Senior Web Security Engineer

In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. This is a Lead Cybersecurity Engineering position at Vice President level, which is part of the job family responsible for providing specialist cyber expertise and creating solutions that protect the organization's systems and networks against actual and potential security threats and vulnerabilities.

Since 1935, Morgan Stanley is known as a global leader in financial services, always evolving and innovating to better serve our clients and our communities in more than 40 countries around the world.

We are seeking to add an experienced Web Security / Network Security subject matter expert to join our Web Security Operations. The team is responsible for the day-to-day operations, security, and health of Morgan Stanley's Web Proxy infrastructure on which thousands of web applications run.

The specialist will act as an SME for web security, handle operational escalations from our L2 teams, respond to incident management notifications, as well as in delivering robust, effective solutions covering our internet perimeter and external content delivery network providers.

• Provide Level 3 Operations support for a global perimeter Web proxy and Web security enterprise infrastructure

• Maintain Web security infrastructure, providing stability by developing tools, policies, processes and procedures for the operations teams

• Lead projects, analyze and prioritize workload based on business risk and requirements.

• Take ownership of incidents, problems, follow-up actions and manage to resolution

• Plan, review production changes following firm Change Management process and procedure.

• Provide Web Security consultancy services to other internal Technology teams.

• Provides architecture assurance on Web Security initiatives.

• Establish effective working relationships with Engineering counterparts and other stakeholders operating in the Web Security space

• Provide a secure environment, by implementing controls to manage and mitigate risks.

• Develop automated metrics reporting capabilities

• Create, review, maintain and update documentation including Documenting & Publishing fixes in our central knowledge base

• Work with global colleagues to provide globally consistent processes and solutions

• Investigate & Troubleshoot root causes when escalated from operations

• Escalate and liaise with additional internal/external groups when required

• Input into Business Continuity Planning and Practices

• Integration and testing, and deployment of Web Proxy technologies with leading network DLP or Malware scanning solutions

• Collaborating with leads responsible for web and application servers, load-balancers and web authentication infrastructure

• Working with colleague subject matter experts in the wider organization who administer networks, logging, application architecture and other complementary technologies

• Drive determination and implementation of security best practice in our web platforms and infrastructure

• Research into vendor and open-source solutions in the web security space, and determination of their place in our overall solution

• Interfacing with technical contacts at external vendor providers and other internal teams to ensure a holistic solution is delivered and enhanced

• Training operations L2 personnel, application support groups in tools, technologies and procedures

• Moderate-Advance direct experience with Proxy technologies

• Netskope, Bluecoat, Fortinet, Palo Alto, ZScaler, ZPA, SSLi, Cloud DLP, Cloud Sandboxing

• Moderate-Advanced proxy experience required including engineering of flows via proxy and client access for troubleshooting;
  Netskope, Bluecoat Proxy
  
  SG Appliance, Netskope or Zscaler experience preferred.

• Must know how to integrate external services with proxies via ICAP, proxy chaining, and service offloads.

• Moderate cloud security experience across at least a couple of the more cloud providers (Azure, O365, AWS, etc.)

• Excellent understanding and experience designing and implementing Web security solutions.

• Good understanding on Web Proxy infrastructure serving various application layer protocols such as HTTP/HTTPs/SOCKS/FTP/ICAP

• Scripting and Development Skills (Perl, Python or Shell).

• Moderate Linux Sys admin experience.

• Interpersonal Skills - Communication, flexibility, self-driven, team player

• Strong general networking background (Firewalls, Routing, Load Balancing, OSI Model, Packet trace and analysis, etc.)

• Good understanding of the protocols underpinning the web - TCP/IP, HTTP, SSL/TLS etc.

• Ideal candidate would be able to intelligently dissect all 7 layers of the OSI stack

• Experience working in DMZ environments with good understanding of hardware load-balancing, firewalls, multi-tiered architectures.

• Experience implementing or maintaining monitoring for network security infrastructure

• 7+ years of relevant…