Senior Cloud Security Specialist 3162977 at Morgan Stanley

Company Profile 

Morgan Stanley is a global financial services firm and a market leader in investment banking, securities, investment management and wealth management services. With offices in more than 43 countries, the people of Morgan Stanley are dedicated to providing our clients the finest thinking, products and services to help them achieve even the most challenging goals. 

As a market leader, the talent and passion of our people is critical to our success. We embrace integrity, excellence, team work and giving back.

Technology

The Technology division partners with our business units and leading technology companies to redefine how we do business in ever more global and dynamic financial markets. 

Our sizeable investment in technology results in leading-edge tools, software, and systems. Our insights, applications, and infrastructure give a competitive edge to clients’ businesses—and to our own.

Technology Risk's (Tech Risk) mandate is to enable the Firm to manage its technology related risks. The department executes the first line of defense technology risk management capabilities and implements proactive, comprehensive and consistent risk management practices across the Firm.  

Tech Risk protects the Firm’s information, systems and infrastructure from cyber and insider threats; ensures the secure and stable delivery of services to our clients; and adjusts to risks presented by an evolving threat landscape. The department delivers a range of operational capabilities, as well as suite of advanced detection, monitoring and analytics, and also provides expert advice on secure design and development and control effectiveness. Tech Risk manages responses to regulatory and client inquiries about the Firm’s technology environment and ensures Technology divisions meet governance and oversight obligations along all lines of defense, driving material and measurable risk reduction. Tech Risk maintains strategic relationships with external entities, both public and private, to facilitate information sharing and innovation in financial services, technology and government, and is also responsible for building risk education and security awareness programs to increase vigilance across the Firm.

Position Description:

Morgan Stanley is looking for a candidate to join the Cybersecurity Team within Technology and Operations Risk. The candidate should have excellent analytical, engineering and communication skills. A growth mindset is a must as you will be a member of a new team that is being formed to assess and monitor Morgan Stanley assets hosted in the public cloud (Azure and AWS) and work with the Site Reliability Engineering (SRE) teams to quickly remediate risks that are discovered.

The candidate should have a strong understanding of the global cloud landscape, how solutions running in the public cloud are maintained and monitored including how security and support actions can be automated for rapid response. In addition, a strong understanding of cybersecurity and information security with experience in at least one core functional area (e.g. Vulnerability Management, Incident Response, Security Engineering, Penetration Testing, Application Security, Red Teaming, etc.) is a plus.

You will work with partners in application development, cloud infrastructure and cybersecurity engineering to establish the direction of the program, including defining priorities, coordinating with peer teams, and leading continuous improvement efforts of our tools and systems. You will own a portfolio of tools designed to provide internal teams with leading security platform capabilities and solutions that identify and monitor security risks at a large scale, detect vulnerabilities, and increase the efficiency of response teams.

Skills Required:

- Bachelor’s degree in Computer Science, Engineering or Math is preferred but not required.
- 5+ years' experience as a software engineer / DevOps on implementing or integrating into CI/CD pipelines or migrating applications to a cloud environment.
- Developing applications for public cloud.
- Experience on building automation workflows to alert or auto remediate cloud security issues
- Experience with Automation, configuration and provisioning infrastructure-as-code using Terraform, ARM, or CloudFormation, 
- Experience with configuration management tools like Chef, Puppet, or Ansible
- Strong technical knowledge on PaaS, IaaS or SaaS cloud offerings
- Technical knowledge on container and orchestration such as Kubernetes, EKS, AKS, Docker, OpenShift
- Demonstrated data driven approach to solving problems and automating solutions.

Skills Desired: 

In addition to the core requirements, it would be beneficial to have operations background with experience in some of the following:

- Hands-on technical experience designing and/or deploying solutions to support operations or maintain Microsoft Azure and/or Amazon Web Services environments.
- Data analysis tools like ELK, Splunk, StreamAlert, Kinesis or Kafka
- Markup languages such as JSON and YAML.
- Webservices SOAP and REST API.
- Working knowledge of a scripting and programming languages (JavaScript, Python, GO, PowerShell).
- Security background and experience in some of the following:
- Understanding of current risks and threats to use of public cloud
- CI/CD pipelines and how to integrate and operate security tools within the pipeline.
- Understanding of vulnerability assessments across all layers of the network/host/application stack.
- Configuration management and patch management using automated tools.
- Vulnerability scanners (Qualys, AWS Inspector, Azure Security Center) and container scanning tools (Twistlock, Aqua).
- Knowledge and experience in a variety of technologies such as: UNIX, Windows, Networking and Storage.

Knowledge of French and English is required.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential.

Spotlight on our Montreal Technology Centre: https://www.youtube.com/watch?v=oo5GaXpCwKs
*Video dated October 2019.