Achieving success through the diversity of our people

We welcome applications from all talented professionals and will consider each applicant on their individual merits. Browse through our current opportunities to find your place at Norton Rose Fulbright and apply online.

< Back to jobs

Job Title Senior Security Threat Specialist
Work Type Full Time
Job Location Toronto
Practice Group/Department Information Technology
Role Business Services
Description

Senior Security Threat Specialist

The Team

The information security team, led by the global chief information security officer (CISO), works with unified principles and processes around the world while maintaining regional stakeholder relationships. High standards are achieved by adhering to international best practice principles (ISO 27001) and continual improvement methodologies.

The scope of the information security function includes all strategic security planning and control oversight to ensure effective risk mitigation takes place within the firm. In many cases, the operational running of security controls is the responsibility of IT service delivery teams or departments such as HR, facilities, procurement, general counsel, etc., The information security team remains responsible for ensuring the effectiveness of the overall control framework and ensuring that any related risks are identified / incidents managed.

The Role

The senior security threat specialist is a position in the global information security function at Norton Rose Fulbright. The role is responsible for proactively managing the threat landscape at the firm. Primary responsibilities include vulnerability management and threat management (including threat hunting). Other tasks include threat intelligence, threat hunting and service ownership of our vulnerability management products (such as Qualys, Rapid 7, Tenable Nessus, OpenVAS).

The senior security threat specialist role is part of the global information security function and will work with colleagues and stakeholders in multiple geographies. The threat specialist will perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring. The role will also determine the relevance of the threat to our business, through applying a risk-based methodology and take action or pass action on to the relevant teams to counter the threat. The threat specialist will also identify vulnerabilities using multiple technologies (vulnerability management platforms, penetration testing reports, Bitsight ratings, etc.) and operate the vulnerability management process ensuring remediation to target.

The success of this role is dependent upon building a lasting alignment between information security technology and business requirements. In particular, the role must take into consideration:

  • The special requirements of the firm regarding client confidentiality, as well as regulatory requirements such as data protection.
  • Achieving a balance between protecting the firm and ensuring that users can work effectively; being pragmatic but cognisant of risk.

Skills and Experience Required

  • 5-10+ years in cybersecurity, with at least 3 years specifically focused on threat analysis, incident response, or related roles.
  • Experience working in large, geographically dispersed global organizations where IT and information security have played a key role to the business.
  • Experience in leading teams, projects, or initiatives related to threat intelligence or incident response.
  • Direct experience with advanced persistent threats (APTs), nation-state actors, or other sophisticated attack groups.
  • Involvement in real-world incident response cases and remediation.
  • Experience with governing vulnerability management processes and technologies.
  • Experience with creating reports, dashboards and metrics for presentation to senior management.
  • Technical knowledge of various information security technologies and evidence of a continuous learning mind-set.
  • Integrity and professionalism, with a consistent and uncompromising adherence to best practice.
  • Stakeholder management skills, including the ability to communicate complex information security concepts in business language.
  • Passionate and driven to exceed expectations and to deliver with integrity.
  • A relevant industry certification, such as ethical hacking, CompTIA Security+, CISSP, SSCP, or similar, is an advantage.
  • ISO 27001 qualification and / or experience is an advantage.

Ready to join a proactive and modern firm that provides an exceptional career experience in an inclusive and collaborative environment? Come join us!

As a global law firm, we embrace a culture of excellence and working hard, but always with a focus on flexibility, respect, diversity and openness. We strive to create an equitable, inclusive environment where everyone can bring their whole self to work and realize their career potential.

To find out more about how we integrate diversity, equity and inclusion in everything we do please click https://www.nortonrosefulbright.com/en-ca/about/diversity-equity-and-inclusion.

If you are unable to apply for a position online or require any reasonable adjustments during the recruiting process, please contact TORHR_RH@nortonrosefulbright.com to further discuss your needs.

Please note that applicants who receive an employment offer may be required during their employment with Norton Rose Fulbright to provide proof of vaccinations recommended from time to time by government or public health authorities. Norton Rose Fulbright has a duty to accommodate those who are unable to get vaccinated due to protected grounds. For applicants who require an accommodation, please contact TORHR_RH@nortonrosefulbright.comto discuss further.

We thank all candidates for their applications, but please note that we will be contacting only those whom we invite for an interview. #LI-Hybrid

Law around the world
nortonrosefulbright.com