Security Analyst

About

The Security Analyst will play a critical role in establishing and operating the firm’s information security program. As the firm builds its security department, this role will focus on laying foundational security controls, supporting compliance and client security requirements, monitoring for threats, and partnering closely with IT, Operations, and the firm’s MSP. This position is ideal for a pragmatic, hands-on security professional who is comfortable building processes from the ground up and helping a growing organization mature its security posture in a highly regulated legal environment.

Primary Job Duties

Security Operations & Monitoring

• In tandem with the MSP’s SOC, monitor security tools and alerts (e.g., endpoint protection, SIEM, email security, identity logs) and investigate suspicious activity.
• Triage, document, and escalate security incidents in coordination with IT and leadership.
• Assist with incident response activities, including containment, remediation, and post-incident reviews.

Program & Control Development

• Help create annual audits of current core security controls, policies, and procedures, and make recommended changes as needed.
• Take ownership of the Threatlocker process and create a regular review of the permitted policies
• Assist in reviewing and improving baseline security standards for endpoints, identities, email, and cloud services (Microsoft 365, etc.).
• Support vulnerability management activities, including scanning, remediation tracking, and risk prioritization.

Compliance & Client Security Requirements

• Support client-driven security audits and questionnaires (e.g., SOC 2-aligned controls, insurance carrier assessments).
• Maintain evidence and documentation for security controls, policies, and operational procedures.
• Assist with risk assessments and exception tracking.

Identity, Access & Data Protection

• Support identity and access management processes (user access reviews, MFA enforcement, privileged access).
• Assist in protecting sensitive legal and client data through technical and procedural controls.
• Assist with third party vendor risk reviews and management
• Partner with IT on secure onboarding, offboarding, and access changes.

Awareness & Collaboration

• Work with IT, Operations, HR, and outside vendors to embed security into firm processes.
• Assist with security awareness initiatives, including phishing simulations and training campaigns.
• Contribute to a security-first culture that balances protection with legal practice efficiency.

Key Competencies

• Communicating - Legal Professionals provide the information required by others in a concise, direct, and unambiguous way. They perceive how the message affects the receiver and strive to ensure that the receiver clearly understands the specifics and function of the message.
• Conflict Management - Legal Professionals address problems openly and objectively and bring substantial conflicts and disagreements into the open with the intention of resolving issues in an unemotional and constructive manner.
• Professionalism - Legal Professionals set high standards and serve as role models for work performance, ethical conduct, and respect for others. They consistently conduct themselves in a manner consistent with generally accepted moral principles and values and within the guidelines and best practices of their profession.
• Planning & Priority Setting - Legal Professionals identify priorities and develop detailed action plans that include objectives, accountabilities, time frames, standards, review stages, and contingencies.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Requirements

• 2–5 years of experience in information security, IT security, or a closely related IT role.
• Working knowledge of:
  • Endpoint security and EDR tools
  • Identity and access management concepts
  • Email security and phishing attack patterns
  • Common security frameworks and best practices (NIST, CIS, ISO concepts)
• Experience supporting security investigations or incident response.
• Strong documentation skills and attention to detail.
• Ability to explain security risks and recommendations in clear, non-technical language.

Preferred Qualifications

• Experience in a law firm environment.
• Familiarity with Threatlocker and Crowdstrike
• Exposure to compliance frameworks (SOC 2, ISO 27001, HIPAA-related controls, client security audits).
• Security certifications or progress toward one (Security+, or similar).
• Experience helping build or mature a security program rather than joining an established one.