Senior Application Security Engineer - Protecting Consumer Rights at a Leading Personal Injury Law Firm
At Morgan & Morgan, we are dedicated to protecting consumer rights and fighting against powerful insurance companies and corporations. We are seeking a Senior Application Security Engineer to join our Cybersecurity Team and play a key role in this mission. This is a full-time position with excellent benefits, including medical and dental insurance, a 401(k) plan, and paid time off and holidays. This role can be based out of any of our offices in the .
Responsibilities:
- Conduct threat modelling and risk analysis to identify exposure and develop mitigation plans
- Work with DevOps, QA, and product teams to align security goals with business objectives
- Define and implement security standards and best practices for applications and APIs
- Collaborate with development teams to ensure secure design patterns and practices
- Conduct vulnerability assessments and penetration testing on applications and APIs
- Act as a subject matter expert advising teams on emerging threats and secure coding techniques
- Perform code reviews to identify vulnerabilities and recommend mitigations
- Create security integration into the SDLC process
- Establish metrics and reporting
Requirements:
- 3-5 years of experience in a medium to large enterprise in a similar role
- Recent development experience with modern languages
- Thorough understanding of both the Microsoft Security Development Lifecycle and the AWS Well-Architected Framework
- Working knowledge of current web and application security standards and best practices (OWASP Top 10, MITRE CWE Top 25)
- Deep experience securing applications and APIs on AWS, including services like EC2, Lambda, S3, and API Gateway
- Hands-on experience with modern API security, including REST and GraphQL APIs
- Recent experience with security testing tools (., SAST, DAST, IAST, and RASP)
- Proficiency securing applications and APIs on cloud platforms (., AWS, Azure, GCP)
- Excellent communication skills for effectively communicating business risk from cybersecurity issues
- Successful experience developing, implementing, and maintaining security policies, standards, procedures, and secure SDLCs
- Proven track record of performing threat modeling, security code reviews, and penetration testing for applications and APIs
- Demonstrable programming experience in Python, TypeScript, and C#
- Agreement to obtain relevant certifications within six months of hire, such as AWS Certified Security – Specialty or AWS Certified Solutions Architect – Associate
- Embody trust, dignity, integrity, and accountability
- Self-motivated, ambitious, and action-oriented
Benefits:
- Excellent benefits package, including medical and dental insurance, 401(k) plan, paid time off, and paid holidays
- Equal opportunity employer that provides equal employment opportunities to all employees and applicants without discrimination or harassment based on race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws
- Participates in E-Verify and will provide necessary information to confirm authorization to work in the .
Privacy Policy:
To learn more about our privacy policy, please visit the link provided.
Join our team and make a difference in protecting consumer rights at a leading personal injury law firm. Apply now!
