Security Analyst

6 days left

Morgan Stanley
North Lanarkshire
31 Aug 2017
28 Sep 2017
Contract Type
Full Time
Company Profile
Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments and individuals from more than 1,200 offices in 43 countries.
As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
Department Profile
The mission of the Global Technology division is to provide a highly reliable and commercial technology platform, which supports the Firm's strategy, delivered by an innovative, world-class team of professionals. There are ten divisions within Technology.
Technology & Information Risk (TIR) is part of the Global Technology and Data organization and manages operational and technology related risks on behalf of the Firm. The group's key principles are to provide proactive, comprehensive and consistent risk management, to enable the execution of the Firms strategy.
TIR's mandate is to enable the Firm to manage its technology and data related risks through implementing proactive, comprehensive and consistent risk management practices across the Firm to protect the franchise while capturing business opportunities. The TIR team partners with the business by ensuring that Technology and Data understands how to manage escalate and monitor risk.
Team Profile
Morgan Stanley is looking for a Security Analyst to join the firm's Computer Security Incident Response Team (CSIRT). Security Analysts are responsible for detecting, investigating and responding to incidents. The global CSIRT is a 24/7 operation with members in key geographical locations. Security Analysts work core hours in their region with an on-call rota for critical incidents.

Candidates should have a genuine interest in cyber security and a good understanding of the tactics, techniques and procedures of attackers. This role requires a detail oriented, critical thinker who can anticipate issues and solve problems. Experience in a similar operational environment is desirable but not essential.
Primary Responsibilities
- Investigate cyber security incidents and threats
- Interact with stakeholders and leadership teams as part of the response efforts
- Improve the detection, escalation, containment and resolution of incidents
- Enhance existing incident response methods, tools, and processes
- Maintain knowledge of technologies and the threat landscape
- Assist during non-core business hours during an emergency, critical or large-scale incident
- Responsible for incident analysis, response and extraction of IOC's.
- Responsible for analysis based on L2/3 issue identification.
- Correlate and analyse relevant events from host and network device log files
- Determine the extent of the compromise, attributes of any malware and possible data exfiltrated
- Research and incorporate relevant threat intelligence during the investigation and in written and verbal reports
- Basic malware analysis for triage purposes.
- Able to develop analytic's in Splunk or Spark/Hadoop
- Scripting skills (Python)

Skills required (essential)
- Able to develop analytic's in Splunk or Spark/Hadoop
- Scripting skills (Python)
- Experience with security products and technologies, especially related to event and incident handling (e.g., SIEM, HIDS/NIDS, AV)
- Subject matter expert in one or multiple areas such as Windows, Unix, firewalls, intrusion detection, or computer forensics
- Understand the totality of a threat across multiple technologies and think like an adversary
- Detailed technical understanding of security incidents and alerts
- Excellent writing and presentation skills are required in order to communicate findings and recommendations and provide status on ongoing investigations
- Sound understanding of TCP/IP and networking concepts
- Experience of tearing apart a piece of malware to understand attack vector and purpose
- Ability to build mitigations to defend against network based threats.

Skills desired
- Response workflow development and automation
- Industry certifications: GCIH, GREM or other related SANS certifications
- Penetration testing and/or forensics experience
- Experience of an operational environment such as a SOC or CSIRT
- Experience of incident handling

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximise their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.*LI-AM1