Application Security Engineer, Director
Job Number: 3261442
POSTING DATE: Nov 21, 2024
PRIMARY LOCATION: Europe, Middle East, Africa-United Kingdom-United Kingdom-Glasgow
EDUCATION LEVEL: Bachelor's Degree
JOB: Technology
EMPLOYMENT TYPE: Full Time
JOB LEVEL: Director
DESCRIPTION
We're seeking someone to join our team as an Application Security Engineer in Cyber to implement Morgan Stanley specific security controls in the CI/CD security tools including but not limited to SAST, DAST and SCA applications, enabling a significant developer community.
In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities.
Interested in joining a team that’s eager to create, innovate and make an impact on the world? Read on...
What you’ll do in the role:
1. Work with a team of engineers to implement Morgan Stanley specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications.
2. Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.
3. Define the security rules that need to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc.
4. Provide security guidance to developers in the form of secure coding standards and guidelines.
5. Support security standards, create templates and patterns to increase the efficiency and adoption of security program.
6. Work with our partners to implement, manage, and optimize security measures within our GitHub repositories and pipelines to continuously improve code security and protect against vulnerabilities.
QUALIFICATIONS
What you'll bring to the role:
1. Bachelor’s degree or equivalent with knowledge of the IT field.
2. Software development knowledge using Python.
3. Commercial knowledge of the following:
* OWASP Secure Coding Practices.
* Common software and web application security vulnerabilities.
* Application security scanning tools.
* Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins).
1. Ability to analyze large datasets for reporting and analysis.
2. Good understanding of Java, JavaScript.
3. A degree or equivalent in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field.
4. Business acumen to support the implementation of SAST, DAST, SCA, Container Security, API Security and IaC tools across the enterprise.
5. Ability to perform code reviews with minimal assistance.
6. A self-starter, with a strong desire for learning new technologies and applying them to solve problems.
7. Expertise in monitoring, alerting, reporting, data analysis is desired.
8. Knowledge of two or more of the application build environments like Jenkins, Gradle, Maven.
9. Familiarity with public cloud services is a plus.
10. Knowledge of two or more of the Secure SDLC tools like Github Advanced Security, Snyk, WhiteSource, Sonatype, X-Ray, Wiz.
11. Knowledge of Threat Analysis.
12. Knowledge of DevSecOps, Secure SDLC.
13. DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc.) is a plus.
14. Knowledge of evaluation, integration and onboarding of application security tools is a plus.
What you can expect from Morgan Stanley:
We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 85 years. Our core values guide our more than 80,000 employees in 1,200 offices across 42 countries.
At Morgan Stanley, you’ll find trusted colleagues, committed mentors and a culture that values diverse perspectives, individual intellect and cross-collaboration.
We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry.
Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.
Morgan Stanley is an equal opportunities employer, providing a supportive and inclusive environment where all individuals can maximize their full potential.
#J-18808-Ljbffr