Legal Staff Information Technology in Seattle, WA

Law Firm

Seattle, WA

Legal Staff Information Technology in Seattle, WA

Legal Staff

3-5 yrs required

No

Job Title: Senior Application Security Engineer
Salary: Competitive salary based on experience
Experience: 3-5 years in a medium to large enterprise

Job Description:

Morgan & Morgan is seeking a Senior Application Security Engineer to join our Cybersecurity Team. This role will be based out of any of our offices in the . and the ideal candidate will have 3-5 years of experience in a similar role. The successful candidate should have recent development experience with modern languages and a strong understanding of both the Microsoft Security Development Lifecycle and the AWS Well-Architected Framework.

Responsibilities:

- Conduct threat modelling and risk analysis to identify exposure and develop mitigation plans
- Collaborate with DevOps, QA, and product teams to align security goals with business objectives
- Define and implement security standards and best practices for applications and APIs
- Work with development teams to ensure secure design patterns and practices
- Perform vulnerability assessments and penetration testing on applications and APIs
- Act as a subject matter expert in advising teams on emerging threats and secure coding techniques
- Conduct code reviews to identify vulnerabilities and recommend mitigations
- Create security integration into the SDLC process
- Establish metrics and reporting

Requirements:

- Working knowledge of current web and application security standards and best practices (OWASP Top 10, MITRE CWE Top 25)
- Deep experience securing applications and APIs on AWS, including services like EC2, Lambda, S3, and API Gateway
- Hands-on experience with modern API security, including REST and GraphQL APIs
- Recent experience with security testing tools (., SAST, DAST, IAST, and RASP)
- Proficiency securing applications and APIs on cloud platforms (., AWS, Azure, GCP)
- Excellent communication skills in conveying business risk from cybersecurity issues
- Successful experience in developing, implementing, and maintaining security policies, standards, procedures, and secure SDLCs
- Proven track record in performing threat modeling, security code reviews, and penetration testing for applications and APIs
- Demonstrable programming experience in Python, TypeScript, and C#
- Agreement to obtain any of the following certifications within six months of hire:
- AWS Certified Security – Specialty or AWS Certified Solutions Architect – Associate preferred
- Any one of the five Offensive Security certifications such as OSCP
- ISC CSSLP – Certified Secure Software Lifecycle Professional
- EC-Council – CEH Certified Ethical Hacker (Master level)
- Strong values in trust, dignity, integrity, and accountability
- Self-motivated, ambitious, and action-oriented

Benefits:

- Competitive salary based on experience
- Medical and dental insurance
- 401(k) plan
- Paid time off and holidays

Equal Opportunity Statement:

Morgan & Morgan is an equal opportunity employer and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

E-Verify:

This employer participates in E-Verify and will confirm your authorization to work in the . If E-Verify is unable to confirm your authorization, you will be given instructions to contact the appropriate government agencies to resolve the issue before any action is taken against you.

Privacy Policy:

Please refer to Morgan & Morgan's privacy policy for more information.