Morgan Stanley Alpharetta , GA 30023
Posted 2 months ago
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. We advise, originate, trade, manage and distribute capital for governments, institutions and individuals.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. We provide you a superior foundation for building a professional career where you can learn, achieve and grow.
At Morgan Stanley, we embrace integrity, excellence, teamwork and giving back. As a market leader, the talent and passion of our people is critical to our success. The people of Morgan Stanley provide our clients with the finest thinking, products and services to help them achieve even the most challenging goals.
About the Team:
The mission of the Enterprise Security Platform (ESP) team is to implement the Firm's Cybersecurity Strategy by architecting, engineering, deploying and operating technical security controls and capabilities for the Enterprise. This is achieved by continued focus on architectural rigor, automation, Agile delivery and adoption of ESP's control implementations by our users and partners. Our culture champions diversity, an inclusive environment for all, recognition and an opportunity to give back to our communities through various local charity partnerships
What You'll Do:
Lead a team of engineers to implement Morgan Stanley specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications.
Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.
Define the security rules that needs to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc.
With your development background and security knowledge, provide security guidance to developers in the form secure coding standards and guidelines.
Support security standards, create templates and patterns to increase the efficiency and adoption of security program. These skills will help you succeed in this role:
Bachelor's degree with 10 years of work experience in the IT field
3 years of experience in the following:
OWASP Secure Coding Practices
Common software and web application security vulnerabilities
Application security scanning tools
Continuous Integration/Continuous Deployment (CI/CD) processes and concepts
using relevant technologies and tools (e.g., Jenkins)
Exposure to Python scripting
Even Better If You Have
A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field
Business acumen to support the implementation of SAST or DAST or IAST across the enterprise
Ability to perform code reviews with minimal assistance
A self-starter, with a strong desire for learning new technologies and applying them to solve problems
Experience with two or more of the application build environments like Jenkins, Gradle, Maven.
Familiarity with public cloud services a plus
Experience with two or more of the Secure SDLC tools like Burp Suite, Fortify, Checkmarx, AppSec SE, Veracode, WhiteSource, Sonatype
Experience with Threat Analysis.
Experience with DevSecOps, Secure SDLC.
DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus
Experience with evaluation, integration and onboard of security tools such as RASP, WAF, vulnerability scanner results, container analyzers, open source scanning etc is a plus
Diversity Inclusion and Social Responsibility
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential.
We warmly welcome candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.
Learn more about our culture and the opportunities for professional growth at Morgan Stanley in on our LinkedIn page and YouTube channel.
Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.