IT Security Engineer

Overview

Orrick currently has an excellent opportunity for an IT Security Engineer I. This position could be based in any of our U.S. offices.

The IT Security Engineer I will serve as the first line of defense in our security operations, managing day-to-day security incidents while developing their technical security expertise. This role reports to the Director of IT Security Infrastructure and Architecture and works closely with the security team to maintain the firm’s security posture.

• Manage and triage the security ticket queue, ensuring timely response to security incidents and requests
• Respond to security alerts from EDR, SIEM, email security tools, and other monitoring systems
• Investigate and respond to phishing reports, analyzing email headers, embedded content, and malicious links
• Assist with malware analysis using sandboxing tools and containment when necessary
• Assist with documentation of incident response activities and execute security playbooks
• Participate in security incident response activities, including after-hours on-call rotation

• Provide engineering support for security infrastructure projects
• Assist in implementation and maintenance of security tools and technologies
• Support vulnerability management activities by coordinating with asset owners on remediation efforts
• Maintain security tool best practice configurations in Microsoft 365, Azure, and on-premises environments
• Identify opportunities for automation scripts to handle repetitive security tasks, and assist in their development

• Participate in training and professional development to advance security skills
• Stay current on emerging threats, vulnerabilities, and security technologies
• Contribute to security documentation and knowledge base articles

• Microsoft Technologies:
  Strong working knowledge of Windows Server, Active Directory, Microsoft 365, and Azure cloud services
• Networking Fundamentals:
  Understanding of TCP/IP, DNS, DHCP, VPN, the OSI model, and common network protocols
• Logging and SIEM:
  Basic ability to read, search, and query logs; familiarity with log sources and common security events
• Email Security:
  Understanding of email flow, SMTP protocol, and email security concepts including SPF, DKIM, and DMARC
• Phishing Defense:
  Ability to identify phishing attempts, analyze suspicious emails, and understand common attack vectors
• Endpoint Security:
  Basic understanding of EDR tools and endpoint protection concepts
• Vulnerability Management:
  Awareness of common vulnerabilities (CVE), scanning tools, and remediation processes

• Strong analytical and problem-solving abilities
• Excellent written and verbal communication skills for interacting with users and technical teams
• Ability to prioritize multiple tasks in a fast-paced environment
• Detail-oriented with strong documentation habits
• Customer service mindset when working with internal stakeholders

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field (or equivalent experience)
• 1‑3 years of experience in IT systems administration, cloud engineering, or related technical role
• Security-focused experience preferred but not required for candidates with strong technical fundamentals

• Security certifications (Security+, Azure Security Engineer Associate, or similar) are a plus
• Experience with Power Shell or Python scripting
• Familiarity with Azure security services
• Basic understanding of Linux/Unix systems
• Knowledge of web security concepts (proxies, certificates, HTTPS)
• Experience with ticketing systems
• Understanding of Data Loss Prevention (DLP) concepts

• This position participates in a security on-call rotation to provide after-hours coverage for critical security incidents.

Orrick is a global law firm focused on delivering innovative solutions for four sectors:
Technology & Innovation, Energy & Infrastructure, Finance and Life Sciences & Health Tech. Founded more than 150 years ago in San Francisco, Orrick today has offices in 25+ markets. We are…