Senior Threat

Allen & Overy is a leading global law firm operating in over thirty countries. By turning our insight, technology and talent into ground-breaking solutions, we’ve earned our reputation as a firm that leads the industry and opens up new possibilities in law. Our lawyers are leaders in their field - and the same goes for our support teams. Ambitious, driven and open to fresh perspectives, we find new ways to deliver our services and maintain our reputation for excellence, in all that we do.
- Department purpose
- The Global Information Security & IT Risk team is responsible for setting the firm wide strategy for Information Security and changing, managing and maintaining controls to ensure continuous alignment with the strategy. The team must deliver and support robust, reliable, cyber and information security controls 24x7x365 on a global basis.
- The Information Security & IT Risk team is responsible for primary controls assurance, client compliance and security requirements and controls definition. In addition the team is also responsible for tracking obvious and far less obvious threats and vulnerabilities to ensure that protection of client data and the firms digital services, information and data remains robust even as the threat environment constantly evolves.**Role purpose**
This role is a key member of the Global Information Security Operations team.
- 1) Expand the scope of IT assets addressed by the operational vulnerability management process to meet the vision and requirements of the IT Vulnerability Management Standard. Further together with the Snr Threat & Vulnerability Analyst New York own the primary vulnerability analysis tool (Qualys) and ensure it is maintained and operationally effective and provisioned into new operating environments (for example new cloud VMs) before those environments go live.
- 2) Lift the quality of documented InfoSec risk and threat analysis such that there is a clear description of the potential technical and business impact associated with the issues within the monthly vulnerability reporting pack, vulnerabilities in general and/or the solutions under assessment. Provide input into the vulnerability and threat register and be able to justify vulnerability and threat characterisations when challenged especially during the monthly vulnerability reporting cycle.- 4) Find back doors and miss-direct attackers adopt a “think like a hacker” mind-set and look for open services (for example network APIs) and ensure that those services are only available to legitimate digital service consumers. Miss-direct attackers by leading the deployment, maintenance and monitoring cyber honeypots. Adopt and actively use the MITRE and STRIDE frameworks and their lexicon and promote the use of the frameworks in InfoSec globally and IT.
- 5) Build reliable consistent primary vulnerability data by firstly taking a leading role in collaborating across IT Service and InfoSec to draft the monthly top 15 vulnerability pack. Secondly maintain the vulnerability and threat registers in the firm. Thirdly collaborating closely with the Security Operations Manager (Belfast) and the Snr Mngr Security and Data Compliance (Belfast) to ensure vulnerability and threat information is shared quickly and efficiently. Fourthly attending weekly vulnerability working group meetings with IT Service to ensure service patching teams are leveraging the best quality vulnerability intelligence.
- 6) Globalise the InfoSec incident response process by a) Monitoring the main InfoSec mailbox and ticket queue during local business hours b) Initiating and managing the InfoSec incident response process when a suspect incident occurs in local business hours c) Collaborating with InfoSec colleagues in Europe and North America to ensure that priority tasks and issues are handed over before close of local business operations.**Key relationships**
- Works closely with the Snr Mngr Security & Data Compliance (Belfast) who is the global leader of security operations.
- Work alongside and Senior threat and vulnerability analyst (New York) sharing vulnerability and threat intelligence and the Manager Security Operations (Belfast).
- Maintain a close working relationship with the IT Service patching teams globally.
- Maintain a relationship with CISO.

**Role and responsibilities**
- Expand the scope of IT assets addressed by the operational vulnerability management process in order that scanning and analysis is performed for all digital services.
- Provide InfoSec risk and threat analysis and be able to justify vulnerability and threat characterisations when challenged.
- Find back doors and miss-direct attackers by taking a view of vulnerability over and above the output of vulnerability scanners and pen test tools and by managing, maintaining and monitoring cyber honey pots.
- Act as a leader promoting the adoption and use of the MITRE and STRIDE frameworks across global Security Operations team globally.

**Key requiremen