This job has expired, please see additional jobs below
Head of Cyber Security Red Team Operations - Executive Director
Morgan Stanley
New York, NY, United States
Job Details - this job has expired, please see similar jobs below
Description
Company Profile
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
Technology
Technology works as a strategic partner with Morgan Stanley business units and the world's leading technology companies to redefine how we do business in ever more global, complex, and dynamic financial markets. Morgan Stanley's sizeable investment in technology results in quantitative trading systems, cutting-edge modelling and simulation software, comprehensive risk and security systems, and robust client-relationship capabilities, plus the worldwide infrastructure that forms the backbone of these systems and tools. Our insights, our applications and infrastructure give a competitive edge to clients' businesses—and to our own.
Morgan Stanley seeks a Head of Cyber Security Red Team Operations to establish and lead the firm’s efforts in adopting a system-wide view of threat-driven risks and applying them to the testing of systems and services that the firm delivers. The focus of the team will be to determine where vulnerabilities may exist within the people, processes and technology that enable the firm and then partner with system and service owners to assist in remediation and mitigation activities and the development of defensive controls. The successful candidate will have a proven track record of leading advanced network exploitation operations and application penetration tests, delivering technical leadership for an offensive security team and executing tactical, offensive assessments. Principle duties include:
• Lead red team capabilities for Morgan Stanley, to include building out a long-term strategy and approach for applying offensive strategies and methods to its assurance testing programs
• Develop the program and methodology that shapes how Morgan Stanley approaches this space, to include defining the rules and parameters for ethical hacking of systems, software and networks to identify and mitigate potential vulnerabilities
• Perform scoped and open-ended assessments on internal and external facing systems
• Perform threat and vulnerability research to identify new ways of achieving the program’s mission and act as a source for innovation within the cybersecurity program
Qualifications
Requirements:
• Bachelor’s degree or equivalent in Computer Engineering, Computer Science or a related field of study and at least 7 years of progressively responsible experience performing network and application security assessments and Cyber Red Team operations.
• Prior experience should include: performing application and network penetration tests, vulnerability assessments, infrastructure security reviews for web applications and their supporting network infrastructure and red team assessments that have tested security processes and controls.
• Work collaboratively with a variety of internal and external stakeholders (security consultants, project managers, service managers, development teams, technical SME’s, vendors) to deliver high quality assessments.
• Strong understanding of and experience with:
◦ Networking fundamentals (all OSI layers, protocols, etc.)
◦ Windows/Linux/Unix operating systems
◦ Operating system and software vulnerabilities and exploitation techniques
◦ Web application vulnerabilities and exploitation techniques
◦ Malware packing, obfuscation, persistence, exfiltration techniques
◦ Security technologies such as Firewalls, IDS/IPS, Web Proxies and DLP amongst others
◦ Commercial or open-source offensive security tools for reconnaissance, scanning, exploitation and post-exploitation (e.g. Nmap, Nessus, Metasploit, Burp Suite, etc.)
◦ Developing in house tools / scripts to improve delivery and facilitate testing operations
• Demonstrated leader with team-oriented interpersonal skills, with the ability to interface effectively upper management, IT leadership and technology vendors.
• Ability to collaborate and build positive relationships across multiple stakeholders
• Agile thinking and analysis that leads to win-win and innovative solutions
• Strong written and verbal communication skills.
• Calmness and clarity of thought under pressure and ability to maintain confidentiality.
• Ability to prepare and present project ideas and proposals to senior management
• Understanding of financial sector, or other large organization, security and IT infrastructures