
Information Security Threat Analyst
Gibson Dunn is a leading global law firm, advising clients on significant transactions and disputes. Our exceptional teams craft and deploy creative legal strategies that are meticulously tailored to every matter, however complex or high-stakes. The firm’s work is distinguished by a unique combination of precision and vision.
Based in New York, the Information Security Threat Analyst is responsible for detecting, investigating, and responding to information security events and incidents across the firm. The ideal candidate will have a strong background in law firm technology and a very good grasp of global law firm culture and its associated high sensitivity environment. Given the nature of the role, having the ability to build a level of trust with a wide array of stakeholders is of key importance.
This role reports to the Incident Response Lead.
Responsibilities include:
Incident Response & Security Operations
- Analyze and respond to security events and alerts generated by the firm’s security technologies, end users, and Managed Security Service Providers (MSSPs).
- Play a significant role in containing and remediating information security incidents, escalating in line with defined workflows and any relevant SLAs.
- Review alerts, context, and logs using the firm’s security information and event management (SIEM) platform and related tooling, and thoroughly document the results of investigations.
Threat Intelligence Management
- Manage the firm’s threat intelligence feeds, with a particular focus on improving the quality, relevance, and actionability of the sources consumed.
- Define and own the firm’s forward-looking threat intelligence strategy, particularly as AI reshapes the threat landscape.
- Establish a proactive threat hunting capability to identify threats and anomalous activity within the firm’s environment before they escalate.
Digital Forensics
- Build out and mature the firm’s digital forensics capability, including the selection and operation of appropriate forensics tooling.
- Conduct forensic analysis in support of investigations involving firm devices and data, coordinating with the wider InfoSec team, the Office of the General Counsel (OGC), and Human Resources (HR) as required.
- Ensure evidence is collected and preserved in a forensically sound manner, maintaining documented chain of custody appropriate to a legal environment and to potential litigation or regulatory review.
Red & Purple Team Coordination
- Serve as the internal owner for red and purple team engagements, defining the firm’s requirements, scope, and objectives for these specialized exercises.
- Manage the relationship with the third-party providers who deliver these engagements and ensure findings are tracked through to remediation.
Vendor Engagement & Management
- Provide ongoing oversight and coordination of the firm’s existing security vendors, ensuring they deliver against expectations and contractual commitments.
- Act as a key internal point of contact to keep vendor activity aligned with the firm’s security priorities.
- Support security due diligence and assessment of third-party vendors that handle firm or client data, in coordination with the firm’s procurement and risk functions.
Qualifications:
- Excellent interpersonal and leadership skills; able to brief executives under pressure.
- Ability to work in a multi-office environment and willingness to travel to other offices as needed.
- Strong written and oral communication skills.
- Organized, responsive and highly thorough problem solver.
Experience:
- University degree in a technology related discipline preferred.
- 3 years of experience working within the technology function, preferably within a global law firm, including significant time in dedicated information security roles with a focus on incident response and detection.
- Demonstrable experience with the core technologies used within a global law firm.
- Working knowledge of recognized security frameworks such as ISO27001 is helpful
- Proven discretion in handling highly confidential and privileged information, with sound judgment in a high-sensitivity environment.
Gibson Dunn will consider for employment qualified Applicants with Criminal Histories in a manner consistent with the requirements of local law.
Compensation & Benefits:
The annual compensation range for this position is $120-150k. The salary offered within this range will depend upon qualifications and other operational considerations.
Benefits offered for this position include health care; retirement benefits; paid days off, including sick time, and vacation time; parental leave; basic life insurance; Flexible Spending Accounts; as well as discretionary, performance-based bonuses.
______
For technical difficulties with our online application, please contact us at staffrecruiting@gibsondunn.com. Our recruiting support team will respond as soon as possible.
______
Gibson Dunn is committed to ensuring equal employment opportunities for all qualified applicants, including individuals with disabilities. We strive to ensure an inclusive and accessible hiring experience. The Firm will provide reasonable accommodations to qualified individuals with disabilities to enable participation in the application and recruitment process, unless doing so would impose an undue hardship, in accordance with applicable laws and regulations.
If you require a reasonable accommodation to complete an application, participate in an interview, or otherwise take part in the recruitment process, please contact us at recruiting-accommodations@gibsondunn.com. Please note, this is a dedicated email inbox established exclusively to assist applicants with accommodation request related to the recruitment process. Inquiries about the status of an application or other non-accommodation matter will not receive a response.
Apply for this job
*
indicates a required field