Under the direction of the Senior Manager of Information Security Engineering and Architecture, the Information Security Engineer implements, manages, and maintains the firm's information security infrastructure, empowers the firm's secure adoption of AI technologies, and responds to and investigates information security incidents to closure or escalation. The Information Security Engineer is a highly experienced, hands-on technologist with a professional foundation in network engineering, systems engineering, software development, cloud infrastructure engineering, or a related IT discipline, serving as the technical lead and subject matter expert for the implementation, administration, and maintenance for assigned information security technologies deployed by the firm. This role spans the full breadth of the firm’s technology landscape, including on-premises systems, cloud-native and hybrid architectures across IaaS, SaaS, and PaaS platforms, generative AI and agentic systems, and enterprise application environments, all consistent with industry best practices, applicable standards, and regulatory requirements.

The scope of this position is firm wide and requires a thorough understanding of all IT systems the firm uses and how those systems are secured — encompassing on-premises infrastructure, multi-cloud platforms (IaaS), AI and machine learning systems, enterprise applications, and the network infrastructure that connects them.

The Information Security Engineer advises the Information Security Team on emerging vulnerabilities and newly introduced risks to firm systems — including risks introduced by the adoption of generative AI, agentic AI architectures, and the continued expansion of cloud services — and takes a proactive approach in continually assessing the security of firm systems throughout their lifecycle, providing recommendations for enhancing security and adapting to new threats and vulnerabilities.

ESSENTIAL FUNCTIONS:

• Excellent customer service skills and sense of urgency when resolving issues
• Strong knowledge of information security principles and practices
• Hands-on experience supporting hardware, software, and security architecture
• Serve as the subject matter expert (SME) for information security platforms, when assigned as the primary engineer; on-going threat analysis and research
• Play a significant role in responding to and containing information security related incidents
• Conduct regular technical risk assessments of firm systems and infrastructure
• Oversee and directly participate in the installation, configuration, and management of information security technologies
• Utilize Cloud Security Posture Management (CSPM) and Cloud-Native Application Protection Platform (CNAPP) tools to continuously identify and remediate misconfigurations, compliance drift, and over-privileged access across IaaS, PaaS, and SaaS environments, including container orchestration platforms, serverless architectures, and CI/CD pipeline integrations
• Assess and mitigate security risks introduced by generative AI adoption — including prompt injection attacks, context manipulation, agentic workflow abuse, and Model Context Protocol (MCP) server vulnerabilities — and assist in the development and enforcement of organizational AI usage policies.
• Maintain current working knowledge of generative AI concepts and architecture — including large language models (LLMs), prompt engineering, context engineering, AI skills and function-calling, agentic AI frameworks, and Model Context Protocol (MCP) servers — in order to effectively evaluate, design security controls for, and advise stakeholders on AI-integrated systems and workflows
• Maintain expertise in the OWASP Top 10, OWASP Top-10 GenAI, CWE/CVE frameworks, and emerging application-layer attack techniques; API security testing, and web application firewall (WAF) policy management
• Network security experience — including next-generation firewalls (NGFW), intrusion detection and prevention systems (IDS/IPS), network segmentation and microsegmentation, network traffic analysis (NTA), DNS security, IPSec VPN, and secure access service edge (SASE) architectures — to protect firm technology infrastructure
• Assist in the development and knowledge transfer to Information Security team members, Information Services groups, and business support teams
• Promote a culture of information security across all business units
• Performs ticketed work-related duties
• Flexibility to work escalated issues and/or apply production changes off-hours where needed
• Participate in On-Call rotation for after-hours/weekend support
• Periodic travel may be required

EDUCATION, EXPERIENCE AND SKILLS REQUIRED:

• Self-directed and driven, with a proven ability to prioritize and execute independently in fast-paced environments.
• Bachelor of Science in Computer Science, Information Technology, Cybersecurity, or a related technical discipline; equivalent hands-on technical experience demonstrating the same depth of competency will be considered in lieu of a degree
• Minimum 3 years of experience in dedicated information security roles, with a demonstrated track record of engineering, deploying, and operating enterprise-scale security controls and leading response to sophisticated incidents
• 5 or more years of prior hands-on IT experience in a foundational technical discipline, such as network engineering, systems administration, software or application development, cloud infrastructure engineering, or DevOps/platform engineering
• Working knowledge of generative AI technologies and their associated security considerations, including LLM architecture, prompt engineering and context engineering concepts, AI skills and function-calling, agentic AI frameworks, and Model Context Protocol (MCP) server security; demonstrated ability to identify and mitigate AI-introduced risks is highly desirable
• Strong working knowledge of information security software and services, including EDR/XDR, zero trust network access (ZTNA), web security/proxy, application control, security service edge (SSE), DNS security, identity and access management (IAM/PAM), DLP, CASB, and SIEM platforms
• Strong working knowledge of Crowdstrike Next-Gen SIEM is desirable
• Strong knowledge of cloud security principles and architecture across all major delivery models: IaaS (AWS, Azure, GCP), SaaS (M365, NetDocs, iManage, Workday, etc.), and PaaS (container and Kubernetes security, serverless function hardening, and CI/CD pipeline security); M365 Defender and Microsoft Purview expertise is highly desirable; hands-on experience with CSPM and CNAPP tooling preferred
• Strong working knowledge of TCP/IP and network architecture
• Desired: Hands-on experience with network security technologies including next-generation firewalls (NGFW), IDS/IPS, network access control (NAC), network traffic analysis (NTA), microsegmentation, and SASE/SD-WAN architectures
• Desired: Hands-on application security experience including operation of SAST, DAST, and SCA tooling, API security testing and assessment, web application firewall (WAF) administration, secure SDLC program participation, and familiarity with DevSecOps practices
• Professional security certifications are desired but not required: CISSP, CCSP, CEH, OSCP, AWS Security Specialty, or GIAC certifications (GCIH, GPEN, GWEB, GWAPT, GCFE); active pursuit of relevant credentials is encouraged and supported by the firm
• Strong written and oral communication skills
• Organized, responsive and thorough problem solver
• Ability to manage multiple concurrent activities and effectively prioritize time and effort, in a high-pressure environment
• Ability to adapt quickly to changing priorities
• Maintains strict confidentiality regarding sensitive firm information, personnel matters, and internal affairs, and exercises sound discretion at all times.
• A committed team player who fosters strong working relationships, embraces the diverse expertise of colleagues, and contributes to a culture of trust, inclusion, and shared purpose.

Ropes & Gray is proud to offer a comprehensive Total Rewards package to our business support team members. The firm also offers comprehensive health and well-being benefits, personal and professional development, career growth opportunities and a collegial and supportive culture. The anticipated pay range for this role is listed below and represents our good faith and reasonable estimate of the starting salary range at the time of posting. In addition, this role is eligible for a discretionary bonus based on performance. The actual offered rate for this position will be determined based on job-related, non-discriminatory factors, including qualifications and experience, geographic location, education, external market data and consideration of internal equity.

• Boston: $117,200 - $178,700
• New York: $127,900 - $195,000

Flexibility to work escalated issues off-hours and apply production changes where needed.

Periodic travel may be required.

The list of duties and responsibilities is not intended to be all-inclusive and may be expanded to include other duties or responsibilities that management may deem necessary from time to time.