Law Firm
Murrells Inlet, SC
Legal Staff Information Technology in Murrells Inlet, SC
Legal Staff
3-5 yrs required
No
Summary:
Law firm Morgan & Morgan is seeking a Senior Application Security Engineer to join their Cybersecurity Team. The ideal candidate will have 3-5 years of experience in a similar role and a thorough understanding of the Microsoft Security Development Lifecycle and AWS Well-Architected Framework. The role will be based in any of the firm's . offices and will involve conducting threat modelling and risk analysis, defining and implementing security standards, and collaborating with development teams to ensure secure design patterns. The ideal candidate will also have experience with web and application security standards, securing applications and APIs on AWS, and using security testing tools. The firm offers a comprehensive benefits package for full-time employees and is committed to equal employment opportunities. They also participate in E-Verify and have a privacy policy in place.
Salary Information:
- Salary is competitive and commensurate with experience
- Comprehensive benefits package for full-time employees, including medical and dental insurance, 401(k) plan, paid time off, and paid holidays
Job Title:
Senior Application Security Engineer
Experience Information:
- 3-5 years of experience in a similar role
- Recent development experience with modern languages
- Thorough understanding of Microsoft Security Development Lifecycle and AWS Well-Architected Framework
Responsibilities:
- Conduct threat modelling and risk analysis
- Work with DevOps, QA, and product teams to align security goals with business objectives
- Define and implement security standards and best practices for applications and APIs
- Collaborate with development teams to ensure secure design patterns and practices
- Conduct vulnerability assessments and penetration testing on applications and APIs
- Act as a subject matter expert advising teams on emerging threats and secure coding techniques
- Perform code reviews to identify vulnerabilities and recommend mitigations
- Create security integration into the SDLC process
- Establish metrics and reporting
Requirements:
- Working knowledge of current web and application security standards and best practices (OWASP Top 10, MITRE CWE Top 25)
- Deep experience securing applications and APIs on AWS, including services like EC2, Lambda, S3, and API Gateway
- Hands-on experience with modern API security, including REST and GraphQL APIs
- Recent experience with security testing tools (., SAST, DAST, IAST, and RASP)
- Proficiency securing applications and APIs on cloud platforms (., AWS, Azure, GCP)
- Excellence in communicating business risk from cybersecurity issues
- Successful experience developing, implementing, and maintaining security polices, standards, procedures and secure SDLCs
- Proven track record of performing threat modeling, security code reviews, and penetration testing for applications and APIs
- Demonstrable programming experience in Python, TypeScript, and C#
- Agreement to obtain relevant certifications within six months of hire
Benefits:
- Comprehensive benefits package for full-time employees, including medical and dental insurance, 401(k) plan, paid time off, and paid holidays
Equal Opportunity Statement:
Morgan & Morgan provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.
E-Verify:
This employer participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the . If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completed the I-9 Form.
Privacy Policy:
Morgan & Morgan has a privacy policy in place to protect the personal information of its employees and applicants.
Jul 06, 2025
|
Jan 17, 2025
|
Tell us where to send your access instructions: