carry out assignments to completion within parameters of instructions given, prescribed routines, and standard accepted practices

The primary location for this job posting is in Washington, D.C.. The actual base pay offered will depend upon a variety of factors, including but not limited to the selected candidate’s qualifications, years of relevant experience, level of education, professional certifications and licenses, and work location. The anticipated pay range for this position is as follows: $105,400 - $142,600 per year.

The compensation for this position may include a discretionary year-end merit bonus based on performance. We offer a highly competitive salary and benefits package.

Benefits information can be found here. Equal Opportunity Employer (EOE).