Legal Staff Information Technology in Marietta, GA

Law Firm

Marietta, GA

Legal Staff Information Technology in Marietta, GA

Legal Staff

3-5 yrs required

No

Senior Application Security Engineer
- Salary: Competitive salary based on experience
- Job title: Senior Application Security Engineer
- Experience: 3-5 years in a medium to large enterprise in a similar role

Responsibilities:
- Conducting threat modelling and risk analysis to identify exposure and develop mitigation plans
- Working with DevOps, QA, and product teams to align security goals with business objectives
- Defining and implementing security standards and best practices for applications and APIs
- Collaborating with development teams to ensure secure design patterns and practices
- Conducting vulnerability assessments and penetration testing on applications and APIs
- Acting as a subject matter expert advising teams on emerging threats and secure coding techniques
- Performing code reviews to identify vulnerabilities and recommend mitigations
- Creating security integration into the SDLC process
- Establishing metrics and reporting

Requirements:
- Working knowledge of current web and application security standards and best practices (OWASP Top 10, MITRE CWE Top 25)
- Deep experience securing applications and APIs on AWS, including services like EC2, Lambda, S3, and API Gateway
- Hands-on experience with modern API security, including REST and GraphQL APIs
- Recent experience with security testing tools (., SAST, DAST, IAST, and RASP)
- Proficiency securing applications and APIs on cloud platforms (., AWS, Azure, GCP)
- Excellence in communicating business risk from cybersecurity issues
- Successful experience developing, implementing, and maintaining security polices, standards, procedures and secure SDLCs
- Proven track record of performing threat modeling, security code reviews, and penetration testing for applications and APIs
- Demonstrable programming experience in Python, TypeScript, and C#
- Agreement to obtain any of the following certifications within six months of hire:
- AWS Certified Security – Specialty or AWS Certified Solutions Architect – Associate preferred
- Any one of the five Offensive Security certifications such as OSCP
- ISC CSSLP – Certified Secure Software Lifecycle Professional
- EC-Council – CEH Certified Ethical Hacker (Master level)
- Embody trust, dignity, integrity and accountability
- Self-motivated, ambitious, and action oriented

Benefits:
- Competitive salary based on experience
- Medical and dental insurance
- 401(k) plan
- Paid time off and holidays

Equal Opportunity Statement:
Morgan & Morgan provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

E-Verify:
This employer participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the . If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completed the I-9 Form.

Privacy Policy:
Here is a link to Morgan & Morgan's privacy policy.

H1: Join Our Team as a Senior Application Security Engineer at Morgan & Morgan
H2: Protect Consumer Rights and Make a Difference as a Senior Application Security Engineer at Morgan & Morgan

Bold Headline: Competitive Salary and Excellent Benefits Package for Senior Application Security Engineer Position at Morgan & Morgan

Morgan & Morgan, a leading personal injury law firm, is seeking a highly motivated and experienced Senior Application Security Engineer to join our Cybersecurity Team. With over 3,000 employees united by one mission - For the People, our firm is dedicated to protecting consumer rights and standing up against insurance companies, large corporations, and defective goods. This role will be based out of any of our offices in the . and offers a competitive salary based on experience.

The ideal candidate for this position will have 3-5 years of experience in a medium to large enterprise in a similar role. They should also have recent development experience with modern languages and a thorough understanding of both the Microsoft Security Development Lifecycle and the AWS Well-Architected Framework.

As a Senior Application Security Engineer at Morgan & Morgan, you will be responsible for conducting threat modelling and risk analysis to identify exposure and develop mitigation plans. You will also work closely with DevOps, QA, and product teams to align security goals with business objectives. Other responsibilities include defining and implementing security standards and best practices for applications and APIs, collaborating with development teams to ensure secure design patterns and practices, and conducting vulnerability assessments and penetration testing. Additionally, you will act as a subject matter expert, advising teams on emerging threats and secure coding techniques, and perform code reviews to identify vulnerabilities and recommend mitigations. You will also have the opportunity to create security integration into the SDLC process and establish metrics and reporting.

To be considered for this role, candidates should have a working knowledge of current web and application security standards and best practices, deep experience securing applications and APIs on AWS, and hands-on experience with modern API security. They should also have recent experience with security testing tools, proficiency securing applications and APIs on cloud platforms, and excellence in communicating business risk from cybersecurity issues. Successful candidates will have a proven track record of performing threat modeling, security code reviews, and penetration testing for applications and APIs, as well as demonstrable programming experience in Python, TypeScript, and C#. Candidates must also agree to obtain one of the following certifications within six months of hire: AWS Certified Security – Specialty or AWS Certified Solutions Architect – Associate preferred, any one of the five Offensive Security certifications such as OSCP, ISC CSSLP –