The Senior Information Security Engineer is responsible for monitoring the IT security infrastructure within the Firm’s on prem and Azure cloud environments, articulating technical security requirements, monitoring the effectiveness of the existing IT security controls framework, making recommendations for enhancements, and raising the level of security awareness. The incumbent will be a part of the security team of engineers that safeguards the infrastructure and information across the Firm worldwide. This role involves implementation, maintenance and configuration of key Firm security initiatives.

• Engineer and design cloud security solutions within Microsoft Azure, make recommendations as needed
• Implement and / or improve logging and monitoring solutions in Azure and M365 to detect and respond to security threats in real time.
• Assess and select appropriate security controls and technologies for cloud environments.
• Assist with the management of the Firm’s deployed suite of security tools, including, but not limited to, SIEM, IDS/IPS, APT’s, End Point Protection Deception technology, PAM, MFA, DNS Security, CSPM, SSPM etc.
• Ensure the Firms Cloud systems adhere to Azure security best practices and baselines to ensure a secure configuration of Azure resources.
• Leverage the Firm's already deployed suite of tools to verify security controls within our cloud platforms, making recommendations as needed
• Advise and assist in Identity and Access Management (IAM) of Cloud resources, working closely with the IAM team to secure authentication to the Firm’s cloud resources.
• Advise and assist the Email and Applications team on secure policy creation within the M365 environment. (Sharepoint/onedrive, Teams, Exchange Online)
• Provide security guidance and support to Infrastructure Azure developers and engineers.
• Participate in the computer security incident response team efforts and other security investigation activities as assigned
• Work with other IT teams and participate in project design meetings from a security perspective.
• Drive continuous improvement through trend analysis reporting and metrics management
• Provide technical assistance to IT staff in the detection and resolution of security problems
• Coordinate multiple projects concurrently and influence the decision making process
• Work with information security leadership to develop strategies and plans to enforce security requirements and address identified risks
• Communicate and report issues, status, and results to senior management
• Perform other duties as assigned

• 8 years of experience in information security related responsibilities
• In-depth knowledge of Azure cloud services and architecture.

• Experience with Microsoft Defender for Cloud, Microsoft Defender for 365 and Microsoft Sentinel.
• Knowledge of Microsoft Entra ID , conditional access policies, and Azure Policy.
• Experience with Azure CLI and powershell.
• Experience in Azure Devops and scanning in CI/CD pipelines.
• Experience with logging in Azure using Azure Monitor, Event Hubs, and log analytic workspaces.
• Experience with Azure IAM technologies including Entra Identity Protection and JIT.
• Experience with Defender for M365 (Anti-phishing protection, anti-spoofing, anti-spam protection, Safe-Attachments, Safe Links, anti-malware solution)
• Knowledge with Terraform and securing terraform code.
• Knowledgeable in DLP, SIEM, AV, APT, Deception Technology, CSPM, SSPM
• Ability to effectively prioritize and execute tasks
• Ability to effectively present information verbally and in writing
• Must be able to work collaboratively in a team environment and independently
• Ability to handle sensitive and/or confidential material and information with suitable discretion
• Excellent interpersonal skills and a professional demeanor; ability to work effectively with all levels of Firm personnel and vendors

• Bachelor’s degree required
• Professional certifications, such as CISSP, CCSP, CCSK, or AZ-500.

Salary Information

NY only: The estimated base salary range for this position is $160k to $180k at the time of posting.

The actual salary offered will depend on a variety of factors, including without limitation, the qualifications of the individual applicant for the position, years of relevant experience, level of education attained, certifications or other professional licenses held, and if applicable, the location in which the applicant lives and/or from which they will be performing the job. This role is exempt meaning it is not overtime pay eligible.

Privacy Notice

For information about how Simpson Thacher & Bartlett LLP collects and processes your personal information, please refer to our Privacy Notice available at https://www.stblaw.com/other/privacy-notice.