Home
Jobs
Morgan Stanley
Lead Application Security Engineer - VP

Lead Application Security Engineer - VP

On site

Glasgow, United Kingdom

Full Time

26-02-2025

Share this job:

Score my CV Apply

Job Specifications

JR000996

Glasgow

Morgan Stanley is looking for a motivated Engineering lead to join the Cybersecurity department, who will be charged with enabling security controls in the CI/CD pipelines by rolling out SAST, SCA or DAST tools with a significant impact to the development community and to the security posture of firm’s applications.

In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. This is a Software Engineering Manager position at VP, P5 level, which is part of the job family responsible for developing and maintaining software solutions that support business needs.

Morgan Stanley is an industry leader in financial services, known for mobilizing capital to help governments, corporations, institutions, and individuals around the world achieve their financial goals.

Interested in joining a team that's eager to create, innovate and make an impact on the world? Read on.

What You’ll Do

Work with a team of engineers to implement Morgan Stanley specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications.
Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.
Define the security rules that needs to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc.
With your development background and security knowledge, provide security guidance to developers in the form secure coding standards and guidelines.
Support security standards, create templates and patterns to increase the efficiency and adoption of security program.
Work with our partners to implement, manage, and optimizing security measures within our GitHub repositories and pipelines to continuously improve code security and protect against vulnerabilities.

These Skills Will Help You Succeed In This Role

Bachelor’s degree with 10+ years of work experience in the IT field
3+ years software development experience using Python, Java or JavaScript
3+ years of cumulative experience across the following:
OWASP Secure Coding Practices
Common software and web application security vulnerabilities
Application security scanning tools
Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins)
Even Better If You Have

A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field
Business acumen to support the implementation of SAST, DAST, SCA, Container Security, API Security and IaC tools across the enterprise
Ability to perform code reviews with minimal assistance
A self-starter, with a strong desire for learning new technologies and applying them to solve problems
Expertise in monitoring, alerting, reporting, data analysis is desired.
Experience with two or more of the application build environments like Jenkins, Gradle, Maven.
Familiarity with public cloud services a plus
Experience with two or more of the Secure SDLC tools like Github Advanced Security, Snyk, WhiteSource, Sonatype, X-Ray, Wiz.
Experience with Threat Analysis.
Experience with DevSecOps, Secure SDLC.
DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus
Experience with evaluation, integration and onboard of application security tools is a plus

What You Can Expect From Morgan Stanley

We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 85 years. At our foundation are five core values — putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back — that guide our more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find trusted colleagues, committed mentors and a culture that values diverse perspectives, individual intellect and cross-collaboration. We Firm is differentiated by the caliber of our diverse team. While our company culture and commitment to inclusion define our legacy and shape our future, helping to strengthen our business and bring value to clients around the world. Learn more about how we put this commitment to action: morganstanley.com/diversity. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry.

We're committed to bringing passion and customer focus to the business.

Certified Persons Regulatory Requirements

If t his role is deemed a Certified role and may require the role holder to hold mandatory regulatory qualifications or the minimum qualifications to meet internal company benchmarks.

Flexible work statement

Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.

About the Company

Morgan Stanley (NYSE: MS) is a leading global financial services firm providing a wide range of investment banking, securities, wealth management and investment management services. With offices in 42 countries, our firm's employees serve clients worldwide including corporations, governments, institutions and individuals. We are committed to maintaining the first-class service and high standard of excellence that have always defined the firm and everything we do is guided by our five core values: Do the right thing, put cl... Know more

Related Jobs

Company Name: TieTalent
Job Title: Cyber Security Assurance Tester and IR Specialist
Job Description: About Six Degrees is a leading secure, integrated cloud services provider, where everyone is welcome. We believe success lies in harnessing a truly diverse and inclusive culture. Our business protects UK organisations with the goal of enabling them to operate effectively and securely in the cloud, by giving them secure platforms to innovate and grow. We support our customers on their digital transformation journey regardless of their maturity. Our vision is to be the UK’s number one provider of secure, integrated cloud services to the small to mid-size market. Our Cyber Security Assurance team are one of the most experienced and highly qualified teams of penetration testers in the UK. Also experts in forensics, the team is responsible for testing 1000’s of applications, systems, environments and devices every year. The team routinely research vulnerabilities, compile threat intelligence and assist clients in shoring-up their data security. The Internal Penetration Testing & Incident Response Specialist will be a key member of the Cyber Security Assurance team, responsible for proactively identifying, assessing, and mitigating security risks internally within the organisation. They will work under general supervision, handling both internal penetration testing activities and aiding incident response operations for both external clients as well as internal operations. The role requires a methodical and analytical approach to security testing, as well as the ability to act decisively in response to security incidents. They will act as a subject matter expert for internal penetration testing and threat response, applying appropriate tools, techniques, and methodologies in accordance with relevant standards and legislation. They will work on complex and non-routine testing scenarios, providing actionable insights to improve the organisation’s security posture. The role requires close collaboration with internal teams, supporting security investigations, incident handling, and threat mitigation efforts. The Cyber Security Assurance Tester and IR Specialist will need to have experience in running common penetration testing types and being able to manage complex incidents that may malware reversing, forensics and log analysis. You will need be certified with the following certificates such as Cyber Scheme Team Member, CREST Registered Tester, CREST (CPIA), Intrusion Analyst (CRIA), CREST Certified Incident Manager (CCIM) In the context of a broader security initiative, this role will serve as the internal component of the client-facing penetration testing team, reporting to senior management. Exceptional communication skills are crucial, as the individual will be responsible for producing clear and professional written reports, technical evaluations, and briefings for key stakeholders. Regular collaboration with internal teams will be necessary, necessitating the ability to convey technical findings in a manner that highlights their business implications. The individual will also focus on enhancing their knowledge in penetration testing, threat intelligence, and incident response, ensuring that testing methodologies and response strategies are in line with industry best practices. This position is ideal for a security professional who is proactive and adaptable, capable of integrating offensive security testing with swift responses to cyber threats within the organization. Our Benefits In return for the passion our people bring to everything they do, we want them to enjoy a range of benefits that enrich their lives. We are a Real Living Wage employer, and through our additional employee benefits we feel we’ve got something that will help everybody live their best life. We recognise the immense joy and significance of family leave for our employees, which is why Six Degrees provide an enhanced maternity and paternity leave package. We’re also keen to support people with flexible working, so everyone can have the personal time they need whilst still doing great work here at Six Degrees. We have some fantastic benefits on offer, with everyone being given Private Medical Insurance, Life Assurance, a matched pension scheme and 25 days holiday and as a happy birthday from Six Degrees, all employees get a day off for their Birthday. Throughout the business, our people have a causes and initiatives that they support and that is close to their heart. That’s why we give everyone the chance to volunteer one day year in addition to annual leave to make a difference. What is more, we also make a contribution to any additional benefits you may wish to choose. Every Six Degrees employee has instant access to private medical care is available, as well as mental health and employee wellbeing support 24/7. Whether it’s a wellness benefit, such as gym benefits, fitness programmes and genetics wellness testing to our life benefits with discounted rates on travel, critical illness and dental insurance. We also provide discounts on well-known brands, in restaurants, supermarkets, the list goes on! Our Recruitment Process At Six Degrees, we prioritise efficiency in our recruitment process, as we believe it is essential for you to connect with potential colleagues and have a positive candidate experience. Our team will thoroughly evaluate all applications, and if your qualifications align with our needs, our Talent Acquisition team will reach out to schedule a call. If all goes well, you will be invited to participate in an interview with your prospective line manager and team members, where you will discuss your suitability for the position and learn more about Six Degrees. For certain critical roles, we may conduct a second and final interview, which could include a task specific to the role. Following the completion of the assessment process, we look forward to welcoming you to the Six Degrees family Nice-to-have skills Penetration Testing City of London, England Work experience Pentester Security Analyst Languages English

London, United Kingdom

On site

Full Time

03-03-2025

Company Name: Tesco
Job Title: Principal Enterprise Security Architect
Job Description: What’s in it for you We’re all about the little helps. That’s why we make sure our Tesco colleague benefits package takes care of you – both in and out of work. Click Here to find out more! Annual bonus scheme of up to 45% of base salary Car Cash Allowance Holiday starting at 25 days plus a personal day (plus Bank holidays) Private medical insurance Retirement savings plan - save between 6% - 10% and Tesco will contribute 1.5 times this amount 26 weeks maternity and adoption leave (after 1 years’ service) at full pay, followed by 13 weeks of Statutory Maternity Pay or Statutory Adoption Pay, we also offer 6 weeks fully paid paternity leave About The Role Here at Tesco Cyber, we are seeking a highly skilled and experienced Enterprise Security Architect, who will be responsible for ensuring that all enterprise-built platforms and solutions align with our existing security framework and industry standards. This role requires a deep understanding of security principles, technologies, and best practices to protect our information assets and ensure compliance with regulatory requirements. The focus will be on collaborating with key stakeholders across various domains to enable our technology colleagues to work efficiently and manage their environments effectively. You will perform comprehensive risk assessments, develop strategies to mitigate threats, and ensure alignment with organizational security principles and best practices. You will be responsible for Design and implement robust security architectures for enterprise-wide capabilities, which our technology teams rely on regularly to operate their services and perform their day-to-day tasks efficiently, addressing identified threats and vulnerabilities. Conduct thorough risk assessments for new systems and existing environments, reviewing their designs and architectures to ensure they meet modern security requirements, identifying security risks, and recommending mitigation strategies. Influence and guide other teams to implement security solutions by collaborating across functions to integrate security principles and ensure systems align with business needs. Ensure all enterprise-built platforms align with our existing security framework and industry standards, while collaborating with other enabling and architecture teams to integrate security into all aspects of the organization's operations. Evaluate and enhance security processes to improve their efficiency and comprehensiveness. Continuously monitor and respond to emerging security trends and threats to workplace environments, virtualization technologies, and databases. Develop and maintain security architecture documentation, including policies, diagrams, and procedural guides. Act as an SME and advise on the security of the M365 platform, workplace solutions, and infrastructure control plane capabilities such as virtualization layers (VMWare). Lead and participate in internal technology initiatives to implement secure enterprise systems, ensuring alignment with security frameworks and organizational goals to enhance security posture. You will need Soft Skills Proven leadership experience as a technical individual contributor in complex organizations. Analytical mindset with a proactive approach to identifying and solving security challenges. Strong communication and interpersonal skills to articulate complex security concepts to diverse audiences. Ability to work collaboratively with cross-functional teams while managing multiple initiatives. Demonstrated curiosity and flexibility in applying knowledge and advice. Technical Skills Demonstrable experience and expertise in designing, implementing, and applying balanced controls from security frameworks such as NIST, CIS, ISO 27001, and MITRE. Expertise in security controls and best practices for cloud-based workplace environments. Proficiency in Microsoft 365 security, compliance capabilities, identity and access management, and threat protection, including Microsoft Defender, Microsoft Entra, and Microsoft Purview. Expertise with virtualization platforms, ideally on VMware security solutions, including VMware NSX, VMware Carbon Black Cloud, and Horizon. Familiarity with virtualization security best practices and endpoint security. Proficiency in securing databases (e.g., SQL, NoSQL), with a focus on encryption, authentication, and monitoring solutions. Proficiency in risk analysis, security controls management planning, and disaster recovery planning. Experience with security technologies such as firewalls, intrusion detection/prevention systems, and encryption. Qualifications & Experience Strong knowledge of security frameworks and standards (e.g., NIST, ISO 27001). Bachelor's degree in Computer Science, Information Technology, or a related field. Minimum of 10 years of experience in information security, with at least 5 years in a security architecture role. Professional certifications such as SABSA, CISSP, CISM, or TOGAF are highly desirable. Professional certifications in risk management such as CRISC are desirable.

Farringdon, United Kingdom

On site

Full Time

26-02-2025

Company Name: Telefónica Tech
Job Title: Information Security Analyst – Level 3
Job Description: Company Description Telefónica Tech is a leading provider of innovative tech services for the B2B market with a worldwide presence and strategic hubs in Spain, Brazil, UK and Germany. The company helps leading brands and organisations across the UK and Ireland unlock the power of integrated technology for all businesses, bringing together in one place a unique combination of, the best people, with the best tech and the best platforms in a simplified manner, to make a real difference to every business, every day. We have an end-to-end portfolio of market leading services and develops integrated technology solutions to accelerate tech adoption through its two core divisions of Tech Cyber security & Cloud and Tech Intelligence of Things. The company has a diverse, highly trained and globally located talent pool of over 2000 employees and serves more than 5.5m customers every day with a service reach in 175 countries. Its dynamic partner ecosystem includes over 300 cutting edge businesses, as well as strategic agreements with all market leaders. Job Description This is a full-time role for a Level 3 Information Security Analyst to join a mature managed services Cyber team who manage the security posture of critical infrastructure and services under an ISO27001 and Cyber Essentials + certified managed service environment. You will be responsible for conducting Adversary Emulation which include penetration tests as well as red-teaming exercises for health care enterprises. This is a technical, hands-on role, and the successful candidate will be responsible for showcasing how an adversary can take advantage of vulnerable systems in an organization to get initial access to enterprise assets and then move laterally to widen the impact. They will also be responsible for providing very specific guidance to mitigate these security gaps/mis-configs/vulnerabilities. The successful candidate will be responsible for conducting Adversary emulation on various enterprise environments including but not limited to On-prem Infrastructure, Cloud, Web Apps, Non-Web Apps, IOT, Mobile Apps and Devices, Scada environments, etc. Skills & Experience: Extensive experience in conducting penetration tests for Applications, IT Infrastructure Services, Cloud, IOT, Scada, Network devices, Mobile Platforms, Hardware appliances, etc. Experience in planning and executing Whitebox, Blackbox, and Greybox penetration testing. Experience in planning and executing red teaming exercises including general reconnaissance, social engineering, breach simulations etc. Experience in conducting automated as well as manual penetration tests. Experience in conducting manual config reviews for Network devices, Servers, IOT devices, Applications etc. In depth understanding for general security principles. In depth understand of how security technologies like firewalls, EDR, SIEM, TVM operate in a coherent manner, and how to avoid unnecessary alerts while executing an Adversary Emulation exercise. Excellent communication, reporting, and presentation skills. Ability to plan, prioritise, be proactive and manage own workload. Understand up-to-date security threats and common exploits. Have an open attitude to sharing knowledge and information. Excellent analytical and problem-solving skills. Desire to learn new technologies. A motivated attitude to learn and challenge comfort zone. To keep up to date with the latest security and technology developments. Desirable Cyber security certification (e.g. OSCP, CRTO, OSCE, OSWP, etc). Scripting Experience. Additional Information Must have the right to live and work in the UK or Republic of Ireland. Due to our location, access to own transport is essential. Must meet Security Clearance requirements if this is a requirement of the role and any offer would be conditional upon the successful candidate passing BPSS which includes a criminal record check. We don’t believe hiring is a tick box exercise, so if you feel that you don’t match the job description 100%, but would still be a great fit for role, please get in touch.

Belfast, United Kingdom

On site

Full Time

26-02-2025

Company Name: Ampa - Legal & Professional Services
Job Title: Information Security Engineer
Job Description: Ampa are seeking an experienced, highly skilled and motivated Information Security Engineer to join our dynamic team due to continued growth. What you will be doing: This role involves implementing, managing and monitoring our organisation's security platforms to protect against cyber threats and vulnerabilities. The ideal candidate will possess a deep understanding of network and application security, incident response, and vulnerability management. They will work as part of the Information Security team but will collaborate extensively with other IT teams, to ensure the safety and integrity of our systems and data while working within existing frameworks. Key Responsibilities Security Platform Management: Implement and maintain security solutions such as firewalls, intrusion detection/prevention systems (IDS/IPS), Network Detection and Response tools, Email Security tooling, SIEM technology, Encryption, and access control systems to protect a Windows based Hybrid Cloud Environment. Support our transformational and ongoing move to the Cloud and have extensive experience of securing supplied services (SaaS, PaaS etc). Configure and manage security appliances and software for the protection of network, servers, and data on premises and in the cloud. Develop and enforce security policies, standards, and guidelines to improve the groups security posture. Incident Management Be responsible for and report on system alerts from monitoring systems related to security and the ongoing function of tooling. Assist security teams to provide investigation into security related incidents, ensuring tooling delivers the information required. Develop New Security Systems Improve company security posture by building new systems that provide greater control or visibility for the analyst team. Work with the projects team to ensure that they are developed with security in mind and use the most appropriate technologies while aligning with the group's architectural principles. Participate in the groups Technical Design Authority meetings to present new projects and support development by other teams. Make recommendations of ways the security posture can be improved. Vulnerability Management & Risk Assessment: Help conduct regular vulnerability assessments and Security Control testing to identify weaknesses in systems and networks. Using this information to further secure the network. Perform risk assessments and help design strategies for mitigating potential security threats. Collaborate with development teams to ensure security best practices are embedded into the software development lifecycle (SDLC). Security Audits & Compliance: Help ensure compliance with industry regulations by assisting with regular security audits and reviews. Assist in preparing for external audits and assessments by ensuring appropriate documentation and reporting. Collaboration & Knowledge Sharing: Work closely with IT teams, management, and other departments to ensure that security measures are effectively integrated into all aspects of the organization. Work harmoniously with other IT teams to assure smooth implementations of changes. Keep abreast of the latest cybersecurity trends, emerging threats, and technologies to maintain a cutting-edge defence posture. What you will need: Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent work experience. Proven experience (3+ years) in cybersecurity, network security, or IT security roles. Strong knowledge of security protocols, Cryptography, and Threat Intelligence. Hands-on experience with security tools and technologies such as firewalls, SIEM (Security Information and Event Management) systems, XDR, intrusion detection/prevention systems (IDS/IPS), vulnerability scanners, and endpoint protection solutions. Proficiency with operating systems (Windows, Linux, Unix) and networking protocols (TCP/IP, DNS, HTTP, etc.). Proficiency with virtualised environments and devices. Experience with cloud security (Azure, O365 etc). Familiarity with security frameworks and standards (NIST, ISO 27001, CE+, etc.). Strong understanding of risk management and the ability to perform vulnerability assessments and penetration testing. Ability to analyse and respond to security incidents in a timely and effective manner. Preferred Skills and Qualifications Industry certifications such as SSCP, CEH, SC-200 or AZ-500 or similar. Experience with scripting or automation tools (e.g., Python, Bash, PowerShell). Familiarity with security tools like Wireshark, Qualys, Metasploit, etc. Knowledge of DevSecOps principles and practices. Experience in secure coding practices and application security. Ability to communicate technical issues to non-technical stakeholders. Personal Attributes Strong problem-solving and analytical skills. Attention to detail with the ability to prioritise tasks effectively. Excellent written and verbal communication skills. Ability to work under pressure and in high-stress situations. Strong team player with the ability to collaborate effectively across departments. Self-motivated with a passion for continuous learning in the cybersecurity field. Benefits, Agile Working and Additional information We embrace agile working and offer a blended approach to where and how we work. We appreciate that people have different needs and preferences and we’re keen to be flexible, after all, we value what you do, not where you do it. We have the following hubs across the UK: Birmingham, Bristol, Leicester, Lincoln, London, Milton Keynes, Nottingham, Solihull, Stratford upon Avon, Sheffield and in the South; Crawley, East Grinstead, Lewes, Brighton, Eastbourne, Seaford, Peacehaven, Storrington, Chichester & Southampton as well as our Scotland office located in Edinburgh. Additional information Want to find more about our amazing benefits ? ------------------------------------------------------------------- Please be aware, for some vacancies, where we receive high numbers of applications we may need to bring the close date forward. Due to the nature of the work undertaken, confirmation of employment will be subject to a variety of checks which will be carried out once an offer of employment is accepted. Details of the checks can be found here. Equal opportunities Ampa Group is a committed equal opportunities employer. We seek to attract, develop and retain talented people from a diverse range of backgrounds and cultures. We value and respect individuality and encourage a culture within our business where people can be themselves and be valued for their strengths and experiences. Everyone who either applies to or works for the firm is treated equally, regardless of their gender, age, ethnic origin, nationality, marital status, sexual orientation or religious beliefs. About Ampa Group Welcome to Ampa - a leading group of legal and professional services brands, home to leading legal services firms such Shakespeare Martineau, Lime S...