Morgan Stanley is looking for a Vulnerability manager who will be part of the Cyber Risk function within the organisation. The candidate will be joining the Vulnerability Management team as an associate working on Open-Source Software (OSS) and networking scanning vulnerabilities. Candidate needs to be comfortable escalating vulnerabilities and initiating requests for immediate remediation. Performance of daily functions will require comprehensive organizational skills, assessing mitigating controls, knowledge of code repositories (I.E. Git, Bitbucket, Sourcegraph), understanding of OSS libraries and usage and an intermediate level of Linux knowledge. About Morgan Stanley Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firms employees serve clients worldwide including corporations, governments, and individuals from more than 1,200 offices in 43 countries. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence, and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career – a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture. What will you be doing? • Candidate will monitor for new OSS CVEs, send out notifications and track remediation. • Compose Linux scripts and use commands to determine what releases are vulnerable and affected by a given library. • Create and modify SQL queries to determine project dependencies.\ • Track remediation due dates and send out follow up notifications as needed. • Assist with notifying on network scanning vulnerabilities. • Utilize Splunk to search and fulfill data requests. What we’re looking for: • 5 years of technology experience with time in a technology risk function • Strong understanding of vulnerabilities and following process and procedure • Knowledge of Linux commands and ability to script • Experience with an enterprise reporting platform (Splunk preferred) • Ability to understand and explain network scanning results to teams. • Web development knowledge a plus. • Strong organizational, communication, and professional skills