Job Description

Morgan Stanley is currently undergoing a transformation as we look to move more workloads to the public cloud and modernize our information technology stack. This is a unique opportunity to grow with a world class organization as the industry undergoes a technology revolution.

This position will be part of the Cloud Security Architecture (CSA) and is part of the Technology & Operations Risk (TOR) organization. The mission of the CSA team is to conduct comprehensive security evaluations and provide architectural/design guidance for current and emerging cloud technologies to be used in the Firm.

This highly leveraged internal position within Morgan Stanley's IT Security organization has excellent growth potential. The CSA team works with IT groups on a global basis to ensure that IT projects are executed using secure and approved patterns.

This role requires hands-on experience in cloud, application and/or infrastructure security, technology risk management in a highly regulated environment as well as great organizational and communication (verbal and written) skills.

Specific role responsibilities include:

- Provide security expertise to engineering and development teams, acting as a project team member providing consulting advice ensuring security requirements are integrated in the project.

- Provide specific security expertise to engineering teams by identifying and creating patterns and blueprints for repeatable security, infrastructure and application instantiations. Blueprints and patterns may address such areas as network design, database access, authentication methods, encryption requirements, key management, entitlement design, identity management, logging, and input validation, secure data transfer among others. This involves liaising with other technology subject matter experts to build consensus, outlining areas of improvement in written form and explaining concerns early on.

- Identify areas of risk on projects where security requirements cannot be fully addressed in the required time frame of the project.

- Document and present those risks to senior business, IT and Security team members.

- Help identify areas of security the firm might want to invest in improve IT security.

- Product security case reports to document and highlight specific risks along with potential mitigations.

QUALIFICATIONS

Skills Required:

- 5 to 8 years of information security experience

- Bachelor's degree in Computer Science, Management of Information Systems Security, or equivalent professional experience

- Excellent communication and writing skills / interpersonal skills to be able to interact at all levels & be effective as part of a broader team, capable of taking broad objectives and create and execute a concrete plan- Ability to influence and engage with senior management

- Experience in an information security (application and/or infrastructure) role in an enterprise environment.

- 2 or more years of experience building cloud architecture with such as Amazon Web Services (AWS), Azure, Google Cloud, using Azure Resource Manager, Azure IaaS, PaaS offerings and services in Azure Commercial offerings or the AWS equivalent products and services.

- In depth understanding of cloud cybersecurity standards, frameworks and best practices.

- Ability to quickly adapt to changing priorities and demands

- Ability to work independently with minimal direction; self-starter/self-motivated

Skills Desired:

- Experience with technologies for protecting data at rest and in transit along with key proper management practices.

- Experience with PKI

- Experience with Modern Authentication Technologies such as OAuth2, OpenID Connect and SAML 2.0

- Experience with Docker or other Linux Container technologies

- Experience with Kubernetes or similar workload orchestration

- Knowledge of traditional network technologies, such as firewalls, NAT, Load balancers, and web proxies

- Experience with Software Defined Networking Technologies

- Experience with infrastructure as code tools, such as Hashicorp Terraform

- Experience with CI/CD pipelines and cloud deployment autmoation

- Knowledge of traditional security concepts such as patch/vulnerability management, input validation, authentication, authorization

Valid through: 2/9/2021

About Morgan Stanley

Dean Witter Reynolds was an American stock brokerage and securities firm catering to retail clients. Prior to the company's acquisition, it was among the largest retail firms in the securities industry with over 9,000 account executives and was among the largest members of the New York Stock Exchange. The company served over 3.2 million clients primarily in the U.S. Dean Witter provided debt and equity underwriting and brokerage as mutual funds and other saving and investment products for individual investors. The company's asset management arm, Dean Witter InterCapital, with total assets of $90.0 billion prior to the acquisition, was one of the largest asset management operations in the U.S. Dean Witter Reynolds was founded in 1978 as the merger of Dean Witter & Co. and Reynolds Securities, which was then the biggest merger in the history of Wall Street. The company was acquired by Sears in 1981, and was renamed "Dean Witter, Discover & Co." in 1993 when Sears spun off the company. The company also owned Discover Card. In 1997, Dean Witter, Discover & Co. merged with investment banking house Morgan Stanley to form "Morgan Stanley Dean Witter & Discover Co.". The combined firm later dropped the "Discover Co." name in 1998 and further the "Dean Witter" name in 2001. In 2009, the Dean Witter retail operations were transferred to Morgan Stanley Smith Barney, a joint venture with Citigroup.

Total Jobs:

Total Experts:

Average Pay:

Total value of jobs:

% Masters: