Log In
Sign Up
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. We advise, originate, trade, manage and distribute capital for governments, institutions and individuals. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. We provide you a superior foundation for building a professional career where you can learn, achieve and grow. The mission of TECHNOLOGY & OPERATIONS RISK is to deliver first-line defenses to manage risks to Firm technology, information and cyber threats through risk identification, control management and assurance. This allows the business to operate and grow in a secure and legally compliant manner. Our vision is to deliver Programs that protect and enable the business, ensure secure delivery of services to our clients, adjust to address the risks presented by an evolving threat landscape, meet regulatory expectations, and offer highly attractive career opportunities. The Enterprise Security Platforms (ESP) team is – amongst other things – responsible for developing and engineering the Firm’s core security controls. The technology and solution stack spans all Firm employees as well as external clients of the Institutional Security and Wealth Management Businesses. It consists of home-grown software, 3rd party software, open source products, appliances, and auxiliary services and solutions. The successful candidate will work within ESP Application Security Fleet to design and engineer Application Security controls used within the CI/CD space. We are looking for a fungible, enthusiastic technologist with excellent communication skills and experience of developing applications in an enterprise environment with a passion for building scalable solutions. The successful candidate will help to evolve the current offerings we have, e.g. SAST code scanning tools, as well as identifying and evaluating the next generation of tools as we move to cloud-based development environments. We are looking for someone with a strong developer background and application security knowledge. This is an ideal role for someone looking to broaden their experience in application security working in a complex, mission critical, security focused enterprise environment. You will be part of an emerging, dynamic team which is core to the firms application security strategy. You are bright and have a strong work ethic, with experience working in an agile environment. You will also have strong analytical and problem-solving abilities, coupled with excellent development, communication, and organizational skills Responsibilities: The role covers a broad range of activities in the Application Security space including design, development, evaluations as well as product engineering/integration and operating the services that we provide. * Setting up and performing PoCs within lab environments as well as in non-prod environments to enable stakeholders to test/validate solutions and solicit real world feedback etc. to drive meaningful evaluations over pure lab exercises * Documenting findings/presenting recommendations back to stakeholders to enable the Firm to make informed and effective product choices * Hands-on engineering integration engineering will form a key part of this role, as part of a collaborative, agile squad e.g. integrating vendor solutions into our processes, control gates, authn/authz etc. * There will be plenty of scope to take an active part in the architecture, design, build and implementation of the solution. * Automating manual operational processes and integrating automations into CICD pipelines. * Implementing automated testing for resilience and reliability, e.g. load testing, chaos engineering, synthetic monitoring, real-user monitoring * Developing configuration-as-code models that align to CICD Pipelines and SRE best practices. * Implementing software development lifecycle best practices through the adoption of standard tools/services for reliability. * Implementing self-service tools to reduce toil both within the squad and for our customers. * Building dashboards, alerts, and optimized queries for observability of system reliability with a focus on SLOs, error budgets, and toil management * Building documentation for both tribal knowledge and SRE processes within the squad through documentation-as-code framework. QUALIFICATIONS Requirements Required Skills * A developer background/strong understanding of modern development practices * Strong research, analytical, and problem-solving skills * Ability to write robust, maintainable code in Python at an OO level * Good knowledge of DevOps CI/CD workflows, tools and integration points and experience integrating security into SDLC * Experience in design/build/maintain large scale, high performance, distributed systems * Good knowledge of running systems/applications in an enterprise IT environment, comprised by bare mental, VM, and containers. * Good knowledge/experience of the Application Security space and tools, e.g. OWASP Top 10, SAST, DAST etc. * Experience in what a good Application Security developer experience looks like to increase adoption and value * Excellent verbal and written communication skills coupled with a collaborative approach * Good infrastructure knowledge, e.g. networking, linux, security etc. Other Desired Skills * Product experience with Microfocus Fortify and/or Contrast Security * Knowledge/experience in Cloud based CI/CD environments/SaaS tooling * Experience with Github Enterprise and integrating SaaS solutions * Understanding of OSS management in an enterprise environment * Knowledge in Git, Jenkins, Docker, Public Cloud management * Strong design and architecture skills, e.g. configuration schema design, process re-engineering and automation etc. * Kubernetes/Cloud experience also advantageous * Experience in product integration,e.g. taking open source products/tools and deploying/integrating them into an enterprise environment * An automation/orchestration mind-set, enable the product squads to spend more time coding and less time on manual processes
