Position Profile:As a key component of the firm's Technology organisation, the Cyber Data Risk and Resiliency (CDRR) department's mandate is to enable the Firm to manage technology risk through modern, cloud-aligned and AI-informed security practices. CDRR executes first line of defence technology risk management capabilities and implements proactive, comprehensive, and consistent risk management across on-premises and Azure-hosted services.
CDRR protects the Firm's information, endpoints, and infrastructure from cyber and insider threats by delivering operational capabilities and a suite of advanced detection, monitoring, analytics, and automation. The department is driving the implementation and operationalization of AI-assisted investigation and response capabilities (including Microsoft Security Copilot)-covering onboarding, integration with the Microsoft security stack, governance/controls, and measurable improvements to triage speed and response quality. CDRR provides expert advice on secure design, development, and control effectiveness across enterprise endpoints and the Azure platform.
The Team:The Endpoint Security Team mandate is to implement the Firm's Cybersecurity Strategy by architecting, engineering, deploying, and operating technical security controls and capabilities for the Enterprise across on-premises and the Azure platform. The team designs, develops, and operates solutions that protect desktops, laptops, servers, and cloud resources from malicious internal and external threats by implementing preventative and hardening controls, enabling real-time endpoint detection and response, and leading the implementation of AI-enabled security operations capabilities (including Microsoft Security Copilot)-from solution design and integration through governance, rollout, and ongoing optimization.
Role Profile & Expectations:- You will be part of a Global (North America, Europe, Asia) cross-disciplined Agile team working with DevOps practices within the firm's Endpoint Security team, partnering closely with Azure platform and security operations stakeholders.
- You will have strong Windows Desktop/Infrastructure/Security knowledge and experience operating at very-large enterprise scale across on-premises and Azure environments, including identity, endpoint, and cloud security controls.
- You will have strong analytical and problem-solving abilities, with experience using security telemetry and analytics to drive decisions, and the communication skills to translate findings into clear actions-including helping implement Microsoft Security Copilot by defining high-value use cases, creating prompt/runbook patterns, validating outputs, and partnering with security operations to drive adoption.
- You will be responsible for continuously improving the quality of our technology solutions through peer review, retrospectives, refactoring and automation, and by building, operationalizing, and maintaining repeatable AI-assisted runbooks and workflows (including Microsoft Security Copilot) to increase consistency, improve auditability, and reduce mean time to detect/respond.
Required Skills:- 10+ years hands-on Enterprise-class Information Technology experience, including security engineering for Windows and cloud platforms (Azure).
- Strong knowledge of Windows operating system and endpoint internals at 50,000+ endpoint scale, including modern security telemetry and endpoint protection capabilities.
- Ability to troubleshoot complex Windows OS environments across hybrid architectures (on-premises and Azure), including identity, networking, and security control interactions.
- Advanced Infrastructure as Code and automation (e.g. Ansible) with Generative AI to streamline playbook creation and infrastructure workflows for efficient operations.
- Competency with scripting/automation languages such as PowerShell, Python, Perl etc., and the ability to codify operational runbooks (including integrating AI-assisted workflows where appropriate).
- Experience in designing/engineering/architecting new security solutions from proof of concept to production, including Azure-aligned architectures and operational readiness.
- Dedication and passion for cybersecurity technologies, with an AI-first and continuous-learning mindset, including a drive to evaluate, implement, and mature emerging capabilities like Microsoft Security Copilot in an enterprise environment.
Desired Skills:- Experience with Enterprise-class endpoint and cloud security technologies, especially within the Microsoft security stack (e.g., Microsoft Defender for Endpoint, Microsoft Defender for Cloud, BitLocker, and related capabilities), including experience implementing and operationalizing Microsoft Security Copilot (e.g., integrations, governance/controls, use-case development, rollout, and continuous tuning).
- Experience with Disk Encryption (e.g. BitLocker) and hardening operating systems.
- Experience with Microsoft Defender for Cloud Apps (and broader Microsoft security ecosystem integrations). Experience with SCCM/Intune for software deployment and endpoint management, and security logging/analytics platforms such as Splunk and/or Microsoft Sentinel/Azure Monitor for dashboards, reporting, and investigation.
- Experience working in a DevOps/SRE aligned team.
- Effective troubleshooting skills across hardware, OS, network, and storage.
- Experience of platform design, build and deployment, with a focus on continual service improvement (CI/CD).
- Experience of working in an Agile environment.
- Experience with Unix/Linux, and MacOS sysadmin a benefit.
- Experience with API implementations and key management, including HSM-backed designs and/or Azure Key Vault.
- Enterprise security industry certifications (CISSP, SANS, GSEC etc).
- Solutions Architect Certifications in either AWS and Azure.
Expected base pay rates for the role will be between $150,000 and $210,000 per year at the commencement of employment. However, base pay if hired will be determined on an individualized basis and is only part of the total compensation package, which, depending on the position, may also include commission earnings, incentive compensation, discretionary bonuses, other short and long-term incentive packages, and other Morgan Stanley sponsored benefit programs
