Were seeking someone to join our Application Security team as a Lead Application Security Engineer in Cyber to implement Morgan Stanley specific security controls in the CI/CD security tools including but not limited to SAST, DAST and SCA applications, enabling a significant developer community. In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. This is a Software Engineering Manager position at VP, P5 level, which is part of the job family responsible for developing and maintaining software solutions that support business needs. Morgan Stanley is an industry leader in financial services, known for mobilizing capital to help governments, corporations, institutions, and individuals around the world achieve their financial goals. Interested in joining a team thats eager to create, innovate and make an impact on the world? Read on. What You’ll Do: • Work with a team of engineers to implement Morgan Stanley specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications. • Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes. • Define the security rules that needs to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc. • With your development background and security knowledge, provide security guidance to developers in the form secure coding standards and guidelines. • Support security standards, create templates and patterns to increase the efficiency and adoption of security program. • Work with our partners to implement, manage, and optimizing security measures within our GitHub repositories and pipelines to continuously improve code security and protect against vulnerabilities. These skills will help you succeed in this role: • Bachelor’s degree with experience in the IT field • Software development experience using Python • Commercial experience in the following: o OWASP Secure Coding Practices o Common software and web application security vulnerabilities o Application security scanning tools o Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins) • Ability to analyze large datasets for reporting and analysis. • Good understanding of Java, JavaScript. Even Better If You Have • A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field • Business acumen to support the implementation of SAST, DAST, SCA, Container Security, API Security and IaC tools across the enterprise • Ability to perform code reviews with minimal assistance • A self-starter, with a strong desire for learning new technologies and applying them to solve problems • Expertise in monitoring, alerting, reporting, data analysis is desired. • Experience with two or more of the application build environments like Jenkins, Gradle, Maven. • Familiarity with public cloud services a plus • Experience with two or more of the Secure SDLC tools like Github Advanced Security, Snyk, WhiteSource, Sonatype, X-Ray, Wiz. • Experience with Threat Analysis. • Experience with DevSecOps, Secure SDLC. • DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus • Experience with evaluation, integration and onboard of application security tools is a plus We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 85 years. At our foundation are five core values — putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back — that guide our more than 80,000 employees in 1,200 offices across 42 countries.