We're seeking someone to join our team as a Security Architect. This role is part of a global Security Design team. The team will perform security assessments and security deep dives of a wide range of applications used within Morgan Stanley such internally developed systems and vendor platforms. The team partners with infrastructure, application and application infrastructure developers as well as Business Owners.In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. This is a Security Design Infrastructure Security Architect position at Vice President level, which is part of the job family responsible for developing and maintaining software solutions that support business needs.Since 1935, Morgan Stanley is known as a global leader in financial services, always evolving and innovating to better serve our clients and our communities in more than 40 countries around the world.
The ideal candidate will be able to identify technical control gaps through architecture assessments and hands-on security testing as well as providing detailed remediation guidance to developers. The ideal candidate will also be able to explain to Business Owners, the risk to the business introduced by the identified control gaps.

The ideal candidate will be able to technically mentor members of this team and build partnerships with developers and engineers.

The successful candidate will be responsible for the quality of the security assessments as well as the team's throughput.

This team works with all Technology divisions in Morgan Stanley and performs security assessments on a diverse technology stack, including cloud services.What you'll do in the role:

• Identify security gaps in design and infrastructure change proposals and production systems.
• Identify systems of interest, plan engagements, and work with internal clients to execute engagements.
• Conduct Deep Dive engagements participating throughout the engagement life cycle including planning, architecture analysis, security testing, and risk remediation.
• Define security guidance in collaboration with other stakeholders to minimize the risks associated with thematic issues uncovered in Deep Dive engagements.
• Develop patterns to increase the efficiency of the Security Design function.
• Define technical control requirements to remediate identified risks.
• Act as a solution architect.
• Communicate to the IT System Owners technical details on technical control gaps and provide attack scenarios relevant to risks identified.
• Communicate to developers and engineers detailed remediation guidance.
• Articulate risks introduced by technical control gaps to Business Owner.
• Act as the local escalation point for developers and management engaging with the team.
• Build and strengthen partnerships with Security Design stakeholders.
• Peer review security assessments.
  What you'll bring to the role:
• Infrastructure or Application security expertise.
• Ability to explain common application vulnerabilities and detailed remediation strategies to developers.
• Ability to explain technology risks introduced by application vulnerabilities to a system's Business Owner.
• Threat modeling experience.
• Penetration testing experience would be a plus.

Soft Skills:

• Strong interpersonal skills are critical, since the role involves working with developers and executives around the world.
• Ability to multi-task and handle multiple projects.
• Strong oral and written communication skills.
• Thirst for technical knowledge.

Development:

• Software architecture and development: the ideal candidate will have experience in designing and implementing enterprise infrastructure / applications.

Educational Requirements:

• Bachelor Degree in Computer Science, Software Engineering, or equivalent with minimum five years relevant work experience in high-paced, enterprise environment.

Additional:

• Technology background in Financial Services.
• Familiar with OWASP Top 10 Most Critical Web Application Security Risks
• CISSP certificationLI-FT1 #BPTECH

YOU CAN EXPECT FROM MORGAN STANLEY: At Morgan Stanley, we raise, manage and allocate capital for our clients – helping them reach their goals. We do it in a way that’s differentiated – and we’ve done that for 90 years.  Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work. To learn more about our offices across the globe, please copy and paste https://www.morganstanley.com/about-us/global-offices​ into your browser.Certified Persons Regulatory Requirements:

If this role is deemed a Certified role and may require the role holder to hold mandatory regulatory qualifications or the minimum qualifications to meet internal company benchmarks.

Flexible work statement
Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.