Assoc, P3, Cybersecurity Eng III Job Level Associate

The Security Design and Controls Team (SecDesign) team is part of the Cyber Data Risk & Resilience (CDRR) organization. The mission of the SecDesign team is to provide security architecture assessments of technology systems and processes to identify business risks and recommend remedial action based on established security standards or security best practices. The SecDesign Generalist is an internal consultant that is working on multiple security architecture and design assessments spanning multiple classes of technologies. It is an opportunity to get involved in multiple business units and technologies inherent to the mission of SecDesign. The Integrator works with team members (Technology Business Suppliers Stakeholders and Partners) globally to perform SecDesign assessments. To be successful as an Integrator the candidate must have broad technology experience coupled with risk management communication and time management skills. The candidate will also be working with a global team of experts on modernizing the Firms SDLC platform to enable deployment automation to private and public cloud endpoints and SaaS-based tooling. This role affords the opportunity to get in on the ground floor to help build the next generation of development and deployment tooling across a diverse set of tech stacks for the next decade.

A SecDesign Generalist has the following responsibilities:
SecDesign security analysis of the architecture or solution with the requestor of the assessment.
risks identified in relation to business risks.
assessment and provide technology risk/requirements to the requestor.
review security reference architecture (security blueprints) and conduct updates/enhancements.
in various Operational and Technology Risk governance processes.
in identifying new areas and opportunities of technology investment for the firm.
peer review signoff on security analysis (FTE only)
with Risk Officers Business stakeholders and senior management regarding identified risks and remediation deadlines. Skills and Experience

Soft Skills (Required)
communication skills: written oral presentation listening.
to influence through factual reasoning.
management: ability to handle multiple concurrent assessments plan based deliverable management strong follow up and tracking.
focus on delivery when presented with short timelines and increased involvement from senior management.
to adjust communication of technology risks vs business risks based on the audience.

Security Architecture Skills
- In depth knowledge of application network and platform security vulnerabilities. Ability to explain these vulnerabilities to developers.
- Experience in conducting Information Security IT Security Audit assessments. Presenting the outcomes of the assessment and obtaining buy in.
- Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
- Knowledge of Cloud Service Providers (AWS/Google/Azure) cloud DevOps and CI/CD
- The candidate must have working experience in at least three of the following application/network security domains: Authentication; Entitlements and identity management; Data protection; App Security; Cryptography
- Prior experience administering systems for version control (Bitbucket Github) issue tracking (Jira) continuous integration (Jenkins Github Actions) or release management.
- Knowledge of standard network model and the risks that present at each layer the functions of network equipment such as switches routers firewalls proxies VPNs and load-balancers and understanding of common network architectures.
- The candidate must have working knowledge of the primary operating systems (Unix Windows z/OS Mac OS) the configuration and management of that platform at an enterprise scale the security risks to that platform and how to mitigate those risks.
- experience in testing tools at least one of Veracode Fortify OunceLabs AppScan WebInspect Burp

Development Experience
- Even though the SecDesign Integrator role is not a development role the candidate must have previous background in programming design and application architecture.
- In order to be a practical SecDesign Integrator the candidate must have experience implementing complex applications in an enterprise environment.
- working knowledge of programming and scripting languages: Java JavaScript C# C/C Perl Python Ruby
- In-depth knowledge of web technologies such as Web Browsers Web Servers Web Services
Other Areas of Expertise
protocols and subsystems: Spring RPC SOAP MQSeries JMS RMI JMX Hibernate.
of JSP /Servlet/EJB or HTTP/HTTPS Cookies AJAX JavaScript Flex / Silverlight.
design and programming experience
of liaising with 3rd Party Entities (exchanges suppliers regulators)
in conducting and / or reviewing penetration tests dynamic vulnerability assessments and static vulnerability assessments.
of geographic regulations and their impact on Security assessments
experience in Financial Services is preferred.
or other industry qualification
- experience working with global organizations.

WHAT YOU CAN EXPECT FROM MORGAN STANLEY:

We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 89 years. Our values - putting clients first doing the right thing leading with exceptional ideas committing to diversity and inclusion and giving back - arent just beliefs they guide the decisions we make every day to do whats best for our clients communities and more than 80000 employees in 1200 offices across 42 countries. At Morgan Stanley youll find an opportunity to work alongside the best and the brightest in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey offering some of the most attractive and comprehensive employee benefits and perks in the industry. Theres also ample opportunity to move about the business for those who show passion and grit in their work.

To learn more about our offices across the globe please copy and paste into your browser.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds talents perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting developing and advancing individuals based on their skills and talents.