Security Design Infrastructure Security Architect

About Morgan Stanley

Since 1935, Morgan Stanley has been known as a global leader in financial services, consistently evolving and innovating to better serve clients and communities in over 40 countries. In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities.

At Morgan Stanley, we raise, manage and allocate capital for our clients – helping them reach their goals. We do it in a way that’s differentiated – and we’ve done that for 90 years. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work.

The Opportunity: Security Design Infrastructure Security Architect

We're seeking someone to join our global Security Design team as a Security Design Infrastructure Security Architect. This role involves performing security assessments and deep dives on a wide range of applications, including internally developed systems and vendor platforms used within Morgan Stanley. You will partner with infrastructure, application, and application infrastructure developers, as well as Business Owners.

The ideal candidate will excel at identifying technical control gaps through architecture assessments and hands-on security testing. You will provide detailed remediation guidance to developers and effectively explain the business risks introduced by identified control gaps to Business Owners. Additionally, you will technically mentor team members and foster strong partnerships with developers and engineers. The successful candidate will be responsible for the quality and throughput of the team's security assessments. This team collaborates with all Technology divisions and performs assessments on a diverse technology stack, including cloud services.

What You'll Do In The Role

• Identify security gaps in design and infrastructure change proposals and production systems.
• Identify systems of interest, plan engagements, and work with internal clients to execute engagements.
• Conduct Deep Dive engagements, participating throughout the engagement life cycle including planning, architecture analysis, security testing, and risk remediation.
• Define security guidance in collaboration with other stakeholders to minimize risks associated with thematic issues.
• Develop patterns to increase the efficiency of the Security Design function.
• Define technical control requirements to remediate identified risks.
• Act as a solution architect.
• Communicate to IT System Owners technical details on control gaps and provide relevant attack scenarios.
• Communicate detailed remediation guidance to developers and engineers.
• Articulate risks introduced by technical control gaps to Business Owners.
• Act as the local escalation point for developers and management engaging with the team.
• Build and strengthen partnerships with Security Design stakeholders.
• Peer review security assessments.

What You'll Bring To The Role

• Infrastructure or Application security expertise.
• Ability to explain common application vulnerabilities and detailed remediation strategies to developers.
• Ability to explain technology risks introduced by application vulnerabilities to a system's Business Owner.
• Threat modeling experience.
• Penetration testing experience would be a plus.

Soft Skills

• Strong interpersonal skills, critical for working with developers and executives globally.
• Ability to multi-task and handle multiple projects.
• Strong oral and written communication skills.
• Thirst for technical knowledge.

Development & Education

• Software architecture and development: Experience in designing and implementing enterprise infrastructure/applications.
• Educational Requirements: Bachelor Degree in Computer Science, Software Engineering, or equivalent with minimum five years relevant work experience in a high-paced, enterprise environment.

Additional Qualifications

• Technology background in Financial Services.
• Familiar with OWASP Top 10 Most Critical Web Application Security Risks.
• CISSP certification.

Flexible Work & Inclusion

Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.

Key skills/competency

• Security Architecture
• Infrastructure Security
• Application Security
• Threat Modeling
• Risk Remediation
• Security Assessments
• Cloud Security
• OWASP Top 10
• CISSP
• Penetration Testing