Security Engineering (Engineering)

Morgan Stanley Alpharetta , GA 30023

Posted 2 months ago

About Us:

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. We advise, originate, trade, manage and distribute capital for governments, institutions and individuals.

As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. We provide you a superior foundation for building a professional career where you can learn, achieve and grow.

At Morgan Stanley, we embrace integrity, excellence, teamwork and giving back. As a market leader, the talent and passion of our people is critical to our success. The people of Morgan Stanley provide our clients with the finest thinking, products and services to help them achieve even the most challenging goals.

About the Team:

The mission of the Enterprise Security Platform (ESP) team is to implement the Firm's Cybersecurity Strategy by architecting, engineering, deploying and operating technical security controls and capabilities for the Enterprise. This is achieved by continued focus on architectural rigor, automation, Agile delivery and adoption of ESP's control implementations by our users and partners. Our culture champions diversity, an inclusive environment for all, recognition and an opportunity to give back to our communities through various local charity partnerships

What You'll Do:

Lead a team of engineers to implement Morgan Stanley specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications.

Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.

Define the security rules that needs to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc.

With your development background and security knowledge, provide security guidance to developers in the form secure coding standards and guidelines.

Support security standards, create templates and patterns to increase the efficiency and adoption of security program. These skills will help you succeed in this role:

Bachelor's degree with 10 years of work experience in the IT field

3 years software development experience using Java, JavaScript

3 years of experience in the following:

OWASP Secure Coding Practices

Common software and web application security vulnerabilities

Application security scanning tools

Continuous Integration/Continuous Deployment (CI/CD) processes and concepts

using relevant technologies and tools (e.g., Jenkins)

Exposure to Python scripting

Even Better If You Have

A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field

Business acumen to support the implementation of SAST or DAST or IAST across the enterprise

Ability to perform code reviews with minimal assistance

A self-starter, with a strong desire for learning new technologies and applying them to solve problems

Experience with two or more of the application build environments like Jenkins, Gradle, Maven.

Familiarity with public cloud services a plus

Experience with two or more of the Secure SDLC tools like Burp Suite, Fortify, Checkmarx, AppSec SE, Veracode, WhiteSource, Sonatype

Experience with Threat Analysis.

Experience with DevSecOps, Secure SDLC.

DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus

Experience with evaluation, integration and onboard of security tools such as RASP, WAF, vulnerability scanner results, container analyzers, open source scanning etc is a plus

Diversity Inclusion and Social Responsibility

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential.

We warmly welcome candidates of diverse origin, background, ability, age, sexual orientation, gender identity and personality. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.

Learn more about our culture and the opportunities for professional growth at Morgan Stanley in on our LinkedIn page and YouTube channel.

Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Public Cloud Security Software Engineering

Morgan Stanley

Posted 1 week ago

VIEW JOBS 9/24/2022 12:00:00 AM 2022-12-23T00:00 <p>The Cloud Product Security team is part of Cloud Security team, within the Technology</p><p>and Operational Risk organization. The mission of Product Security is to safely enable the Firm's data,</p><p>infrastructure, and systems in off-premises environments. This includes teams that define strategy and</p><p>architecture, manage product lifecycle and features, and build applications and services to secure the</p><p>Firm's journey to the cloud. The successful candidate will be an individual contributor with a background</p><p>in software engineering and an interest in building large-scale, cutting-edge systems to solve complex</p><p>problems in the cloud.</p><p>The Cloud Product Security team sets the vision and strategy for Morgan Stanley's use of cloud security</p><p>products and services. The team translates that strategy into a product roadmap and backlog and builds</p><p>software to deliver security capabilities that enable new business and reduce risk to the Firm.</p><p>Specific role responsibilities include:</p><ul><li><p>Work in an agile development team to design and build new products and features</p></li><li><p>Ensure code is delivered on time and meets story acceptance criteria and definition of done</p></li><li><p>Deliver quality software as measured by coverage, complexity, defect escape, vulnerabilities, etc.</p></li><li><p>Create deployment and test automation to continuously deliver software releases</p></li><li><p>Build software systems that are observable, resilient, and recoverable</p></li><li><p>Engage proactively with customers to better understand their needs and obtain feedback</p></li><li><p>Contribute to maintaining a high level of engineering rigor within the team</p></li></ul><p>Required Skills:</p><ul><li><p>Hiring various levels: minimum of 2-10 years of experience in software engineering in an agile environment</p></li><li><p>Software development knowledge including Java, Python, Golang or Rust</p></li><li><p>Hands-on experience with at least one major public cloud provider</p></li><li><p>Understanding of distributed systems and event-driven architectures</p></li><li><p>Knowledge of SQL, NoSQL, and distributed databases</p></li><li><p>Experience with automation and CI/CD tools and practices</p></li><li><p>Experience working with and understanding the needs of customers or clients</p></li><li><p>Excellent communication and interpersonal skills, to be able to interact at all levels and be effective</p></li></ul><p>as part of a broader team</p><ul><li><p>Ability to write documentation for all types of audiences, including documentation in code</p></li><li><p>Comfort with working with a geographically distributed team</p></li></ul><p>Skills Desired:</p><ul><li><p>Knowledge of public cloud security practices and product offerings</p></li><li><p>Knowledge of authentication technologies such as OAuth2, OpenID Connect, and SAML 2.0</p></li><li><p>Knowledge of Kubernetes and/or other similar workload orchestration technologies</p></li><li><p>Knowledge of PKI and key management</p></li></ul> Morgan Stanley Alpharetta GA

Security Engineering (Engineering)

Morgan Stanley