Senior Application Security Engineer
Senior Application Security Engineer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
At Morgan & Morgan the work we do matters. For millions of Americans were their last line of defense against insurance companies large corporations or defective goods. From attorneys in all 50 states to client support staff creative marketing to operations teams every member of our firm has a key role to play in the winning fight for consumer rights. Our over 6000 employees are all united by one mission: For the People.
We are seeking a motivated and curious individual to join our Cybersecurity Team as a Senior Application Security Engineer. This role will be based out of any of our offices in the U.S. The ideal candidate will have 35 years of experience in a medium to large enterprise in a similar role. The successful candidate will have recent development experience with modern languages and a thorough understanding of both the Microsoft Security Development Lifecycle and the AWS WellArchitected Framework.
Responsibilities:
- Conduct threat modelling and risk analysis to identify exposure and develop mitigation plans
- Work with DevOps QA and product teams to align security goals with business objectives
- Define and implement security standards and best practices for applications and APIs
- Collaborate with development teams to ensure secure design patterns and practices
- Conduct vulnerability assessments and penetration testing on applications and APIs
- Act as a subject matter expert advising teams on emerging threats and secure coding techniques
- Perform code reviews to identify vulnerabilities and recommend mitigations
- Create security integration into the SDLC process
- Establish metrics and reporting
Requirements:
- Working knowledge of current web and application security standards and best practices (OWASP Top 10 MITRE CWE Top 25
- Deep experience securing applications and APIs on AWS including services like EC2 Lambda S3 and API Gateway
- Handson experience with modern API security including REST and GraphQL APIs
- Recent experience with security testing tools (e.g. SAST DAST IAST and RASP)
- Proficiency securing applications and APIs on cloud platforms (e.g. AWS Azure GCP)
- Excellence in communicating business risk from cybersecurity issues
- Successful experience developing implementing and maintaining security polices standards procedures and secure SDLCs
- Proven track record of performing threat modeling security code reviews and penetration testing for applications and APIs
- Demonstrable programming experience in Python TypeScript and C#
- Agreement to obtain any of the following certifications withing six months of hire
- AWS Certified Security Specialty or AWS Certified Solutions Architect Associate preferred
- Any one of the five Offensive Security certifications such as OSCP
- ISC CSSLP Certified Secure Software Lifecycle Professional
- ECCouncil CEH Certified Ethical Hacker (Master level)
- Embody trust dignity integrity and accountability
- Selfmotivated ambitious and action oriented
#LIMB1
Benefits
Morgan & Morgan is a leading personal injury law firm dedicated to protecting the people not the powerful. This success starts with our staff. For fulltime employees we offer an excellent benefits package including medical and dental insurance 401(k) plan paid time off and paid holidays.
Equal Opportunity Statement
Morgan & Morgan provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race color religion age sex national origin disability status genetics protected veteran status sexual orientation gender identity or expression or any other characteristic protected by federal state or local laws.
EVerify
This employer participates in EVerify and will provide the federal government with your Form I9 information to confirm that you are authorized to work in the U.S. If EVerify cannot confirm that you are authorized to work this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you including terminating your employment. Employers can only use EVerify once you have accepted a job offer and completed the I9 Form.
Privacy Policy
Here is a link to Morgan & Morgans privacy policy.
Required Experience:
Senior IC
Employment Type
Full Time
