Morgan Stanley
Company Profile
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, wealth management and investment management services. With offices in more than 41 countries, the Firm's employees serve clients worldwide including corporations, governments, institutions and individuals. For further information about Morgan Stanley, please visit www.morganstanley.com.
Cyber Data Risk & Resilience
The mission of Cyber Data Risk & Resilience (CDRR) is to deliver first-line defenses to manage risks to Firm technology, information and cyber threats through risk identification, control management and assurance. This allows the business to operate and grow in a secure and legally compliant manner. Our vision is to deliver Programs that protect and enable the business, ensure secure delivery of services to our clients, adjust to address the risks presented by an evolving threat landscape, meet regulatory expectations, and offer highly attractive career opportunities.
Job Profile
Cloud Security Engineers are responsible for developing, deploying, and managing security solutions to secure public cloud offerings of providers such as Amazon Web Services (AWS), Azure, or Google Cloud Platform (GCP) to help enterprise application teams migrate applications to the cloud. Work with E*TRADE's Enterprise Security team to update existing security policies, standards, and controls to identify and close any gaps and to assist in ensuring the security and compliance of the environments.
Help Leadership develop cloud security engineering strategy to deliver against organizational goals and objectives.
Ensure executional engineering excellence and compliance to E*TRADE's policies, standards, and controls.
Support application teams deploy secure solutions to the Cloud. Conducting cloud security analysis of prospective applications migrating to Cloud platforms/environments based on NIST's Cyber Security Framework and NIST 800-53 r4. This can include all types of Cloud platforms (SaaS, PaaS, and IaaS).
Serve as Subject Matter Experts to internal business and technology teams on range of compliance standards as influenced by regulatory mandates (e. g. GLBA, SOX 404, HIPAA, etc.) and industry best practices (e. g. NIST CSF, ISO 27001, ITIL, COSO, COBIT, etc.)
Work closely with product and platform teams to engineer and implement cloud security controls.
Plan, implement, upgrade and monitor security measures related to computer networks and software testing and validation procedures, programming and documentation (AWS, Azure, GCP, Application Security, Vulnerability Management, Machine Learning)
Assist Architecture with the design of solutions for API Security, Container Security, and Cloud Infrastructure Security.
Performing Cloud Security Assessments of Cloud platforms/environments using industry standard frameworks such as CSA, SOX, COBIT, and NIST.
Operating and maintaining security platforms hosted in the cloud and delivering on organizations operational and engineering excellence goals.
Coach, mentor, and train team members as appropriate to assist them with their professional success.
Provide internal technical security training to existing E*TRADE personnel as needed.
Participate in cross-functional teams to align cloud security objectives with Enterprise.
Previous experience performing hands-on engineering function in the cloud space implementing NIST and/or COBIT control frameworks.
Primary Skills
The Cloud Security Engineer should haveAt least 4 years' relevant experience would generally be expected to find the skills required for this role in the following skills:
Full-stack knowledge of IT infrastructure:
Applications
Databases
Operating systems - Windows, Unix and Linux
Kubernetes SME
IP networks - WAN and LAN
Google Cloud Engineering Experience'
Fundamental Cyber Security Knowledge
At least 5+ years of experience/working knowledge of IT service management (e.g., ITIL-related disciplines):
Change management
Configuration management
Asset management
Incident management
Problem management
Good to have Skills
To ensure that security-related matters are adequately conveyed, the following business skills are necessary:
Communication skills
Project management skills
Intricate Cloud Security Knowledge
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.