Web Security Specialist

Profile Description
We are seeking to add an experienced Web Security subject matter expert to join our Web Security Operations team in India. The team is responsible for the day-to-day operations, security, and health of Morgan Stanley's Proxy infrastructure on which thousands of web applications run. The specialist will act as a subject matter expert for web security, handle operational escalations from our L2 teams, respond to incident management notifications, as well as in delivering robust, effective solutions covering our internet perimeter and external content delivery network providers.

CDRR_Technology
The Cybersecurity organization's mission is to create an agile, adaptable organization with the skills and expertise needed to defend against increasingly sophisticated adversaries. This will be achieved by maintaining sound capabilities to identify and protect our assets, proactively assessing threats and vulnerabilities and detecting events, ensuring resiliency through our ability to respond to and recover from incidents and building awareness and increase vigilance while continually developing our cyber workforce.

Cyber
The Cybersecurity organization's mission is to create an agile, adaptable organization with the skills and expertise needed to defend against increasingly sophisticated adversaries. This will be achieved by maintaining sound capabilities to identify and protect our assets, proactively assessing threats and vulnerabilities and detecting events, ensuring resiliency through our ability to respond to and recover from incidents and building awareness and increase vigilance while continually developing our cyber workforce.

Morgan Stanley is an industry leader in financial services, known for mobilizing capital to help governments, corporations, institutions, and individuals around the world achieve their financial goals.

At Morgan Stanley India, we support the Firm's global businesses, with critical presence across Institutional Securities, Wealth Management, and Investment management, as well as in the Firm's infrastructure functions of Technology, Operations, Finance, Risk Management, Legal and Corporate & Enterprise Services. Morgan Stanley has been rooted in India since 1993, with campuses in both Mumbai and Bengaluru. We empower our multi-faceted and talented teams to advance their careers and make a global impact on the business. For those who show passion and grit in their work, there's ample opportunity to move across the businesses for those who show passion and grit in their work.

Interested in joining a team that's eager to create, innovate and make an impact on the world? Read on…

Responsibilities
What you'll do in the role:

Provide Level 3 Operations support for a global perimeter Web proxy and Web security enterprise infrastructure

Maintain Web security infrastructure, providing stability by developing tools, policies, processes and procedures for the operations teams

Lead projects, analyze and prioritize workload based on business risk and requirements.

Take ownership of incidents, problems, follow-up actions and manage to resolution

Plan, review production changes following firm Change Management process and procedure.

Provide Web Security consultancy services to other internal Technology teams.

Provides architecture assurance on Web Security initiatives.

Establish effective working relationships with Engineering counterparts and other stakeholders operating in the Web Security space

Provide a secure environment, by implementing controls to manage and mitigate risks.

Develop automated metrics reporting capabilities

Create, review, maintain and update documentation including Documenting & Publishing fixes in our central knowledge base

Work with global colleagues to provide globally consistent processes and solutions

Investigate & Troubleshoot root causes when escalated from operations

Escalate and liaise with additional internal/external groups when required

Input into Business Continuity Planning and Practices

Integration and testing, and deployment of Web Proxy technologies with leading network DLP or Malware scanning solutions

Collaborating with leads responsible for web and application servers, load-balancers and web authentication infrastructure

Working with colleague subject matter experts in the wider organization who administer networks, logging, application architecture and other complementary technologies

Drive determination and implementation of security best practice in our web platforms and infrastructure

Research into vendor and open source solutions in the web security space, and determination of their place in our overall solution

Interfacing with technical contacts at external vendor providers and other internal teams to ensure a holistic solution is delivered and enhanced

Followup the sun support model and able to pick up oncall roster and support over weekend

Training operations L2 personnel, application support groups in tools, technologies and procedure Skills Set

• Moderate-Advance direct experience with ZScaler Cloud Proxy technologies (SASE, SSE)

Netskope, Fortinet, ZScaler, ZPA, SSLi, Cloud DLP, Cloud Sandboxing

• Moderate-Advanced proxy experience required including engineering of flows via proxy and client access for troubleshooting; Bluecoat ProxySG Appliance experience preferred.
• Must know how to integrate external services with proxies via ICAP, proxy chaining, and service offloads.
• Moderate cloud security experience across at least a couple of the more cloud providers (Azure, O365, AWS, etc.)
• Excellent understanding and experience designing and implementing Web security solutions.
• Good understanding on Web Proxy infrastructure serving various application layer protocols such as HTTP/HTTPs/SOCKS/FTP/ICAP
• Scripting and Development Skills (Perl, Python or Shell).
• Moderate Linux Sys admin experience.
• Interpersonal Skills - Communication, flexibility, self-driven, team player
• Strong general networking background (Firewalls, Routing, Load Balancing, OSI Model, Packet trace and analysis, etc.)
• Good understanding of the protocols underpinning the web - TCP/IP, HTTP, SSL/TLS etc. - - Ideal candidate would be able to intelligently dissect all 7 layers of the OSI stack
• Experience working in DMZ environments with good understanding of hardware load-balancing, firewalls, multi-tiered architectures.
• Experience and familiar with SASE solutions, know how to troubleshoot on cloud platforms

Required Skills
What you'll bring to the role:

• Hands-on proxy knowledge; Netskope, Fortinet and Zscaler experience preferred
• Understand Network topology and protocol well and know how to trouble shoot using packet capture, e.g. wireshark
• Hands-on CASB design, architecture and deployment (SkyHigh, Symantec, etc.)
• Programming/Scripting languages: Python, Perl, AngularJS
• Knowledge of Data Protection Practices (data at rest, in use, in motion, etc.) and their practical implementations
• Practical knowledge of web malware, its propagation and mitigation strategies
• CISSP or similar recognized cyber security qualifications
• Experience operating in large, siloed enterprise environments
• Project Management Skills with experience on enterprise projects
• Web and database development skills (HTML, JavaScript, SQL, ETL)
• Web Proxy Netskope/ZScaler or other major web proxy competitor
• Experience within the financial services industry is preferred
• Experience in customer support and experience in interacting with business

What You Can Expect From Morgan Stanley
We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 89 years. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren't just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you'll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There's also ample opportunity to move about the business for those who show passion and grit in their work.

To learn more about our offices across the globe, please copy and paste into your browser.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.