Kennedys is looking for Security Engineer to join Kennedys, who will be a vital member of our newly established SecOps team, reporting directly to the IT Security Manager. This position is crucial in implementing and maintaining robust security measures across our technology landscape, as well as managing incident response.
The role involves developing, implementing, and sustaining security solutions designed to protect our systems against constantly evolving cyber threats, with a focus on transitioning to a zero-trust operating model. The Security Engineer will work collaboratively across IT functions, spearhead key security initiatives, and play a pivotal role in enhancing our overall security posture. The role will also support the firm in its pursuit of ISO 27001 certification and the implementation of CIS controls
Team
Kennedys' IT team is responsible for the maintenance of IT systems and security across the firm, including its portfolio of managed bespoke and off-the-shelf applications. This role will work across all IT functions and, in the case of broader projects, occasionally with other business functions within the firm.
The majority of the global IT team are based in London and Chelmsford, although some staff are based in other UK and non-UK offices. As a team that provides a truly global service, the team are used to working flexibly and remotely.
Key responsibilities
1. Maintain and optimise the Security platform, including configuring EDR policies, tuning SIEM rules, and optimising the system for performance
2. Monitor for security threats, analyse alerts, and respond to incidents using security tools; conduct vulnerability scans and support remediation and risk mitigation efforts
3. Lead and participate in incident response efforts, conducting root cause analysis and developing runbooks for incident handling
4. Oversee WAF, DDoS, VPN, and perimeter firewalls
5. Manage Email and Web Security Gateways
6. Maintain security certificates, encryption keys, and IDS/IPS systems
7. Perform security scanning and vulnerability management, taking proactive steps to reduce operational risk
INFRASTRUCTURE & IDENTIY
8. Work with network engineers to implement posture management, including ICE/NAC segmentation, lateral movement control, and firewalls
9. Work with the Endpoints team to administer MFA, SSO, PAM, MDM/MAM, and Conditional Access
10. Manage Identity and Access Management (IAM) solutions,
11. Develop and deploy automation tools and scripts to streamline common IT Security Operations tasks
COLLABORATION & GOVERNANCE
12. Collaborate with third-party penetration testers to identify, prioritise, and remediate security vulnerabilities
13. Create detailed reports on detected threats, incidents, and response actions; document configurations, processes, and runbooks
14. Keep well-informed of the latest cybersecurity trends, emerging threats, and updates
15. Comply with all relevant legal and regulatory obligations including the Solicitors Regulation Authority (SRA) Standards, Regulations, and Principle
Required experience
16. EDR – platform management, EDR policy configuration, and SIEM tuning
17. Microsoft Security: Defender (ATP), Azure Security Centre, Entra ID, Intune, Conditional Access
18. Next Gen firewalls: Palo Alto Prisma (preferred) or similar - configuration and managementEmail security: Mimecast, Exchange Online, DMARC, and email DLP (Tessian or equivalent)
19. Identity and Access Management: CyberArk, Entra ID, SSO, MFA, and PAM solutions
20. SIEM tooling: Sentinel, Exabeam, Splunk, or equivalent
21. Vulnerability management: Tenable or equivalent enterprise toolsets
22. Scripting and automation: PowerShell (preferred), KQL, or similar
23. Data Loss Prevention (DLP) solutions including MS Purview Compliance Manager
24. Certified Information Systems Security Professional (CISSP), desirable
25. CREST Practitioner Security Analyst (CPSA), desirable
26. Palo Alto Networks Certified Security Operations Professional, desirable
27. CEH, OSCP, SANS, or ISACA certifications are also welcomed
Please let us know if you require any additional support or adjustments to be made in order to submit your application to Kennedys.
*where a level of experience is indicated, this is a guideline only and represents the amount of time we would usually expect a candidate to accumulate the requisite level of experience. This does not preclude applications from candidates with more or less experience.
About Kennedys
Kennedys is a global law firm with expertise in dispute resolution and advisory services. With over 3,000 people in 45 offices across 18 countries around the world we have some of the most respected legal minds in their field.
Our lawyers handle both contentious and non-contentious matters, and provide a range of specialist legal services, for many industry sectors but we have particular expertise in litigation and dispute resolution, especially in defending insurance and liability claims.
We're a fresh-thinking firm, and we're not afraid to bring challenging new perspectives to the table way beyond the traditional realm of legal services. We empower our clients with a diverse range of ideas, tools and technology to make their lives easier, as well as delivering exceptional results, every time.
What do we have to offer?
We welcome high-performing lawyers, business services professionals, secretaries, graduates and apprentices to join our rapidly expanding global firm. Whatever your role at Kennedys, you'll be involved in exciting and stimulating work, where your input will make a difference.
Our culture and values form a big part of who we are and we take them seriously. We make a difference by being approachable, straightforward, supportive, distinctive and ambitious. Our are at the core of who we are and what make us a great firm to work with and for.
The Firm recognises the value of investing in our people's development and believes our culture and values contribute to the quality of our work and of our client relationships. With a culture of on-the-job and experiential learning, peer to peer learning, mentoring, resources and tools that enable you to drive your career, we can support your development in your current and future roles. A variety of other opportunities are available including secondments to clients and our global offices.
We strive to celebrate empower our people and ensure everyone can bring their authentic selves to work. We've created a culture based on client service, professional excellence, hard work and trust, where diversity, equity and inclusion (DE&I) is a key priority. We recognise that many of our people want to work for an employer that is aligned to their values, which is why we are building an inclusive culture, decarbonising our operations and supporting our people to thrive at work. Our people are the key to driving this change and helping us to make a difference to our clients, our people and the communities in which we live and work.
Kennedys is an equal opportunities employer and is committed to ensuring our recruitment processes are as inclusive as possible. We expect all employees to be aware of and comply with all relevant policies and procedures within their jurisdiction, including those relating to Information Security, Data Protection and Quality Management, refer any breach promptly to Risk & Compliance and to complete all mandatory training when requested.
Documents