Vulnerability Mitigation Specialist (Hybrid)

Morgan Stanley•Montreal, QC

1d•Hybrid

About The Position

We’re seeking someone to join our team as a Vulnerability Mitigation Specialist to identify, validate, and mitigate vulnerabilities across systems, with a focus on reducing false positives in vulnerability scans. You’ll bring an offensive security mindset and work collaboratively with technology teams to support effective remediation and mitigation efforts. In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. This is a Cyber Security Engineering III position at Director level, which is part of the job family responsible for providing specialist cyber expertise and creating solutions that protect the organization's systems and networks against actual and potential security threats and vulnerabilities. Since 1935, Morgan Stanley is known as a global leader in financial services, always evolving and innovating to better serve our clients and our communities in more than 40 countries around the world. Interested in joining a team that’s eager to create, innovate and make an impact on the world? Read on…

Requirements

Deep understanding of the concept of a threat across multiple technologies and strong offensive security mindset.
At least 4 years of experience in highly technical offensive security role such as penetration testing.
At least 4 years substantive experience with two or more of the following over the course of career: Performing security assessment or penetration tests against IaaS and PaaS solutions with a focus on AWS and Microsoft Azure.
Developing embedded script payloads (VBA Macros, Javascript) tailored to evade endpoint and file-based security controls.
Developing shellcode payloads.
Developing exploits or exploit techniques.
Identifying and exploiting web stacks via SQLi, XSS, and CSRF techniques.
Performing RESTful web services penetration testing.
Performing API security assessments.
Maintaining attack simulation and C2 infrastructure.
Executing security assessments against financial technology systems and infrastructure.
Understanding of modern Windows internals or Linux internals.
Proficient in using vulnerability scanning tools (e.g., Qualys, Tenable).
Hands-on experience managing vulnerabilities in large-scale environments.
In-depth understanding of system architecture, patch management, and configuration management.
Excellent writing and presentation skills are required in order to communicate findings and recommendations.
Knowledge of French and English is required.

Nice To Haves

Scripting (Python, BASH, Perl, or PowerShell), coding or other development experience.
Experience in Splunk usage or administration.
Knowledge on OWASP Top 10 and MITRE ATT&CK.
Professional experience on cyber security teams in the financial industry highly desired.
Knowledge of how Blue Teams implement SOAR technologies and response automation.
Offensive Security Certifications (OSCP, OSCE, OSWE).

Responsibilities

Review vulnerabilities identified through automated scanning capabilities for validation and proposed mitigations.
Provide recommendations and implement solutions to address any identified vulnerabilities or weaknesses.
Perform validation testing to ascertain effectiveness of any applied mitigations.
Maintain knowledge of technologies and the threat landscape.
Assist during non-core business hours during an emergency, critical or large-scale incident.

Benefits

Ample opportunity to move across the businesses for those who show passion and grit in their work.
Ample opportunity to move about the business for those who show passion and grit in their work.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume