Web Security Lead Engineer
- New York, NY, USA
- Permanent, Full time
- Morgan Stanley USA
- 21 Oct 18
Web Security Lead Engineer
A Web, Antimalware and Cloud Security Engineering Manager is required to work in the Web Security Engineering team, which engineers, integrates and hosts web infrastructure on which thousands of web applications delivered to both internal and external clients run. This manager will serve as a subject matter expert and advisor on a wide variety of Cloud, Web and Antimalware Security topics, manage staff and control budget for all the products in their portfolio. They will be expected to collaborate with other Directors, Managers and Engineers in the wider organization who own a wide variety of disparate technologies, including networks, logging, application architecture and other complementary technologies
Manage geographically disparate staff across multiple time zones. This includes setting project priorities, mentoring, and employee lifecycle functions such as annual performance reviews
Manage the product portfolio that is owned by this position, which includes an array of proxies, Network Intrusion Detection Devices, Network Antivirus devices, etc. This would include annual budgeting reviews, vendor relationship management and internal product lifecycle tracking
Represent the Web and Antimalware Engineering teams during times of escalation during high-visibility production outages as necessary
Advice and partner with the business to determine business risk for various scenarios and how to best remediate them.
Attest to the state of the security controls to external entities (Audit, Risk & Regulatory, etc.) Occasionally serve as product advisors to the business when interfacing with various government regulators.
* Must have deep knowledge of the HTTP protocol stack (including SSL), proxies and how they interact
* Must have strong networking knowledge, including being able to intelligently discuss various strategies around transit, filtering and how to best route information across multiple disparate networks.
* Must be a subject matter expert in the fields of Cloud & Web Security and can recommend industry best practices to securing browsing infrastructure.
* Must have experience managing staff, ideally in different timezones.
* Must have advanced understanding of a variety of antimalware controls such as NIDS, Behavioural Anomaly Detection, Shadow IT, Sandboxing, etc
* Light to moderate Linux Experience; must know at least standard userland roles and tasks
* Expert knowledge of web security concepts and cyber attack vectors covering network through application layers
NEED TO HAVE
* Profoundly deep web security knowledge; must be able to intimately understand and describe what happens ?under the hood? when a user browses a website.
* Must understand security implications of web configurations and environments and be able to speak as an authority about Web Security Architecture.
* Must have a ?Defense in Depth? mindset, able to articulate how a threat can make its way from a webserver to a desktop, what infrastructure the flow would traverse and what strategies and technologies could be implemented to mitigate against it.
* API understanding, documentation and programmatic manipulation for large Cloud providers
* Must have operational experience with proxy infrastructures
* Knowledge of Data Protection Practices (Data At Rest, In Use, In Motion, etc) and their practical implementations
NICE TO HAVE
* Be able to translate risk/legal/regulatory language into discrete technical requirements.
* Cloud security architecture knowledge and experience
* Splunk knowledge is an advantage
* Programming/Scripting languages: Python, Ruby, Angular JS
* Experience working with DevOps/Agile teams
* Bluecoat/Symantec Proxy and AV suites