Careers

The Information Security Analyst supports and executes the Firm’s information security operations strategy under the guidance of the Information Security Manager. This role is critical in triaging alerts from various security tools and systems and serving as the primary responder to security-related user requests and support tickets. Responsibilities include coordination with internal teams and outsourced providers, supporting security projects, and assisting with compliance and audit activities.

Key Responsibilities

• Act as first responder for reviewing, investigating, and responding to cybersecurity alerts and notifications.

• Triage security events quickly and effectively, escalating incidents in accordance with severity, impact, and Firm policy.

• Review and resolve security-related tickets escalated by the Service Desk and other IT teams.

• Investigate suspicious emails and determine disposition (spam, phishing, malware, business email compromise) using the Firm’s secure email gateway and threat intelligence sources.

• Perform URL and web activity investigations and recommend or implement web security policy changes.

• Monitor, administer, and support the Firm’s security platforms to ensure policy compliance and effective threat detection, including:

• Endpoint Security (EDR, Antivirus)
• Email Security
• Web & Network Security
• Data Loss Prevention (DLP)
• Identity & Access Management (IAM, MFA)
• Mobile Device Management
• Cloud Security 
• Infrastructure Security
• Vulnerability & Risk Management (including Third Party Risk Management) 

• Collect and preserve evidence for security assessments, audits, and regulatory inquiries.

• Work on client due diligence security questionnaires.

• Prepare reports on security trends, tool efficacy, and compliance alignment.

• Monitor systems for vulnerabilities and indicators of compromise, execute mitigation plans, and report on remediation progress.

• Assist in evaluating, planning, configuring, and implementing new or existing security tools.

• Support security testing, access reviews, and control validation for applications, infrastructure, and cloud services.

• Maintain accurate and up-to-date documentation for security procedures, configurations, and incident response activities.

• Leverage prior desktop and network engineering experience to investigate endpoint, connectivity, authentication, and performance-related security incidents across workstations, servers, and network paths.

• Analyze security alerts in the context of operating system behavior, endpoint configurations, and network traffic flows to distinguish true threats from environmental or configuration-related issues.

• Partner with Network, Desktop and Service Desk teams to accelerate incident resolution and reduce false positives.

• Apply hands-on experience with enterprise endpoint builds, patching, and configuration baselines to support secure system hardening and remediation efforts.

• Support troubleshooting of security issues that intersect with DNS, VPN, proxy, firewall rules, certificates, and identity services, ensuring minimal disruption to business operations.

Technical Requirements

• Strong understanding of recognized security frameworks and standards (e.g., NIST CSF, CIS Controls, ISO 27001).
• Expert working knowledge of the following: 

• Endpoint Detection & Response
• Application Control
• Secure Email Gateway & Email Threat Protection 
• Data Loss Prevention and Insider Risk platforms
• Web Proxy / Secure Access Service Edge
• Cloud Security
• Identity, Access, and Privileged Access Management
• Vulnerability and Patch Management 
• Penetration testing coordination and remediation tracking

• Strong troubleshooting skills across enterprise hardware and software environment.
• Strong knowledge of various hardware components, monitoring computer resources, reviewing Event Logs and Processes to determine root cause. 
• Expert knowledge of Microsoft Active Directory, Azure, Entra ID, Intune, Purview, and other Azure components, including the M365 Office products.
• Expert knowledge of using troubleshooting tools like wire shark, and fiddler.
• Expert knowledge of Next Generation Firewalls 
• Expert knowledge of Security Information and Event Management
• Automation with PowerShell and other scripting tools
• Strong foundation in enterprise desktop engineering, including Windows workstation deployment, patch management, endpoint hardening, and device lifecycle management.
• Strong experience with network engineering concepts such as TCP/IP, DNS, DHCP, VPNs, firewalls, proxies, and traffic inspection, with the ability to apply this knowledge to security investigations.
• Ability to correlate endpoint telemetry, network activity, and identity events when analyzing incidents involving malware, phishing, lateral movement, or unauthorized access.
• Proven capability to troubleshoot security issues across endpoint, identity, and network layers, rather than treating alerts in isolation.
• Experience interpreting system logs, application logs, and network events to determine root cause and security impact.
• Legal experience preferred but not required.

Job Requirements/Skills

• Bachelor’s degree, preferably in Computer Science, and/or comparable education and work experience.
• Possession of or ability to obtain industry certifications such as CompTIA Security+.
• Familiarity with ITIL Incident Management and escalation workflows.
• Strong investigative mindset with the ability to analyze technical and behavioral indicators of security threats.
• Background as a Desktop Engineer, Systems Engineer, and or Network Engineer strongly preferred.
• Demonstrated ability to transition from operational IT roles into security operations, applying deep technical context to improve detection accuracy and response quality.
• Strong understanding of how real-world enterprise environments function, enabling practical and business-aligned security decision-making.
• Ability to manage multiple priorities.
• Strong organizational skills with attention to detail and sound judgment when handling confidential information.
• Willingness to be flexible with time and adjust to a changing work environment.
• Ability to maintain regular attendance and work regularly scheduled hours. Ability to take direction and accept supervision.
• Demonstrated ability to work independently, organize and accurately prioritize work, be meticulous, understand when urgency is required and use good judgment in varied situations.
• Ability to analyze technical implications of security threats.
• Strong investigative skills with curiosity to resolve issues thoroughly.
• Skilled in data analysis, evaluation, and logical decision-making.
• Project management skills and ability to work under pressure with multiple deadlines.
• Strong communication skills for technical and non-technical audiences.
• Ability to prioritize and manage multiple objectives in a high-pressure environment.
• Commitment to continuous learning and adaptability in a rapidly changing security landscape.
• Ability to collaborate effectively with co-workers in a team-oriented, collaborative environment.
• Ability to consistently establish and maintain accurate, up-to-date documentation of programs and systems. Ability to be patient and thorough in troubleshooting and general research activities.
• Ability to build and maintain positive relationships, both internally and externally, while maintaining a client service orientation.
• Ability to use sound judgment and discretion in dealing with highly confidential information.

Seward & Kissel LLP is an Equal Opportunity Employer. Seward & Kissel LLP does not discriminate on the basis of race, religion, color, sex, gender identity, sexual orientation, age, non-disqualifying physical or mental disability, national origin, veteran status or any other basis covered by appropriate law. All employment is decided on the basis of qualifications, merit, and business need.