Legal Staff Information Technology in Chicago, IL

Law Firm

Chicago, IL

Legal Staff Information Technology in Chicago, IL

Legal Staff

3-5 yrs required

No

As a Senior Application Security Engineer at Morgan & Morgan, you will have the opportunity to join a team dedicated to protecting the rights of consumers against powerful entities. With over 3,000 employees and a mission to fight for the people, this is a chance to make a real impact in the world. We are seeking a highly motivated and experienced individual to join our team and help us in our mission. This role will be based in any of our offices in the . and the ideal candidate will have 3-5 years of experience in a similar role in a medium to large enterprise.

As a Senior Application Security Engineer, you will be responsible for conducting threat modeling and risk analysis to identify potential vulnerabilities and develop plans to mitigate them. You will also work closely with other teams, such as DevOps, QA, and product teams, to ensure that security goals align with business objectives. In addition, you will define and implement security standards and best practices for applications and APIs, collaborate with development teams to ensure secure design patterns and practices, and conduct vulnerability assessments and penetration testing.

In order to be successful in this role, you should have a strong working knowledge of current web and application security standards and best practices, as well as deep experience securing applications and APIs on cloud platforms, specifically AWS. You should also have hands-on experience with modern API security, recent experience with security testing tools, and proficiency in communicating business risk from cybersecurity issues. Additionally, you should have a proven track record in performing threat modeling, security code reviews, and penetration testing for applications and APIs. Experience with programming languages such as Python, TypeScript, and C# is also necessary.

To be considered for this role, you must also be willing to obtain relevant certifications within six months of hire, such as AWS Certified Security or AWS Certified Solutions Architect. At Morgan & Morgan, we value trust, dignity, integrity, and accountability, and we are looking for a self-motivated, ambitious, and action-oriented individual to join our team.

In addition to a competitive salary, Morgan & Morgan offers a comprehensive benefits package for full-time employees, including medical and dental insurance, a 401(k) plan, and paid time off and holidays. We are an equal opportunity employer and prohibit discrimination and harassment of any kind. We also participate in E-Verify and will provide the federal government with your Form I-9 information to confirm your eligibility to work in the .

Apply now to join the Cybersecurity Team at Morgan & Morgan and help us continue our fight for the people.

Responsibilities:

- Conduct threat modelling and risk analysis to identify exposure and develop mitigation plans
- Work with DevOps, QA, and product teams to align security goals with business objectives
- Define and implement security standards and best practices for applications and APIs
- Collaborate with development teams to ensure secure design patterns and practices
- Conduct vulnerability assessments and penetration testing on applications and APIs
- Act as a subject matter expert advising teams on emerging threats and secure coding techniques
- Perform code reviews to identify vulnerabilities and recommend mitigations
- Create security integration into the SDLC process
- Establish metrics and reporting

Requirements:

- 3-5 years of experience in a similar role in a medium to large enterprise
- Working knowledge of current web and application security standards and best practices (OWASP Top 10, MITRE CWE Top 25)
- Deep experience securing applications and APIs on AWS, including services like EC2, Lambda, S3, and API Gateway
- Hands-on experience with modern API security, including REST and GraphQL APIs
- Recent experience with security testing tools (., SAST, DAST, IAST, and RASP)
- Proficiency securing applications and APIs on cloud platforms (., AWS, Azure, GCP)
- Excellence in communicating business risk from cybersecurity issues
- Successful experience developing, implementing, and maintaining security polices, standards, procedures and secure SDLCs
- Proven track record of performing threat modeling, security code reviews, and penetration testing for applications and APIs
- Demonstrable programming experience in Python, TypeScript, and C#
- Willingness to obtain relevant certifications within six months of hire

Benefits:

- Competitive salary
- Comprehensive benefits package, including medical and dental insurance, 401(k) plan, paid time off, and holidays

Equal Opportunity Statement:

Morgan & Morgan is an equal opportunity employer and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

E-Verify:

Morgan & Morgan participates in E-Verify and will provide the federal government with your Form I-9 information to confirm your eligibility to work in the . If E-Verify is unable to confirm your eligibility, we will provide you with written instructions and the opportunity to resolve the issue with the Department of Homeland Security or Social Security Administration before any action is taken against you, including termination of employment. Employers can only use E-Verify once an individual has accepted a job offer and completed the I-9 Form.

Privacy Policy:

At Morgan & Morgan, we take your privacy seriously. To learn more about our privacy policy, please visit our website.

Join the Cybersecurity Team at Morgan & Morgan and make a real impact in the world by protecting consumer rights against powerful entities. As a Senior Application Security Engineer, you will have the opportunity to work with a team dedicated to our mission of fighting for the people. We are seeking a highly motivated individual with 3-5 years of experience in a similar role in a medium to large enterprise. This role will be based in any of our . offices.

Responsibilities:

- Conduct threat modelling and risk analysis to identify exposure and