Senior Cloud Security Engineer

Foley & Lardner LLP is a great place to work because of what we do and how we do it. Here, your unique perspectives, experiences, and abilities will be embraced and developed, so you can excel. Being a part of Foley means having the opportunities and resources necessary to gain experience, advance professional goals, and forge meaningful connections. It’s a place where you can build your career and enjoy professionally satisfying work. We have over 2,300 people who are #HappyatFoley, and we think you will be too.

Foley & Lardner LLP is currently seeking a Senior Security Engineer to join the Architecture team in our Information Security department. The Senior Security Engineer is responsible for engineering and implementing solutions to enhance the Firm's security infrastructure, collaborating with the Information Security team, internal IT, and business units. This role focuses on securing cloud-based environments through initiatives such as Cloud Security Posture Management (CSPM), DevSecOps practices (e.g., automated security testing in CI/CD pipelines), Identity and Access Management (IAM/IDM) administration, and participation in Information Security Architecture reviews. Key responsibilities include implementing and maintaining robust security controls for technology infrastructure and cloud platforms, while ensuring secure integration of emerging technologies, including AI systems.

The role also serves as an escalation resource for the Information Security Operations team, providing advanced expertise and support. As part of a small team, you will provide security guidance for the technology environment, aiming to mature the security control framework, develop tailored solutions for cloud workloads, and enhance overall security posture. You will act as a security advocate, advising key stakeholders on technology risk management and balancing security with business needs through effective mitigation strategies, ensuring safe adoption of cloud and related technologies.

• Work in active partnership with key stakeholders to perform security architecture risk reviews
• Develop and implement advanced-level Cloud Security solutions
• Support and advance the overall Information Security technology roadmap
• Provide recommendations for advancing the Information Security program, security policies, and security control standards to enhance operational practices
• Create and maintain Information Security standards applicable to all technologies in the portfolio
• Provide requirement, guidance, and vision to the vendor community to cultivate the appropriate combination of technology and feature capabilities to meet current and future security requirements
• Execute on infrastructure threat and vulnerability management processes
• Ensure security systems are upgraded by monitoring security environment, identifying security gaps and evaluating and implementing enhancements
• Define, develop and maintain metrics and measurements for information security controls and processes
• Respond to security-related issues, problems, crises, and critical situations to support resolution and minimize downtime
• Acts as a senior-level point of contact for incident investigations and minor security events (e.g., unauthorized access, non-compliance with Firm policies, fraud, service disruptions, etc.) to determine malfunctions, breaches, and remediation steps
• Responsible for Information Security technology selection process to include requirements consolidation into RFI/RFP/RFQ, testing, POC, selection and deployment
• Support audits against internal and industry process, quality, and security standards; drive initiatives and remediation efforts to correct non-conformance
• Provide Information Security consulting on security related issues
• Collaborate with peers to identify and implement improvement initiatives across the Firm, processes and toolsets
• Manage multiple, parallel projects using formal project planning techniques
• Ability to work evening and weekend hours as needed or directed. Some travel may be required

• Associate's Degree required; Bachelor's Degree preferably in Engineering, Information Technology, Computer Science, or similar strongly preferred
• At least one of the following certifications required: CISSP, Microsoft Azure AZ-104 & AZ-500, CCSP, CCSK, CPT/CEH
• Minimum of five (5) years in a professional technical Information Technology role required
• Minimum of three (3) years of hands-on experience in Information Security with Cloud Security exposure required
• Specialized Cloud Security certification(s) desired
• SailPoint Identity and Access Management (IAM/IDM) vendor-specific certification(s) desired #LI-Hybrid

In support of transparency and equity in the workplace, Foley provides salary ranges for all positions. The figures below represent the full compensation range of this position. The actual offered amount will be between the range minimum and midpoint based on the following factors: education, experience, geographic market, and internal pay equity at Foley.
Chicago - $111,500 to $167,300