Senior Application Security Engineer- Fully Remote
Morgan Morgan, United States
Job Description
Morgan amp; Morgan, P.A. is the largest plaintiffs’ law firm in the country, with offices in more than 40 cities, 4,000 employees nationwide, and over 30 years in the industry. We are on a mission to consistently deliver the best results for our clients. We are disrupting the legal industry with our start up mentality, always growing and pushing the limits.
The work we do actually changes people’s lives. If you have this passion for what you do, you can make a serious impact in the entire United States of America. We are unlike any law firm you’ve ever come in contact with. We are a technology company that just happens to practice law.
We are continuing to impact the ever-changing space of technology. To support our vision in delivering the premier client/attorney experience, we are seeking a Senior Application Security Engineer who will drive secure coding and SDLC efforts, participate in project security reviews, penetration testing, and application scanning processes. This role is a critical component to our growth strategy and the implementation of ground breaking technologies.
Responsibilities:
- Defining security requirements, designing secure solutions for IT implementations and providing general cyber security support in agreement with current policies, procedures, standards and best practices
- Documenting and communicating the security standards, policies and solutions to allow for quicker and easier adoption
- Providing technical guidance and act as a subject matter expert for application security issues
- Software development and web security testing
- Create security integration into the SDLC process
- Identify areas for automation and driving the implementation of automation to increase code coverage and help evolve security features and services
- Establish metrics and reporting to track coverage and effectiveness of security processes
- Leverage the tools and processes used throughout IT with product and developers to conduct security reviews and define security requirements
- Collaborate on security initiatives and promote security standards across the department
- Conduct threat modelling and risk analysis to identify exposure and develop mitigation plans
Requirements
- In-depth knowledge of current web security standards and best practices (OWASP Top 10, SANS Top 25, CWE), vulnerabilities and corresponding mitigation techniques
- Enterprise experience with tools from vendors such as Rapid7, Qualys, Tenable, Whitehat, Veracode, HPE, and SonarCube
- Expert knowledge of industry recognized Web Application Firewall solutions
- Effective communications skills to provide application security subject matter expertise to cross functional teams involving Engineering, DevOps, Product, and IT
- Expert experience developing, implementing, and maintaining security polices, standards, procedures and secure SDLCs
- Demonstrable proficiency and working knowledge with a scripting language (Bash, PowerShell, Python, Perl)
- Required any of the following active certifications
- Any one of the five Offensive Security certifications such as OSCP
- ISC CSSLP Certified Secure Software Lifecycle Professional
- EC-Council CEH Certified Ethical Hacker (Master level)
- Self-motivated, ambitious, and action oriented
- Embody trust, dignity, integrity and accountability
- Practitioner of autonomous competitive learning
Benefits
At Morgan amp; Morgan, we know that great people make a great organization. We value our people and offer employees a broad range of benefits including medical, dental, vision, PTO, 401K, and paid holidays.