Legal Staff Information Technology in Washington, DC

Law Firm

Washington, DC

Legal Staff Information Technology in Washington, DC

Legal Staff

3-5 yrs required

No

Morgan & Morgan, a personal injury law firm, is seeking a Senior Application Security Engineer to join their Cybersecurity Team. This role will be based out of any of their offices in the ., and the ideal candidate will have 3-5 years of experience in a similar role. The candidate should also have a recent development experience with modern languages and a thorough understanding of both the Microsoft Security Development Lifecycle and the AWS Well-Architected Framework.

H1: Senior Application Security Engineer
H2: Join the Cybersecurity Team at Morgan & Morgan

Key Responsibilities:
- Conduct threat modelling and risk analysis to identify exposure and develop mitigation plans
- Work with DevOps, QA, and product teams to align security goals with business objectives
- Define and implement security standards and best practices for applications and APIs
- Collaborate with development teams to ensure secure design patterns and practices
- Conduct vulnerability assessments and penetration testing on applications and APIs
- Act as a subject matter expert advising teams on emerging threats and secure coding techniques
- Perform code reviews to identify vulnerabilities and recommend mitigations
- Create security integration into the SDLC process
- Establish metrics and reporting

Requirements:
- 3-5 years of experience in a similar role in a medium to large enterprise
- Recent development experience with modern languages
- Thorough understanding of the Microsoft Security Development Lifecycle and the AWS Well-Architected Framework
- Working knowledge of current web and application security standards and best practices
- Deep experience securing applications and APIs on AWS
- Hands-on experience with modern API security
- Recent experience with security testing tools
- Proficiency securing applications and APIs on cloud platforms
- Excellent communication skills in conveying business risk from cybersecurity issues
- Successful experience developing and implementing security policies, standards, procedures, and secure SDLCs
- Proven track record of performing threat modeling, security code reviews, and penetration testing
- Demonstrable programming experience in Python, TypeScript, and C#
- Willingness to obtain necessary certifications within six months of hire
- Strong work ethic and self-motivation

Benefits:
- Medical and dental insurance
- 401(k) plan
- Paid time off and holidays

Equal Opportunity Statement:
- Morgan & Morgan provides equal employment opportunities to all employees and applicants for employment
- Prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws

E-Verify:
- This employer participates in E-Verify to confirm authorization to work in the .
- If E-Verify cannot confirm authorization, the employer will provide instructions to resolve the issue before taking any action against the employee

Privacy Policy:
- Link to Morgan & Morgan's privacy policy included

Company Name: Morgan & Morgan
Job Title: Senior Application Security Engineer
Location: Jacksonville, Florida, United States · Orlando, Florida, United States · Tampa, Florida, United States
Salary: Not specified, but competitive with industry standards
Experience: 3-5 years in a similar role in a medium to large enterprise

Key Responsibilities:
- Conduct threat modelling and risk analysis to identify exposure and develop mitigation plans
- Work with DevOps, QA, and product teams to align security goals with business objectives
- Define and implement security standards and best practices for applications and APIs
- Collaborate with development teams to ensure secure design patterns and practices
- Conduct vulnerability assessments and penetration testing on applications and APIs
- Act as a subject matter expert advising teams on emerging threats and secure coding techniques
- Perform code reviews to identify vulnerabilities and recommend mitigations
- Create security integration into the SDLC process
- Establish metrics and reporting

Requirements:
- 3-5 years of experience in a similar role in a medium to large enterprise
- Recent development experience with modern languages
- Thorough understanding of the Microsoft Security Development Lifecycle and the AWS Well-Architected Framework
- Working knowledge of current web and application security standards and best practices
- Deep experience securing applications and APIs on AWS
- Hands-on experience with modern API security
- Recent experience with security testing tools
- Proficiency securing applications and APIs on cloud platforms
- Excellent communication skills in conveying business risk from cybersecurity issues
- Successful experience developing and implementing security policies, standards, procedures, and secure SDLCs
- Proven track record of performing threat modeling, security code reviews, and penetration testing
- Demonstrable programming experience in Python, TypeScript, and C#
- Willingness to obtain necessary certifications within six months of hire
- Strong work ethic and self-motivation

Benefits:
- Medical and dental insurance
- 401(k) plan
- Paid time off and holidays

Equal Opportunity Statement:
- Morgan & Morgan provides equal employment opportunities to all employees and applicants for employment
- Prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws

E-Verify:
- This employer participates in E-Verify to confirm authorization to work in the .
- If E-Verify cannot confirm authorization, the employer will provide instructions to resolve the issue before taking any action against the employee

Privacy Policy:
- Link to Morgan & Morgan's privacy policy included