Networking and Information Security Associate - Vulnerability Management

  • Competitive
  • Baltimore, MD, USA Baltimore MD US
  • Permanent, Full time
  • Morgan Stanley USA
  • 24 Apr 18 2018-04-24

Networking and Information Security Associate - Vulnerability Management

Company Profile
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.

As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

Technology works as a strategic partner with Morgan Stanley business units and the world's leading technology companies to redefine how we do business in ever more global, complex, and dynamic financial markets. Morgan Stanley's sizeable investment in technology results in quantitative trading systems, cutting-edge modelling and simulation software, comprehensive risk and security systems, and robust client-relationship capabilities, plus the worldwide infrastructure that forms the backbone of these systems and tools. Our insights, our applications and infrastructure give a competitive edge to clients' businesses-and to our own.


- Continues assessment of Critical vulnerabilities
- Perform a deep technical analysis of vulnerabilities and associated exploits
- Create a detail technical report concerning vulnerabilities along with PoC code.
- Share vulnerability intelligence with other security teams including threat intelligence, security operations and risk management
- Be able to successfully partner with other security teams to assess potential impact from vulnerabilities
- Determine and suggest mitigating controls
- Stay on top of the vulnerability landscape and be up-to-date on current attacks or potential attacks
- Review and analyze vulnerabilities in order to determine and understand the nature of the threat
- Evaluate, rate and perform risk assessments
- Prioritizing vulnerabilities discovered along with remediation timeline(s)
- Send and receive notifications to the SMEs of vulnerabilities within the environment
- Interaction with multiple global teams (cyber analytics , hunt, security architecture, penetration testing, application development, Risk Officers, etc)
- Maintain knowledge of the threat landscape
- Provide reporting and analysis and follow up
- Provide vulnerability analysis and produce reports for management
- Participate collecting, assessing, and cataloging threat indicators


Skill Required:

- 3-5+ years' experience in vulnerability management or related cyber security field
- Knowledge of application, network and operating system security
- Understanding the concepts of exploitations
- Knowledge with exploitation mitigation techniques ( DEP, ASLR , stack cookies)
- Strong experience analyzing exploits related to commonly exploited software
- Experience with vulnerability and patch assessment
- Good understanding of Windows and Linux OS and patching
- Knowledge of vulnerability scoring systems (CVSS/CMSS)
- Strong familiarity with common vulnerability & exploit tracking/collaboration circles
- Understanding the concepts of exploitations
- Understanding network protocols
- Ability to use a scripting language (Python, Perl, Ruby, etc.)
- Ability to learn new technologies
- Excellent writing and presentation skills are required in order to communicate findings and status
- Cleary communicate priorities and escalation points/procedures to other team members
- Detail oriented, organized, methodical, follow up skills with an analytical thought process

Skill Desired:

- Relevant experience involving WinDbg ,OllyDbg and IDA Pro
- Experience with one or more assembly languages (x86, x64, ARM, MIPS, PowerPC, etc.)
- Familiarity with fuzzers
- Ability to analyze network protocols throughout all layers of the network stack
- Dynamic scans, static scans and penetration testing
- Experience with Splunk for Enterprise security
- Security architecture experience a plus
- Project management experience
- Innovative and efficiency focused