Web Application Security Specialist, Dir, P3

About The Position

Requirements

• At least 4 years' relevant experience in a similar role.
• Web Network Security, with a focus on Web Application Firewalls/Controls, and their role in layered Defense in Depth
• Experience with Akamai or equivalent platform(s): Radware, Imperva, Shape Security, CloudFlare, etc
• Experience with onboarding web services into WAF (Akamai, Shape, etc) platforms and the lifecycle of monitor to mitigation modes
• Ability to process information, translate into plans and present summaries to stakeholders.
• Experienced understanding of business line and discipline.
• Strong analytical and problem solving skills, detail oriented, and well organized
• Ability to cultivate strong relationships with application owners, demonstrated written and verbal communication skills
• Periodically assist with vulnerabilities discovered via these platforms
• Work with relevant teams to implement best web security practices and assist with enhancing the Firm's security posture. Strong collaboration skills across multiple teams will be required.
• Understanding of ITIL processes

Responsibilities

• Contribute to the function through complex project tasks and initiatives.
• Interact regularly with team members and occasionally leadership on a range of topics.
• Work with and guide global tech functions to onboard internet facing web apps to WAF.
• Review logs, implement tuning, web blocking etc. for onboarded applications.
• Mapping of IP addresses / FQDNs to services and applications (BA)
• Liaising with service owners and / or associated teams to gather relevant application data for WAF migration purposes (BA)
• Analyzing web behavior and performance to establish acceptable application thresholds (SME)
• Performing policy tuning in accordance with performance baseline (SME)
• Transitioning WAF from transparent to enforcement mode (SME)
• Data cleansing and validation
• Participate in proof of concepts for new security capabilities.
• Change management: Prepare, document, implement and verify changes including communicate changes to end-users and other impacted parties.
• Incident, Problem management: Conduct Root Cause Analysis (RCA), respond to incidents and participate in postmortem analysis.
• Participate in on-call rotation.

Benefits

• Morgan Stanley offers a full spectrum of benefits, including Medical, Prescription Drug, Dental, Vision, Health Savings Account, Dependent Day Care Savings Account, Life Insurance, Disability and Other Insurance Plans, Paid Time Off (including Sick Leave consistent with state and local law, Parental Leave and X Vacation Days annually), 10 Paid Holidays, 401(k), and Short/Long Term Disability, in addition to other special perks reserved for our employees. Please visit mybenefits.morganstanley.com to learn more about our benefit offerings.