Legal Staff Information Technology in Columbus, OH

Law Firm

Columbus, OH

Legal Staff Information Technology in Columbus, OH

Legal Staff

3-5 yrs required

No

Your privacy is important to us and we are committed to protecting it.


Job Title: Senior Application Security Engineer
Location: Jacksonville, FL, Orlando, FL, Tampa, FL or remote within the .
Salary: Competitive and based on experience

Introduction:

Morgan & Morgan is a leading personal injury law firm that is dedicated to protecting the rights of consumers. We are currently seeking a Senior Application Security Engineer to join our Cybersecurity Team. This role is crucial in ensuring the safety and security of our applications and APIs. The ideal candidate will have experience in a similar role in a medium to large enterprise and a strong understanding of both the Microsoft Security Development Lifecycle and the AWS Well-Architected Framework.

Key Responsibilities:

- Conduct threat modelling and risk analysis to identify potential vulnerabilities and develop mitigation plans.
- Collaborate with DevOps, QA, and product teams to align security goals with business objectives.
- Define and implement security standards and best practices for applications and APIs.
- Work with development teams to ensure secure design patterns and practices are followed.
- Conduct vulnerability assessments and penetration testing on applications and APIs.
- Act as a subject matter expert, advising teams on emerging threats and secure coding techniques.
- Perform code reviews to identify vulnerabilities and recommend mitigations.
- Create and integrate security into the software development lifecycle process.
- Establish metrics and reporting to track security performance.

Requirements:

- Working knowledge of current web and application security standards and best practices, such as OWASP Top 10 and MITRE CWE Top 25.
- Extensive experience securing applications and APIs on AWS, including services like EC2, Lambda, S3, and API Gateway.
- Hands-on experience with modern API security, including REST and GraphQL APIs.
- Recent experience with security testing tools, such as SAST, DAST, IAST, and RASP.
- Proficiency in securing applications and APIs on cloud platforms, such as AWS, Azure, and GCP.
- Strong ability to communicate business risk from cybersecurity issues.
- Successful experience in developing, implementing, and maintaining security policies, standards, procedures, and secure SDLCs.
- Proven track record in performing threat modeling, security code reviews, and penetration testing for applications and APIs.
- Demonstrable programming experience in Python, TypeScript, and C#.
- Willingness to obtain relevant certifications, such as AWS Certified Security – Specialty or AWS Certified Solutions Architect – Associate, within six months of hire.
- Embody trust, dignity, integrity, and accountability.
- Self-motivated, ambitious, and action-oriented.

Benefits:

- Competitive salary based on experience.
- Comprehensive benefits package, including medical and dental insurance, 401(k) plan, paid time off, and paid holidays.

Equal Opportunity Statement:

Morgan & Morgan is committed to providing equal employment opportunities to all employees and applicants for employment. We do not discriminate or harass on the basis of race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.

E-Verify:

As a participating employer in E-Verify, we will provide the federal government with your Form I-9 information to confirm your authorization to work in the . In the event that E-Verify cannot confirm your authorization, we will provide you with written instructions and the opportunity to contact the Department of Homeland Security or Social Security Administration to resolve the issue before any action is taken, including termination of employment. E-Verify can only be used after you have accepted a job offer and completed the I-9 Form.

Privacy Policy:

At Morgan & Morgan, we value your privacy and are committed to protecting it. Please refer to our privacy policy for more information on how we handle your personal information.