Security Tooling Engineer at Clifford Chance

Who we are

As a global law firm our work spans jurisdictions, cultures, and languages – and so do our people.

Our culture is collaborative and inclusive — where diverse perspectives are recognised and valued. Where performing to your highest ability, unlocks equal access to opportunities to learn, thrive and grow. 

We combine deep legal expertise and commercial intelligence to grow, transform, protect, and defend our clients' businesses, across every critical moment.

We operate in the sectors and regions that matter to our clients. With forward-thinking insights and innovative, tech-enabled solutions that combine deep knowledge of their sectors and markets.

You’ll build connections and work with colleagues as one global team. You’ll unlock opportunities for clients, across borders, cultures, legal and commercial disciplines.

Join us to work with colleagues as one global team – empowering each other to be exceptional and create advantage for our clients.

Our India team is a well-established and integral part of the firm’s global operations, delivering high-value support across a wide spectrum of functions. With over 800 business professionals based in Gurugram and Hyderabad, we’ve been driving operational excellence and innovation for more than 15 years.

We contribute to global success in areas such as Information Technology, Finance, Human Resources, Risk & Compliance, Legal Support, Research & Knowledge, Document Production, Virtual Executive Assistance, Programme Management, Client & Market Development, and Continuous Improvement.

The role

This is a new role, reporting to the Head of Information Security requires a fast-learning and self-motivated individual to add capability and capacity to our small team.

Information & Cyber Security is evolving to dynamic business needs, a rapidly changing threat environment, and the firm's own ambitious IT Strategy. This role will help play a key part in implementing and improving the underlying processes required to provide a structured, systematic, and audited approach to Information & Cyber Security Systems and products that are used by the firm. The role will have clear areas of focus combined with periodic involvement in a broad spectrum of security activities. This role will look after the service and engineering requirement of Security owned services. This is a unique role as it will act as a service owner with both service and technical engineering as core parts of their role.

Who you will work with

You will work with Head of Information Security, Security Architects and Cyber Security team.

What you will be responsible for

• Has experience of A.I. (ChatGPT/Microsoft Co-Pilots, Claude) and understanding of Generative A.I workflow and leads the Security A.I tooling.
• Ensure that the Firm has the requisite engineering capability to investigate, prevent and remediate against security breaches, incidents, and deviations from security procedures.
• Own and a manage the relationship of Information and Cyber Security owned technology service lines. Liaising with suppliers technical and operations service to maintain the operational effectiveness of security engineering state. Where products fail to perform or require intervention with the Head of Information Security to rectify the problem.
• Take accountability to produce high-quality support documentation and knowledge base articles necessary to support the implementation of a new or significantly changed security owned services.
• Provide support and cover for certain time-critical elements of Information Security team responsibilities, such as incident management, security investigations and associated tasks.

What you will do

• Provides engineering support to Security Power Platform services (PowerAutomate/LogicApps/PowerBI/Azure Foundry etc.) Develop and oversee any security related system scripting or query building that needs to be performed to preserve system stability and/or reliability, availability, and continuity (Python, PowerShell, KQL).
• Has solid understanding of GitHub and secure development environments as well as various SaaS, PaaS and IaaS environments (Microsoft, Google, Amazon Aws)
• Work alongside with Security Architects to develop low level solution designs, manage the implementation of designs and make sure the designs are approved by the appropriate architecture authorities
• Support and Engage with the Architecture, Technical Design Authority and Project Management functions to understand high level project design, constraints, business requirements and the features required of any design
• Maintain familiarity with common attack techniques and their remediation/defence including EDR/XDR, DoS, DDoS, Social engineering, Virus, Malware, Vulnerability exploitation, Phishing & Spear Phishing, Worms, Trojans, Rootkits, Ransomware, XSS, SQL Injection, Remote Command Execution, Session Hijacking, etc.
• Strong understanding of Operating Systems and Cloud Security Engineering focusing on controls and capabilities. With a Solid grasp of security protocols, cryptography, authentication, authorisation, and network security implementations
• Implement and configure tools to improve our reactive and proactive security posture, such as collaborating with other teams to develop automation strategies
• Participate in the evaluation, selection and implementation of security products and technologies. 

Your experience

• The candidate must have experience of portfolio of technology products from an IT and Security Engineering perspective. Full understanding of how security products require extra configuration and attention to detail from normal IT based products.
• They should have at least be able demonstrate clearly from experience the implementation of at least two security engineering services.
• Ideally the candidate will have a working knowledge of ISO27001, SANS20 and NIST cyber security frameworks. They should be able to rapidly assimilate technical information to assess and document risks, have the knowledge and skills to engage with different levels of seniority, balance the need to obtain information with provision of support and advice, and continually demonstrate how Information Security supports the firm's business objectives and our clients' need for information assurance. They should be able to apply an organised approach to managing and prioritising multiple concurrent assignments.
• Although no formal qualifications are mandated, the successful candidate is likely to be degree educated and have one or more of the following – ITIL, CISSP, CISA, CISM or CRISC.
• It is essential that the successful candidate is a self-starter with an inquisitive, pragmatic, and flexible approach backed by the tenacity to pursue enquiries through to a timely conclusion.  It will be important to remain focussed on the strategic goals whilst maintaining an eye for detail. 
• The role may bring the candidate into contact with sensitive information and, as such, the ability to press ahead to a pragmatic conclusion whilst exhibiting the utmost discretion is important.
• Experience in developing and using structured documentation process, format, logical content, version control etc is also important 

How we will support you

From your first day with us, you will have varied opportunities to continuously grow and development your skills and knowledge. From formal training, informal coaching and mentoring through to skills-based and technical training and on the job learning 

Equal opportunities statement

At Clifford Chance, we understand that our true asset is our people. Inclusion is good for our team and their families, our firm and society.

We are committed to treating all employees and applicants fairly and equally regardless of their gender, gender identity and expression, marital or civil partnership status, race, colour, national or ethnic origin, social or economic background, disability, religious belief, sexual orientation, or age.  This applies to recruitment and selection, terms and conditions of employment including pay, promotion, training, transfer and every other aspect of employment.

We have a variety of flourishing employee networks. These networks are a place for colleagues to share experiences and advocate for change wherever they see an opportunity for improvement.

Our goal is to deliver an equality of opportunity, an equality of aspiration and an equality of experience to everyone who works in our firm. 

Find out more about our inclusive culture here

#LI-Hybrid