IT Security Engineer

Washington, District of Columbia, United States | Full-time | Partially remote

Apply

ZwillGen is a boutique law firm that represents some of the biggest names in technology on a range of Internet-related legal issues including cybersecurity, privacy, government surveillance, alternative data, and fantasy sports. We offer a hard-working, joyful, and casual work environment.

ZwillGen PLLC is looking for an IT Security Engineer who is ready to hit the ground running, hungry for a challenge and wants to work in a predominantly Mac OS environment!  We are seeking a highly skilled and detail-oriented Security Engineer to join our law firm’s IT department. The Security Engineer will be responsible for implementing and maintaining robust security measures to protect our firm's sensitive data, including client and firm information, legal documents, and communications. The ideal candidate will have a deep understanding of cybersecurity principles, experience with security infrastructure, and the ability to anticipate and mitigate potential security threats. This role will also provide support to ZwillGen’s subsidiaries.

Key Responsibilities

·       Conduct regular security assessments, vulnerability testing, and risk analysis to identify potential threats to the firm’s IT systems. Recommend and implement appropriate risk mitigation strategies.

·       Primary contact for third party audits of the Firm’s security practices in connection with potential certifications (ISO Certification)

·       Develop and maintain firm incident response plans and corporate security policies and procedures. Lead investigations of security incidents and respond promptly to security incidents, minimizing the impact on the firm’s operations. Conduct regular IRP testing.

·       Ensure compliance with relevant legal and regulatory requirements (e.g., CCPA, GDPR, HIPAA). Develop, update, and enforce security policies and procedures tailored to the law firm environment.

·       Work with external teams (SOC, EDR vendors) to continuously monitor network traffic, security logs, and alerts for suspicious activity. Generate and present regular reports on the security status to senior management.

·       Manage and deliver security awareness training for staff, promoting best practices and reducing the risk of human error.

·       Administer and maintain user end point security measures and provide expertise in all security related applications and software.

·       Review, complete and submit third party security questionnaires from clients and review outside counsel guidelines  

·       Work closely with legal teams, IT staff, and external vendors to ensure that security measures are integrated into all aspects of the firm’s operations, including new projects and technologies.

·       Manage the regular updates and patching of security agents to systems and software to protect against vulnerabilities.

  • Assist in the design, implementation and management of the firm’s security solutions, including firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus software, encryption protocols, and secure access controls
  • Collaborate with the IT team and other administrative personnel in review of new or existing systems and software to ensure security requirements are satisfied, (including risk assessment).
  • Manage the firm’s vendor management program including the evaluation and audit of security practices of third-party vendors.
  • Other duties may be assigned.

 

Qualifications

·       Bachelor’s degree in Computer Science, Information Security, or a related field. Equivalent experience may be considered.

·       Minimum of 3+ years of similar level role in cybersecurity, with a focus on security engineering. Experience in the legal or financial sector is a plus.

·       Industry certifications such as CISSP, CISM, or equivalent are highly desirable.

Technical Skills

·       Proficiency in security technologies, including firewalls, VPNs, SIEMs, IDS/IPS, and endpoint protection.

·       Strong understanding of encryption technologies, secure coding practices, and network security protocols.

·       Familiarity with compliance requirements such as CCPA, GDPR, HIPAA, and other relevant regulations.

·       Familiarity with security certifications (e.g, ISO, SOC)

·       Strong problem-solving and analytical skills, with the ability to identify and mitigate risks effectively.

·       Excellent written and verbal communication skills, with the ability to convey complex security concepts to non-technical staff.

·       High level of attention to detail and the ability to manage multiple tasks in a fast-paced environment.

  • Experience with cloud platforms such as Microsoft Azure, MFA and Identity components within Entra (Enterprise Applications/App Registrations, etc.).

Why Join Us?

·       Opportunity to work in a dynamic and respected law firm with a commitment to data security and client confidentiality.

·       Collaborate with a dedicated team of professionals in a supportive and inclusive work environment.

·       Competitive salary and benefits package, including opportunities for professional development.

Compensation

ZwillGen is committed to providing transparency in compensation, in accordance with applicable wage transparency laws, The salary range for this position is $130,000 - $150,000 annually. Actual compensation will be determined based on factors such as the candidate's qualifications, skills, and experience.

Additionally, ZwillGen offers a comprehensive benefits package, including medical, dental and vision insurance, 401(k) retirement plan, paid time off, and short-term and long-term disability, which are available to employees in this role.