Vulnerability Management Security Specialist 3115669

  • Company:
    Morgan Stanley
  • Location:
  • Salary:
    negotiable / monthly
  • Job type:
    Full-Time
  • Posted:
    2 days ago
  • Category:
    IT & Software

Company Profile Morgan Stanley is a global financial services firm and a market leader in investment banking, securities, investment management and wealth management services. With offices in more than 43 countries, the people of Morgan Stanley are dedicated to providing our clients the finest thinking, products and services to help them achieve even the most challenging goals. As a market leader, the talent and passion of our people is critical to our success. We embrace integrity, excellence, team work and giving back. Technology The Technology division partners with our business units and leading technology companies to redefine how we do business in ever more global and dynamic financial markets. Our sizeable investment in technology results in leading-edge tools, software, and systems. Our insights, applications, and infrastructure give a competitive edge to clients’ businesses—and to our own. Enterprise Technology & Risk (ETR) is comprised of five primary areas: – Core Infrastructure (CI) manages the infrastructure technology solutions to support the Firm’s daily operations, enable our businesses to expand to new markets, offer new client products, and comply with evolving regulations. – End User Technology (EUT) delivers core communication, collaboration and productivity tools across the Firm, including desktop and mobile devices, remote computing solutions, and multimedia services. – Quality Assurance & Production Management (QAPM) provides production management, quality assurance, and end user services for Institutional Securities and Support Services. QAPM also manages the Enterprise Command Center, Enterprise Systems Management, and Technology Disaster Recovery services. – Technology & Information Risk (TIR) delivers first-line defenses to manage risks to Firm technology. TIR oversees programs that protect and enable the business, ensure secure delivery of services to our clients, address the risks presented by an evolving threat landscape, and meet regulatory expectations. – Technology Business Development (TechBD) manages the Firm’s strategic relationships with external technology companies. Position Description: Vulnerability Assessment Team review, assesses and rate vulnerability in daily basis while working closely with the subject matter experts to remediate the issue. The team is responsible for reducing the firm risk by making sure that vulnerabilities are remediated on timely fashion. Responsibilities: -Management of daily assessment of vulnerabilities that are applicable to the firm -Evaluate, rate and perform risk assessments on assets -Prioritizing vulnerabilities discovered along with remediation timeline(s) -Manage notifications to the SMEs regarding vulnerabilities within the environment -Coordinate with cross-functional teams (security architecture, penetration testing, application development, Risk Officers, etc) -Maintain knowledge of the threat landscape -Provide reporting and analysis and follow up -Provide vulnerability analysis and produce reports for management -Participate collecting, assessing, and cataloging threat indicators -Participate actively in Knowledge sharing activities Company Profile Morgan Stanley is a global financial services firm and a market leader in investment banking, securities, investment management and wealth management services. With offices in more than 43 countries, the people of Morgan Stanley are dedicated to providing our clients the finest thinking, products and services to help them achieve even the most challenging goals. As a market leader, the talent and passion of our people is critical to our success. We embrace integrity, excellence, team work and giving back. Technology The Technology division partners with our business units and leading technology companies to redefine how we do business in ever more global and dynamic financial markets. Our sizeable investment in technology results in leading-edge tools, software, and systems. Our insights, applications, and infrastructure give a competitive edge to clients’ businesses—and to our own. Enterprise Technology & Risk (ETR) is comprised of five primary areas: – Core Infrastructure (CI) manages the infrastructure technology solutions to support the Firm’s daily operations, enable our businesses to expand to new markets, offer new client products, and comply with evolving regulations. – End User Technology (EUT) delivers core communication, collaboration and productivity tools across the Firm, including desktop and mobile devices, remote computing solutions, and multimedia services. – Quality Assurance & Production Management (QAPM) provides production management, quality assurance, and end user services for Institutional Securities and Support Services. QAPM also manages the Enterprise Command Center, Enterprise Systems Management, and Technology Disaster Recovery services. – Technology & Information Risk (TIR) delivers first-line defenses to manage risks to Firm technology. TIR oversees programs that protect and enable the business, ensure secure delivery of services to our clients, address the risks presented by an evolving threat landscape, and meet regulatory expectations. – Technology Business Development (TechBD) manages the Firm’s strategic relationships with external technology companies. Position Description: Vulnerability Assessment Team review, assesses and rate vulnerability in daily basis while working closely with the subject matter experts to remediate the issue. The team is responsible for reducing the firm risk by making sure that vulnerabilities are remediated on timely fashion. Responsibilities: -Management of daily assessment of vulnerabilities that are applicable to the firm -Evaluate, rate and perform risk assessments on assets -Prioritizing vulnerabilities discovered along with remediation timeline(s) -Manage notifications to the SMEs regarding vulnerabilities within the environment -Coordinate with cross-functional teams (security architecture, penetration testing, application development, Risk Officers, etc) -Maintain knowledge of the threat landscape -Provide reporting and analysis and follow up -Provide vulnerability analysis and produce reports for management -Participate collecting, assessing, and cataloging threat indicators -Participate actively in Knowledge sharing activities Skill Required: -7 + years’ experience in vulnerability management or related cyber security field -Knowledge of application, network and operating system security -Experience with vulnerability and patch assessment -Good understanding of Windows and Linux patching -Knowledge of vulnerability scoring systems (CVSS/CMSS) -Experience on vulnerability scanning tools -Ability to learn new technologies -Excellent writing and presentation skills are required in order to communicate findings and status -Cleary communicate priorities and escalation points/procedures to other team members -Detail oriented, organized, methodical, follow up skills with an analytical thought process Skill Desired: -Security architecture experience a plus -Hands-on experience with different technologies. (Windows, Linux, Load Balancer). -Shows a propensity to learn and understand quickly. -Hands-on knowledge on load balancer -Project management experience -Innovative and efficiency focused -Splunk is a nice to have. Knowledge of French and Englishis required. Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Skill Required: -7 + years’ experience in vulnerability management or related cyber security field -Knowledge of application, network and operating system security -Experience with vulnerability and patch assessment -Good understanding of Windows and Linux patching -Knowledge of vulnerability scoring systems (CVSS/CMSS) -Experience on vulnerability scanning tools -Ability to learn new technologies -Excellent writing and presentation skills are required in order to communicate findings and status -Cleary communicate priorities and escalation points/procedures to other team members -Detail oriented, organized, methodical, follow up skills with an analytical thought process Skill Desired: -Security architecture experience a plus -Hands-on experience with different technologies. (Windows, Linux, Load Balancer). -Shows a propensity to learn and understand quickly. -Hands-on knowledge on load balancer -Project management experience -Innovative and efficiency focused -Splunk is a nice to have. Knowledge of French and Englishis required. Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential.