Director, Lead Cybersecurity Ops

Morgan Stanley•Baltimore, MD

3d•$140,000 - $150,000•Hybrid

About The Position

Morgan Stanley Services Group, Inc. seeks a Director, Lead Cybersecurity Ops in Baltimore, MD Analyze and Respond to security alerts from the Security Incident Event Management (SIEM) system. Conduct in-depth root cause analysis and collaborate with security engineering teams to prevent and mitigate cybersecurity incidents. Manage the queue of security events for the team and assist with a priority based assignments and trend analysis of events. Provide CIRT shift and on-call coverage for the North America region. Research cyber threat actor tactics and techniques. Create and onboard detection rules based on tooling and logging capabilities to counteract threat actors. Create playbooks and conduct continuous review of these detections for tuning and false positive reduction. Train and mentor fellow team members. Telecommuting permitted up to 2 days per week. Salary : Salary range for the position: $140,000 - $150,000 /Yr. The successful candidate may be eligible for an annual discretionary incentive compensation award. The successful candidate may be eligible to participate in the relevant business unit’s incentive compensation plan, which also may include a discretionary bonus component. Morgan Stanley offers a full spectrum of benefits, including Medical, Prescription Drug, Dental, Vision, Health Savings Account, Dependent Day Care Savings Account, Life Insurance, Disability and Other Insurance Plans, Paid Time Off (including Sick Leave consistent with state and local law, Parental Leave and 20 Vacation Days annually), 10 Paid Holidays, 401(k), and Short/Long Term Disability, in addition to other special perks reserved for our employees. Please visit mybenefits.morganstanley.com to learn more about our benefit offerings.

Requirements

Requires a Bachelor’s in Computer Engineering, Computer Science, or a related field and five (5) years of experience in the position offered or five (5) years as a Senior Manager, Manager, Information Security Engineer or a related technical occupation.
Requires five (5) years of experience with: Cyber Incident Response; Security Orchestration Automation and Response (SOAR); Network Security Monitoring; Network Traffic Analysis; Threat Hunting, Endpoint Detection and Response (EDR); Malware Analysis; Technical Writing; Incident Reporting; Vulnerability management; Open Source Intelligence (OSINT); Computer Forensics; Network Forensics; Public Cloud Security including: Microsoft Azure, Amazon Web Services (AWS), Google Compute Platform; and Technologies and tooling including: Splunk, Kubernetes, Python, AWS GuardDuty, Microsoft Defender for Office 365, Microsoft Defender XDR, Crowdstrike, Tanium, Sysmon, and Axiom.

Responsibilities

Analyze and Respond to security alerts from the Security Incident Event Management (SIEM) system.
Conduct in-depth root cause analysis and collaborate with security engineering teams to prevent and mitigate cybersecurity incidents.
Manage the queue of security events for the team and assist with a priority based assignments and trend analysis of events.
Provide CIRT shift and on-call coverage for the North America region.
Research cyber threat actor tactics and techniques.
Create and onboard detection rules based on tooling and logging capabilities to counteract threat actors.
Create playbooks and conduct continuous review of these detections for tuning and false positive reduction.
Train and mentor fellow team members.

Benefits

Medical
Prescription Drug
Dental
Vision
Health Savings Account
Dependent Day Care Savings Account
Life Insurance
Disability and Other Insurance Plans
Paid Time Off (including Sick Leave consistent with state and local law, Parental Leave and 20 Vacation Days annually)
10 Paid Holidays
401(k)
Short/Long Term Disability