We are looking for a high-preforming individual looking to advance their career in our Global Information Security Team.

We need a motivated and detail-oriented Product SaaS Security Specialist to join our growing security team.

This subject matter expert level role is ideal for candidates with good knowledge in application security and a passion for securing modern web, mobile, and enterprise applications.

You will work closely with global development teams to design secure applications, design identity and access management, model secure data flows, define encryption, data masking and anonymization, perform vulnerability assessments, support penetration testing activities, and contribute to our ongoing security monitoring and incident response efforts.

The product security specialist will be assisting development teams in securing systems and applications at every stage of the software development lifecycle, ensuring that the principles of 'Security by design' and 'Security by default' are followed, thereby integrating security into the DevOps and SDLC process.

The role will work in partnership with wider Dev team, IT Infrastructure, Technology, EUC support, business, and product teams to maintain and improve technical tools, set of controls and incident response process.

Responsibilities :

- Assist in designing, implementing, testing and review of application security controls across system development projects.

- Assist in reviewing, design and implement Authentication, Authorization and IAM controls across various applications and environments.

- Performing application IAM design reviews and access recertifications.

- Contribute to the development and implementation of security policies, requirements and guidelines.

- Help to address information security incidents

- Provide security guidance and best practices to development teams on secure coding principles.

- Collaborate with global application development teams to promote secure coding practices and assist with threat modelling.

- Perform threat modelling and document potential security risks for new and existing features.

- Participate in security reviews for application architecture, code changes & design documents.

- Perform vulnerability assessments and penetration testing of applications, APIs, and web services.

- Identify, document, and report security vulnerabilities with clear and concise remediation recommendations.

- Support the identification, tracking, and remediation of security vulnerabilities across applications

- Monitor security tools and dashboards to detect threats and weaknesses in real-time.

- Stay current with the latest application security trends, tools, and technologies.

- Contribute to documentation of security standards, guidelines, and procedures.

- Support internal security audits and compliance initiatives (e.g., ISO 27001, SOC 2, etc.)

Qualifications & Technologies :

- Bachelors degree in computer science, IT engineering, or equivalent.

- 3- 5 years of experience in application security or software development with a strong interest in security.

- Familiarity with Secure Development Lifecycle (SDLC) practices

- Understanding of common web application vulnerabilities (e.g., OWASP Top 10) and mitigation techniques.

- Familiarity with security testing tools and techniques (e.g., Burp Suite, OWASP ZAP, static & dynamic analysis tools or similar).

- Understanding of programming languages (e.g., Java, Python, JavaScript, SQL) and web technologies.

- Understanding of authentication/authorization protocols: OAuth2.0, OpenID Connect, SAML)

- Experience with cloud security concepts (e.g., AWS, Azure, GCP).

- Experience with coding and scripting languages (e.g., Python, Bash, PowerShell).

- Experience on Git, Sentinel One, Microsoft Azure AD, Microsoft Windows Server, Microsoft Defender Suite, Microsoft Compliance Suite, Mimecast, Sentinel One, Threat Aware, Darktrace, Tenable/Nessus, Kali Linux, AWS Security, BitSight, knowb4.com, SolarWinds.

- Professional level technical security management certification (Microsoft SC, EC-Council, CompTIA)

Why Morae?

Moraes approach to employee development is unique in the marketplace.

At Morae employees are given opportunities to progress at their own pace and to influence the course of their professional growth.

This includes having the opportunity to earn a client facing role or even an oversight role within their first year!

About Morae :

Morae is a dynamic, high-growth organization that provides an integrated suite of solutions to corporate law departments and law firms, and partners with leading software and services providers, both within and outside the legal industry.

We are a young company but are made up of seasoned professionals in the legal industry, with a focus on building productive long-term relationships with employees and clients in an environment where collaboration is encouraged, knowledge is shared freely, and diversity of thought, cultures, communities, and points of view is embraced.

Our team has the vision to create an effective solution for any business problem and the experience to execute that vision.