Security Tooling Engineer

The role

This is a new role, reporting to the Head of Information Security requires a fast-learning and self-motivated individual to add capability and capacity to our small team.

Information & Cyber Security is evolving to dynamic business needs, a rapidly changing threat environment, and the firm's own ambitious IT Strategy. This role will help play a key part in implementing and improving the underlying processes required to provide a structured, systematic, and audited approach to Information & Cyber Security Systems and products that are used by the firm. The role will have clear areas of focus combined with periodic involvement in a broad spectrum of security activities. This role will look after the service and engineering requirement of Security owned services. This is a unique role as it will act as a service owner with both service and technical engineering as core parts of their role.

Who you will work with

You will work with Head of Information Security, Security Architects and Cyber Security team.

What you will be responsible for

• Has experience of A.I. (ChatGPT/Microsoft Co-Pilots, Claude) and understanding of Generative A.I workflow and leads the Security A.I tooling.
• Ensure that the Firm has the requisite engineering capability to investigate, prevent and remediate against security breaches, incidents, and deviations from security procedures.
• Own and a manage the relationship of Information and Cyber Security owned technology service lines. Liaising with suppliers technical and operations service to maintain the operational effectiveness of security engineering state. Where products fail to perform or require intervention with the Head of Information Security to rectify the problem.
• Take accountability to produce high-quality support documentation and knowledge base articles necessary to support the implementation of a new or significantly changed security owned services.
• Provide support and cover for certain time-critical elements of Information Security team responsibilities, such as incident management, security investigations and associated tasks.

What you will do

• Provides engineering support to Security Power Platform services (PowerAutomate/LogicApps/PowerBI/Azure Foundry etc.) Develop and oversee any security related system scripting or query building that needs to be performed to preserve system stability and/or reliability, availability, and continuity (Python, PowerShell, KQL).
• Has solid understanding of GitHub and secure development environments as well as various SaaS, PaaS and IaaS environments (Microsoft, Google, Amazon Aws)
• Work alongside with Security Architects to develop low level solution designs, manage the implementation of designs and make sure the designs are approved by the appropriate architecture authorities
• Support and Engage with the Architecture, Technical Design Authority and Project Management functions to understand high level project design, constraints, business requirements and the features required of any design
• Maintain familiarity with common attack techniques and their remediation/defence including EDR/XDR, DoS, DDoS, Social engineering, Virus, Malware, Vulnerability exploitation, Phishing & Spear Phishing, Worms, Trojans, Rootkits, Ransomware, XSS, SQL Injection, Remote Command Execution, Session Hijacking, etc.
• Strong understanding of Operating Systems and Cloud Security Engineering focusing on controls and capabilities. With a Solid grasp of security protocols, cryptography, authentication, authorisation, and network security implementations
• Implement and configure tools to improve our reactive and proactive security posture, such as collaborating with other teams to develop automation strategies
• Participate in the evaluation, selection and implementation of security products and technologies. 

Your experience

• The candidate must have experience of portfolio of technology products from an IT and Security Engineering perspective. Full understanding of how security products require extra configuration and attention to detail from normal IT based products.
• They should have at least be able demonstrate clearly from experience the implementation of at least two security engineering services.
• Ideally the candidate will have a working knowledge of ISO27001, SANS20 and NIST cyber security frameworks. They should be able to rapidly assimilate technical information to assess and document risks, have the knowledge and skills to engage with different levels of seniority, balance the need to obtain information with provision of support and advice, and continually demonstrate how Information Security supports the firm's business objectives and our clients' need for information assurance. They should be able to apply an organised approach to managing and prioritising multiple concurrent assignments.
• Although no formal qualifications are mandated, the successful candidate is likely to be degree educated and have one or more of the following – ITIL, CISSP, CISA, CISM or CRISC.
• It is essential that the successful candidate is a self-starter with an inquisitive, pragmatic, and flexible approach backed by the tenacity to pursue enquiries through to a timely conclusion.  It will be important to remain focussed on the strategic goals whilst maintaining an eye for detail. 
• The role may bring the candidate into contact with sensitive information and, as such, the ability to press ahead to a pragmatic conclusion whilst exhibiting the utmost discretion is important.
• Experience in developing and using structured documentation process, format, logical content, version control etc is also important 

How we will support you

From your first day with us, you will have varied opportunities to continuously grow and development your skills and knowledge. From formal training, informal coaching and mentoring through to skills-based and technical training and on the job learning 

Who we are

We are one of the largest international law firms in the world. With over 30 offices across the globe, we strive to exceed the expectations of our clients, providing them with the highest-quality advice and legal insight, which combines the firm’s global standards with in-depth local expertise.

Our firm, work and people span jurisdictions, cultures, and languages. We offer our clients a truly international perspective. We believe every career should be rewarding and stimulating - full of opportunities to learn, thrive, and grow. That’s why we’re so proud of our inclusive, friendly, and team-based approach to work.

You’ll find our clients in commercial and industrial sectors, the financial investor community, governments, regulators, trade bodies, and not-for-profit organisations. But no matter who they are or why they’ve reached out to us, we provide a world-class service every step of the way. And that’s possible thanks to the entrepreneurial spirit and conscientious approach to work that you’ll find across all of our teams.

Whichever area of the business you join, you’ll become an integral part an innovative, diverse and ambitious team of people. Clifford Chance is a place where the brightest minds and the best of colleagues meet.

Equal opportunities statement

At Clifford Chance, we understand that our true asset is our people. Inclusion is good for our team and their families, our firm and society.

We are committed to treating all employees and applicants fairly and equally regardless of their gender, gender identity and expression, marital or civil partnership status, race, colour, national or ethnic origin, social or economic background, disability, religious belief, sexual orientation, or age.  This applies to recruitment and selection, terms and conditions of employment including pay, promotion, training, transfer and every other aspect of employment.

We have a variety of flourishing employee networks. These networks are a place for colleagues to share experiences and advocate for change wherever they see an opportunity for improvement.

Our goal is to deliver an equality of opportunity, an equality of aspiration and an equality of experience to everyone who works in our firm. 

Find out more about our inclusive culture here

#LI-Hybrid