Back to search
Jim Adler & Associates Linkedin · Posted 18d ago

Cyber Security Specialist

Houston, Texas, United States

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description


Key Responsibilities

Security Program, Governance & Risk

  • Drive the firm's security program toward maturity against the NIST Cybersecurity Framework
  • Conduct a current-state assessment against the NIST CSF and CIS Controls to determine where the firm stands today versus where it needs to be, and produce a gap analysis with a prioritized remediation roadmap
  • Establish security baselines and track KPIs and KRIs to measure posture, quantify risk reduction, and demonstrate continuous improvement to firm leadership
  • Reassess maturity on a regular cadence to measure progress and keep the remediation roadmap current
  • Develop and maintain security policies, standards, and procedures, using CIS and NIST frameworks
  • Maintain a risk register and report residual risk to leadership regularly
  • Support cyber insurance applications and attestations
  • Manage the relationship with the firm's managed security provider, and conduct vendor and third-party risk reviews

Security Operations, Detection & Response

  • Manage and tune the firm's endpoint detection and response (EDR) capability: policies, detections, and response actions
  • Partner with the managed security provider to refine detection use cases, review escalations, and validate alert quality
  • Triage and investigate security alerts; coordinate incident response including containment, mitigation, recovery, and post-incident review, working with the IT team and provider
  • Develop and maintain incident response plans and playbooks, and run periodic tabletop exercises

Vulnerability & Patch Management

  • Manage the vulnerability management lifecycle: scan, prioritize using CVSS plus business context, remediate, and verify closure within agreed SLAs
  • Partner with the systems team on patch cadences across servers, endpoints, and network devices
  • Report on vulnerability and patch metrics

Network & Infrastructure Security

  • Review and harden firewall rules, VPN configuration, and network segmentation in partnership with the network administrator, and support zero-trust access initiatives over time
  • Strengthen the security of servers, directory services, and virtualized environments
  • Govern cloud security posture across Azure and AWS: least-privilege IAM, secrets management, and cloud-native security controls

Identity, Access & Data Protection

  • Govern multifactor authentication, conditional access, privileged access management (PAM), and identity lifecycle processes in Active Directory / Microsoft Entra ID
  • Implement and maintain data loss prevention (DLP) controls; classify and protect sensitive data across storage, transit, and endpoints
  • Oversee the email security stack (anti-phishing, DMARC/DKIM/SPF, secure email gateway) and DNS/web filtering, recognizing that business email compromise is a top threat to law firms

Security Awareness & Human-Layer Defense

  • Run security awareness training and simulated phishing campaigns; design targeted campaigns, track click-rate metrics, and coach repeat clickers
  • Serve as the firm's internal security advocate, communicating risk in business terms to non-technical audiences including firm leadership and staff

Required Qualifications

  • Bachelor's degree or an equivalent combination of professional experience and industry certifications
  • 3+ years of hands-on information security experience, or equivalent IT experience with a strong, demonstrable security focus
  • Hands-on experience operating endpoint detection and response, vulnerability management, and security monitoring (SIEM) tooling
  • Solid network security fundamentals, including experience with enterprise firewalls and VPN
  • Practical knowledge of Windows Server, Linux, directory services (Active Directory / Microsoft Entra ID), and virtualized infrastructure
  • Cloud security experience in Microsoft Azure and/or AWS, with an understanding of the shared-responsibility model
  • Demonstrated incident response experience
  • Working knowledge of a security framework such as NIST CSF or CIS Controls
  • Comfort defining security baselines and tracking improvement using metrics
  • Strong written and verbal communication, with the ability to produce clear risk reports and technical runbooks, and to translate risk for non-technical audiences

Preferred Qualifications

  • Industry certifications such as Security+ or SSCP, with CISSP, CISM, or GIAC
  • Scripting and automation skills
  • Experience administering a security awareness / phishing-simulation platform
  • Depth in email security (DMARC/DKIM/SPF, secure email gateway) and DLP
  • Experience with privileged access management (PAM) tooling
  • Experience in a law firm or other professional services / confidentiality-sensitive environment
  • Familiarity with relevant privacy and breach-notification obligations (for example state breach laws, GDPR, CCPA), and an understanding of attorney-client confidentiality and privilege
  • Experience working alongside a managed security provider


Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent