Consultant Conversion Cybersecurity Ops III Associate

We are seeking a highly skilled and motivated operations-focused engineer to join our team. This individual will play a critical role in maintaining operational excellence in a 24/7 environment. The candidate will act as the Incident Commander for high-impact service/application incidents drive automation to reduce manual tasks and collaborate with cross-functional teams to enhance the resilience and reliability of our infrastructure.

In the Technology division we leverage innovation to build the connections and capabilities that power our Firm enabling our clients and colleagues to redefine markets and shape the future of our communities. This is a Cyber Security Ops III position at the Associate level which is part of the job family responsible for monitoring detecting and responding to security incidents to ensure the organizations systems and data are protected from actual and potential threats or breaches.

Morgan Stanley is an industry leader in financial services known for mobilizing capital to help governments corporations institutions and individuals around the world achieve their financial goals.

Interested in joining a team thats eager to create innovate and make an impact on the world Read on.

What youll do in the role:

Application Security Oversight

• Lead the identification and mitigation of application vulnerabilities (e.g. OWASP Top 10 CWE/SANS Top 25).
• Champion secure coding practices and guide development teams in remediation strategies.
• Conduct threat modeling and risk assessments for new and existing applications.

SAST DAST & OSS Vulnerability Management

• Configure optimize and maintain Static and Dynamic Application Security Testing tools (e.g. Checkmarx Fortify SonarQube Veracode).
• Integrate security scans into CI/CD pipelines and ensure scan coverage across development workflows.
• Analyze scan results triage findings and provide actionable remediation guidance.
• Manage open source software (OSS) vulnerabilities using Software Composition Analysis (SCA) tools such as Snyk Xray or Black Duck.
• Monitor OSS dependencies for known CVEs license compliance and supply chain risks.
• Collaborate with developers to remediate OSS vulnerabilities and ensure secure dependency management.

Code & Architecture Review

• Perform manual and automated code reviews in Java Python C# JavaScript and other languages.
• Collaborate with architects and developers to embed security into application design and architecture.

Vulnerability Management

• Lead vulnerability assessments using tools like Nessus Qualys or Burp Suite.
• Prioritize vulnerabilities based on CVSS scores exploitability and business impact.
• Track remediation efforts and ensure timely closure of security issues.

Documentation & Compliance

• Maintain internal documentation of security findings scan results and remediation plans using Confluence or SharePoint.
• Ensure compliance with regulatory standards (e.g. PCI-DSS GDPR SOC 2).
• Support audit and reporting requirements with detailed evidence and metrics.

Collaboration & Mentorship

• Act as a subject matter expert (SME) for application security within cross-functional teams.
• Mentor junior analysts and developers on secure development practices.
• Engage with stakeholders via Microsoft Teams Jira and email to drive security initiatives.

What youll bring to the role:

Technical Skills

• Deep understanding of secure SDLC DevSecOps and threat modeling (e.g. STRIDE).
• Proficiency with SAST/DAST/SCA tools and container security (e.g. Trivy Clair Prisma).
• Experience with OSS vulnerability management and CVE tracking.
• Familiarity with cloud security (AWS Azure) CI/CD tools (Jenkins GitLab) and scripting (Python Bash).

Soft Skills

• Strong analytical and problem-solving skills.
• Excellent communication and stakeholder engagement.
• Ability to lead projects and influence security culture across teams.

Education & Certifications

• Bachelors degree in Computer Science Information Security or related field.

WHAT YOU CAN EXPECT FROM MORGAN STANLEY:

We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 89 years. Our values - putting clients first doing the right thing leading with exceptional ideas committing to diversity and inclusion and giving back - arent just beliefs they guide the decisions we make every day to do whats best for our clients communities and more than 80000 employees in 1200 offices across 42 countries. At Morgan Stanley youll find an opportunity to work alongside the best and the brightest in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey offering some of the most attractive and comprehensive employee benefits and perks in the industry. Theres also ample opportunity to move about the business for those who show passion and grit in their work.

To learn more about our offices across the globe please copy and paste into your browser.

Morgan Stanleys goal is to build and maintain a workforce that is diverse in experience and background but uniform in reflecting our standards of integrity and excellence. Consequently our recruiting efforts reflect our desire to attract and retain the best and brightest from all talent pools. We want to be the first choice for prospective employees.

It is the policy of the Firm to ensure equal employment opportunity without discrimination or harassment on the basis of race color religion creed age sex sex stereotype gender gender identity or expression transgender sexual orientation national origin citizenship disability marital and civil partnership/union status pregnancy veteran or military service status genetic information or any other characteristic protected by law.

Morgan Stanley is an equal opportunity employer committed to diversifying its workforce (M/F/Disability/Vet).