Morgan Stanley
Junior Security Architect-Security and Design Architecture
Morgan Stanley - Alpharetta, Georgia, United States, 30239Work at Morgan Stanley
Overview
- Apply
Overview
The Security Design and Controls Team (SecDesign) team is part of the Cyber Data Risk & Resilience (CDRR) organization. The mission of the SecDesign team is to provide security architecture assessments of technology systems and processes to identify business risks and recommend remedial action based on established security standards or security best practices. The SecDesign Generalist is an internal consultant that is working on multiple security architecture and design assessments spanning multiple classes of technologies. It is an opportunity to get involved in multiple business units and technologies inherent to the mission of SecDesign. The Integrator works with team members (Technology, Business, Suppliers, Stakeholders and Partners) globally to perform SecDesign assessments. To be successful as an Integrator the candidate must have broad technology experience coupled with risk management, communication, and time management skills. The candidate will also be working with a global team of experts on modernizing the Firm's SDLC platform to enable deployment automation to private and public cloud endpoints and SaaS-based tooling. This role affords the opportunity to get in on the ground floor to help build the next-generation of development and deployment tooling across a diverse set of tech stacks for the next decade
A SecDesign Generalist has the following responsibilities:
Lead SecDesign deep dives with the requestor of the assessment
Prioritize risks identified in relation to business risks
Conduct assessment and provide technology risk/requirements to the requestor. Areas covered: a. Authentication, Authorization, Auditing b. Application Security - Session Security, Vulnerability/Pen Testing items, Input Validation c. Secure data transport and storage d. Network Security Principles and best practices e. Cloud Security Principles and best practices
Periodically review security reference architecture (security blueprints) and conduct updates/enhancements
Participate in various Operational and Technology Risk governance processes Assist in identifying new areas and opportunities of technology investment for the firm
#LI-CG2
Soft Skills (Required)
Excellent communication skills: written, oral, presentation, listening
Ability to influence through factual reasoning
Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking
Strong focus on delivery when presented with short timelines and increased involvement from senior management
Ability to adjust communication of technology risks vs business risks based on the audience
Security Architecture Skills
Required - In depth knowledge of application, network and platform security vulnerabilities. Ability to explain these vulnerabilities to developers
Required - Experience in conducting Information Security, IT Security, Audit assessments. Presenting the outcomes of the assessment and obtaining buy in.
Required - Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
Required - Knowledge of Cloud Service Providers (AWS/Google/Azure) cloud, DevOps and CI/CD
Required - The candidate must have working experience in at least three of the following application/network security domains: a. Authentication: SAML, SiteMinder, Kerberos, OpenId b. Entitlements and identity management c. Data protection, data leakage prevention and secure data transfer and storage d. App Security - validation checking, software attack methodologies e. Cryptography - encryption and hashing
Desired - Prior experience administering systems for version control (Bitbucket, Github), issue tracking (Jira), continuous integration (Jenkins, Github Actions), or release management.
Desired - Knowledge of standard network model and the risks that present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, VPNs, and load-balancers, and understanding of common network architectures.
Desired - The candidate must have working knowledge of the primary operating systems (Unix, Windows, z/OS, Mac OS), the configuration and management of that platform at an enterprise scale, the security risks to that platform, and how to mitigate those risks.
Desired - experience in testing tools, at least one of Veracode, Fortify, OunceLabs, AppScan, WebInspect, Burp Development Experience
Required - Even though the SecDesign Integrator role is not a development role, the candidate must have previous background in programming, design and application architecture.
Required - In order to be a practical SecDesign Integrator the candidate must have experience implementing complex applications in an enterprise environment.
Required - working knowledge of programming and scripting languages: Java, JavaScript, C#, C/C , Perl, Python, Ruby
Desired - In-depth knowledge of web technologies such as Web Browsers, Web Servers, Web Services Other Areas of Expertise
Frameworks, protocols and subsystems: J2EE, .NET, Spring, RPC, SOAP, MQSeries, JMS, RMI, JMX, Hibernate.
Knowledge of JSP /Servlet/EJB or ASP.NET, HTTP/HTTPS, Cookies, AJAX, JavaScript, Flex / Silverlight.
Database design and programming experience
Experience of liaising with 3rd Party Entities (exchanges, suppliers, regulators)
Experience in conducting and / or reviewing penetration tests, dynamic vulnerability assessments and static vulnerability assessments
Understanding of geographic regulations and their impact on Security assessments
Previous experience in Financial Services is preferred
CISSP or other industry qualification
Desired - experience working with global organizations Educational Requirements Bachelor's Degree (or equivalent) with minimum 5 years relevant work experience in high-paced, enterprise environment
Morgan Stanley's goal is to build and maintain a workforce that is diverse in experience and background but uniform in reflecting our standards of integrity and excellence. Consequently, our recruiting efforts reflect our desire to attract and retain the best and brightest from all talent pools. We want to be the first choice for prospective employees.
It is the policy of the Firm to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, creed, age, sex, sex stereotype, gender, gender identity or expression, transgender, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy, veteran or military service status, genetic information, or any other characteristic protected by law.
Morgan Stanley is an equal opportunity employer committed to diversifying its workforce (M/F/Disability/Vet).
#LI-CG2
Job:
* Engineering
Title:
Junior Security Architect-Security and Design Architecture
Location:
Georgia-Alpharetta
Requisition ID:
3249313
A SecDesign Generalist has the following responsibilities:
Lead SecDesign deep dives with the requestor of the assessment
Prioritize risks identified in relation to business risks
Conduct assessment and provide technology risk/requirements to the requestor. Areas covered: a. Authentication, Authorization, Auditing b. Application Security - Session Security, Vulnerability/Pen Testing items, Input Validation c. Secure data transport and storage d. Network Security Principles and best practices e. Cloud Security Principles and best practices
Periodically review security reference architecture (security blueprints) and conduct updates/enhancements
Participate in various Operational and Technology Risk governance processes Assist in identifying new areas and opportunities of technology investment for the firm
#LI-CG2
Soft Skills (Required)
Excellent communication skills: written, oral, presentation, listening
Ability to influence through factual reasoning
Time management: ability to handle multiple concurrent assessments, plan based deliverable management, strong follow up and tracking
Strong focus on delivery when presented with short timelines and increased involvement from senior management
Ability to adjust communication of technology risks vs business risks based on the audience
Security Architecture Skills
Required - In depth knowledge of application, network and platform security vulnerabilities. Ability to explain these vulnerabilities to developers
Required - Experience in conducting Information Security, IT Security, Audit assessments. Presenting the outcomes of the assessment and obtaining buy in.
Required - Strong focus on reviewing technical designs and functional requirements to identify areas of Security weakness.
Required - Knowledge of Cloud Service Providers (AWS/Google/Azure) cloud, DevOps and CI/CD
Required - The candidate must have working experience in at least three of the following application/network security domains: a. Authentication: SAML, SiteMinder, Kerberos, OpenId b. Entitlements and identity management c. Data protection, data leakage prevention and secure data transfer and storage d. App Security - validation checking, software attack methodologies e. Cryptography - encryption and hashing
Desired - Prior experience administering systems for version control (Bitbucket, Github), issue tracking (Jira), continuous integration (Jenkins, Github Actions), or release management.
Desired - Knowledge of standard network model and the risks that present at each layer, the functions of network equipment such as switches, routers, firewalls, proxies, VPNs, and load-balancers, and understanding of common network architectures.
Desired - The candidate must have working knowledge of the primary operating systems (Unix, Windows, z/OS, Mac OS), the configuration and management of that platform at an enterprise scale, the security risks to that platform, and how to mitigate those risks.
Desired - experience in testing tools, at least one of Veracode, Fortify, OunceLabs, AppScan, WebInspect, Burp Development Experience
Required - Even though the SecDesign Integrator role is not a development role, the candidate must have previous background in programming, design and application architecture.
Required - In order to be a practical SecDesign Integrator the candidate must have experience implementing complex applications in an enterprise environment.
Required - working knowledge of programming and scripting languages: Java, JavaScript, C#, C/C , Perl, Python, Ruby
Desired - In-depth knowledge of web technologies such as Web Browsers, Web Servers, Web Services Other Areas of Expertise
Frameworks, protocols and subsystems: J2EE, .NET, Spring, RPC, SOAP, MQSeries, JMS, RMI, JMX, Hibernate.
Knowledge of JSP /Servlet/EJB or ASP.NET, HTTP/HTTPS, Cookies, AJAX, JavaScript, Flex / Silverlight.
Database design and programming experience
Experience of liaising with 3rd Party Entities (exchanges, suppliers, regulators)
Experience in conducting and / or reviewing penetration tests, dynamic vulnerability assessments and static vulnerability assessments
Understanding of geographic regulations and their impact on Security assessments
Previous experience in Financial Services is preferred
CISSP or other industry qualification
Desired - experience working with global organizations Educational Requirements Bachelor's Degree (or equivalent) with minimum 5 years relevant work experience in high-paced, enterprise environment
Morgan Stanley's goal is to build and maintain a workforce that is diverse in experience and background but uniform in reflecting our standards of integrity and excellence. Consequently, our recruiting efforts reflect our desire to attract and retain the best and brightest from all talent pools. We want to be the first choice for prospective employees.
It is the policy of the Firm to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, creed, age, sex, sex stereotype, gender, gender identity or expression, transgender, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy, veteran or military service status, genetic information, or any other characteristic protected by law.
Morgan Stanley is an equal opportunity employer committed to diversifying its workforce (M/F/Disability/Vet).
#LI-CG2
Job:
* Engineering
Title:
Junior Security Architect-Security and Design Architecture
Location:
Georgia-Alpharetta
Requisition ID:
3249313