Join to apply for the Lead Application Security Engineer - VP role at Lombard Counseling and Psychological Services.
Location: Glasgow
Company Overview: Morgan Stanley is looking for a motivated Engineering lead to join the Cybersecurity department, who will be charged with enabling security controls in the CI/CD pipelines by rolling out SAST, SCA or DAST tools with a significant impact on the development community and to the security posture of the firm's applications.
This is a Software Engineering Manager position at VP, P5 level, which is part of the job family responsible for developing and maintaining software solutions that support business needs.
What You’ll Do:
* Work with a team of engineers to implement Morgan Stanley specific security policies in the CI/CD security tools including but not limited to SAST, DAST, and SCA applications.
* Work with Development, DevOps, and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.
* Define the security rules that need to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin, etc.
* Provide security guidance to developers in the form of secure coding standards and guidelines.
* Support security standards, create templates, and patterns to increase the efficiency and adoption of the security program.
* Work with partners to implement, manage, and optimize security measures within our GitHub repositories and pipelines to continuously improve code security and protect against vulnerabilities.
These Skills Will Help You Succeed In This Role:
* Bachelor's degree with 10+ years of work experience in the IT field.
* 3+ years software development experience using Python, Java, or JavaScript.
* 3+ years of cumulative experience across the following:
o OWASP Secure Coding Practices.
o Common software and web application security vulnerabilities.
o Application security scanning tools.
o Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins).
Even Better If You Have:
* A degree in Cybersecurity or CISSP/CSSLP certification or a keen desire to move to the security field.
* Business acumen to support the implementation of SAST, DAST, SCA, Container Security, API Security, and IaC tools across the enterprise.
* Ability to perform code reviews with minimal assistance.
* A self-starter, with a strong desire for learning new technologies and applying them to solve problems.
* Expertise in monitoring, alerting, reporting, and data analysis is desired.
* Experience with two or more of the application build environments like Jenkins, Gradle, Maven.
* Familiarity with public cloud services is a plus.
* Experience with two or more of the Secure SDLC tools like Github Advanced Security, Snyk, WhiteSource, Sonatype, X-Ray, Wiz.
* Experience with Threat Analysis.
* Experience with DevSecOps and Secure SDLC.
* DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc.) is a plus.
* Experience with evaluation, integration, and onboarding of application security tools is a plus.
What You Can Expect From Morgan Stanley:
We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 85 years. At our foundation are five core values putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back that guide our more than 80,000 employees in 1,200 offices across 42 countries.
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential.
Seniority level
* Executive
Employment type
* Full-time
Job function
* Information Technology
* Industries: Computer and Network Security
#J-18808-Ljbffr