See job description for details
Morgan Stanley is a global financial services firm and a market leader in investment banking, securities, investment management and wealth management services. With offices in more than 43 countries, the people of Morgan Stanley are dedicated to providing our clients the finest thinking, products and services to help them achieve even the most challenging goals.
As a market leader, the talent and passion of our people is critical to our success. We embrace integrity, excellence, team work and giving back. Technology
The Technology division partners with our business units and leading technology companies to redefine how we do business in ever more global and dynamic financial markets.
Our sizeable investment in technology results in leading-edge tools, software, and systems. Our insights, applications, and infrastructure give a competitive edge to clients businesses and to our own.
Enterprise Technology & Services (ETS) delivers shared technology services for the Firm supporting all business applications and end users. ETS provides capabilities for all stages of the firm's software development lifecycle, enabling productive coding, functional and integration testing, application releases, and ongoing monitoring and support for over 3,000 production applications.
ETS also delivers all workplace technologies (desktop, mobile, voice, video, productivity, intranet/internet) in integrated configurations that boost the personal productivity of our employees. Application and end user services are delivered on a scalable, secure, and reliable infrastructure composed of seamlessly integrated datacentre, network, compute, cloud, storage, and database services. Position Description
We are seeking to add an experienced Web Security subject matter expert to join our Web Security Operations team in Glasgow. The team is responsible for the day-to-day operations, security, and health of Morgan Stanley's web infrastructure on which thousands of web applications run.
The specialist will act as a subject matter expert for web security, handle operational escalations from our L2 teams, respond to incident management notifications, as well as in delivering robust, effective solutions covering our internet perimeter and external content delivery network providers. Responsibilities
Qualifications: Skills required
- Provide Level 3 Operations support for a global perimeter Web proxy and Web security enterprise infrastructure.
- Maintain Web security infrastructure, providing stability by developing tools, policies, processes and procedures for the operations teams.
- Provide a secure environment, by implementing controls to manage and mitigate risks.
- Develop automated metrics reporting capabilities.
- Create, review, maintain and update documentation including Documenting & Publishing fixes in central knowledge base.
- Work with global colleagues to provide globally consistent processes and solutions.
- Investigate & Troubleshoot root causes when escalated from operations.
- Escalate and liaise with additional internal/external groups when required.
- Input into Business Continuity Planning and Practices.
- Intergration and testing, and deployment of Web Proxy technologies with leading network DLP or Malware scanning solutions.
- Collaborating with leads responsible for web and application servers, load-balancers and web authentication infrastructure
- Working with colleague subject matter experts in the wider organization who administer networks, logging, application architecture and other complementary technologies.
- Drive determination and implementation of security best practice in our web platforms and infrastructure
- Research into vendor and open source solutions in the web security space, and determination of their place in our overall solution
- Interfacing with technical contacts at external vendor providers and other internal teams to ensure a holistic solution is delivered and enhanced
- Training operations L2 personnel, application support groups in tools, technologies and procedures.
- Moderate-Advanced proxy experience required including engineering of flows via proxy and client access for troubleshooting; Bluecoat ProxySG Appliance experience preferred.
- Must know how to integrate external services with proxies via ICAP, proxy chaining, and service offloads.
- Moderate cloud security experience across at least a couple of the more cloud providers (Azure, O365, AWS, etc.)
- Excellent understanding and experience designing and implementing Web security solutions.
- Good understanding on Web Proxy infrastructure serving various application layer protocols such as HTTP/HTTPs/SOCKS/FTP/ICAP
- Scripting and Development Skills (Perl, Python or Shell).
- Moderate Linux Sys admin experience.
- Interpersonal Skills - Communication, flexibility, self-driven, team player
- Strong general networking background (Firewalls, Routing, Load Balancing, OSI Model, Packet trace and analysis, etc.)
- Good understanding of the protocols underpinning the web - TCP/IP, HTTP, SSL/TLS etc. - - Ideal candidate would be able to intelligently dissect all 7 layers of the OSI stack
- Experience working in DMZ environments with good understanding of hardware load-balancing, firewalls, multi-tiered architectures.
- Hands-on proxy knowledge; Bluecoat and Zscaler experience preferred
- Hands-on CASB design, architecture and deployment (SkyHigh, Symantec, etc.)
- Programming/Scripting languages: Python, Perl, AngularJS.
- Knowledge of Data Protection Practices (data at rest, in use, in motion, etc.) and their practical implementations.
- Practical knowledge of web malware, its propagation and mitigation strategies.
- CISSP or similar recognized cyber security qualifications.
- Experience operating in large, siloed enterprise environments.
- Project Management Skills with experience on enterprise projects.
- Web Proxy Bluecoat/ZScaler or other major web proxy competitor.
- Experience within financial services industry preferred.
Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.
** Given the continued spread of COVID-19 (coronavirus), all interviews will be conducted by phone or virtual connection to protect our candidates and employees **
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.