VP , P5, Prin Cybersecurity Ops : Job Level - Vice President

Morgan Stanley

About The Position

SIEM Engineer Technology works as a strategic partner with Morgan Stanley business units and the world's leading technology companies to redefine how we do business in ever more global, complex, and dynamic financial markets. Morgan Stanley's sizeable investment in technology results in quantitative trading systems, cutting-edge modelling and simulation software, comprehensive risk and security systems, and robust client-relationship capabilities, plus the worldwide infrastructure that forms the backbone of these systems and tools. Our insights, our applications and infrastructure give a competitive edge to clients' businesses and to our own. Position Overview Cyber Response Platforms is looking for an experienced (15+ years) cyber-security professional to join their team as a local SIEM lead. Our ideal candidate has hands-on experience in computer network defence working either in a Security Operations Center or Cyber Incident Response Team. What you'll do in the role > Supervise and govern the development of analytics in Splunk (SPL) or Elastic Search (EQL) to detect actionable security alerts > Develop and fine-tune advanced detection rules, alerting mechanisms, and use cases to identify and respond to sophisticated security threats > Create comprehensive security metrics, reports, dashboards, providing detailed insights into the organization's security posture > Ensure that the SIEM solution complies with global regulatory standards and industry best practices > Mentor and guide SIEM engineers, fostering a culture of continuous learning and development within the team > Participate in the development of the organization's security strategy and contribute to its execution > Monitor and support SIEM platforms to ensure security and stability of SOC infrastructure Additional Leadership Responsibilities > Provide day-to-day leadership and oversight for the SIEM engineering team, ensuring alignment with strategic goals and operational priorities > Facilitate regular team standups, retrospectives, and planning sessions to promote transparency and accountability > Coach team members on technical and professional growth, offering constructive feedback and career development support > Champion a collaborative and inclusive team culture that encourages innovation, ownership, and continuous improvement > Identify and address skill gaps through targeted training, mentoring, and knowledge-sharing initiatives > Act as a point of escalation for technical challenges and team dynamics, resolving issues with empathy and decisiveness > Collaborate with cross-functional teams to ensure seamless integration of SIEM capabilities into broader cyber response workflows

Requirements

Minimum of 15 years of experience in cyber detection engineering or incident response
Experience in the creation and management of detection logic in SIEMs (e.g Elastic Search, Splunk, ArcSight, Microsoft Sentinel). Experience in transitioning between SIEMs.
Experience with SIEM rule tuning, correlation logic, alert de-duplication and false-positive reduction techniques
Experience developing automations in SOAR (e.g. Palo Alto XSOAR, SumoLogic, Swimlane)
Strong hands-on experience with a query language (e.g Splunk's SPL or Elastic's EQL, SQL)
Strong understanding of network security, endpoint detection and computer forensics
Strong knowledge of exploitation techniques (e.g. MITRE) and use-case development
Thorough TCP/IP and protocol experience (OSI L2-L7, DNS, HTTP, REST, SOAP)
Highly experienced with Unix/Linux command-line tools and shell scripting
Experience within the application of Indicators of Compromise (e.g. YARA rules, STIX and TAXII)
Experience with streaming data frameworks (e.g. Kafka, NiFi, Spark)
Experience with CI/CD technology (e.g Jenkins, GitLab CI, GitHub Actions)
Experience in the administration of systems (e.g. servers, desktops) or security controls (AV, Endpoint, IDS)
Intermediate experience developing scripts in Python
Strong communication, task management and organizational skills

Responsibilities

Supervise and govern the development of analytics in Splunk (SPL) or Elastic Search (EQL) to detect actionable security alerts
Develop and fine-tune advanced detection rules, alerting mechanisms, and use cases to identify and respond to sophisticated security threats
Create comprehensive security metrics, reports, dashboards, providing detailed insights into the organization's security posture
Ensure that the SIEM solution complies with global regulatory standards and industry best practices
Mentor and guide SIEM engineers, fostering a culture of continuous learning and development within the team
Participate in the development of the organization's security strategy and contribute to its execution
Monitor and support SIEM platforms to ensure security and stability of SOC infrastructure
Provide day-to-day leadership and oversight for the SIEM engineering team, ensuring alignment with strategic goals and operational priorities
Facilitate regular team standups, retrospectives, and planning sessions to promote transparency and accountability
Coach team members on technical and professional growth, offering constructive feedback and career development support
Champion a collaborative and inclusive team culture that encourages innovation, ownership, and continuous improvement
Identify and address skill gaps through targeted training, mentoring, and knowledge-sharing initiatives
Act as a point of escalation for technical challenges and team dynamics, resolving issues with empathy and decisiveness
Collaborate with cross-functional teams to ensure seamless integration of SIEM capabilities into broader cyber response workflows