Senior Cybersecurity Automation Engineer (Dir, P3)

Company Profile

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments, and individuals from more than 1,200 offices in 41 countries.

As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence, and dedicated team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives, and needs is an important part of our culture.

Department Profile

The mission of the Cyber Data Risk and Resilience division is to ensure the Firm manages its global businesses and serves clients on a market-leading technology platform that is resilient, safe, efficient, smart, fast, and flexible.

The Cyber Incident Response Team (CIRT) is part of the Cyber Data Risk and Resilience division and manages the incident response capability to support day-to-day cross-enterprise event investigations and strategic input into security controls and countermeasures to proactively create better security for the Firm. The group's vision is to deliver programs that protect and enable the business, ensure secure delivery of services to clients, adjust to address the risks presented by an evolving threat landscape, and meet regulatory expectations.

Team Profile

Morgan Stanley is seeking a Senior Cyber Automation Engineer to join the Firm's Cyber Incident Response Team (CIRT). Global CIRT is a 24/7 operation with members in key geographical locations performing incident response and remediation, campaign assessments, network and host-based forensics.

What You will do in the role:

• Develop, implement, and maintain automated playbooks and workflows in the SOAR platform to streamline SOC operations.

• Integrate the SOAR with various security tools (SIEM, EDR, Email, etc.) using APIs and custom connectors.

• Automate incident triage, investigation, and response processes to reduce manual effort and improve response times.

• Collaborate with analysts and leadership to identify automation opportunities and optimize security operations.

• Maintain up-to-date knowledge of the threat landscape, security technologies and best practices.

• Build, tune, and maintain SOC detections within the SIEM, leveraging scripting and automation to ensure accurate and efficient threat detection.

• Document automation processes, playbooks, and integrations for knowledge sharing and compliance.

What You will bring to the role:

Candidates should have a genuine interest in cyber security and a good understanding of the tactics, techniques, and procedures of attackers. This role requires a detail-oriented critical thinker who can anticipate issues and solve problems.

• 3+ years of experience in developing, implementing, and maintaining automated workflows, and playbooks with SOAR platforms.

• Advanced proficiency in scripting languages such as Python, PowerShell, and Bash for security automation and integration.

• Experience integrating SOAR platforms with various security tools (SIEM, EDR, etc.) using APIs and custom connectors.

• Ability to design, document and optimize automated processes and playbooks for SOC workflow.

• Strong understanding of security operations concepts, triage and investigation, including event management, log collection, and workflow orchestration.

• Excellent written and verbal communication skills for documenting automation processes and collaborating with SOC team members.

• Experience working in a collaborative environment to identify automation opportunities and implement solutions.

• Hands-on experience building, tuning, and maintaining SOC detections within SIEM platforms.

Desired skills:

• Hands-on experience with SOAR platform administration and customization (e.g., developing custom integrations, connectors, and modules)

• Familiarity with SIEM technologies, especially in relation to automation and orchestration.

• Possesses knowledge or experience as a member of a cyber security team, enabling the identification of key focus areas.

• Experience with security product assessments and automation of product evaluation workflows.

• Experience working with LLM models.

• Industry certifications related to automation, scripting, or SOAR platforms (e.g., GCIH, GNFA, GREM, or similar).

WHAT YOU CAN EXPECT FROM MORGAN STANLEY:

At Morgan Stanley, we raise, manage and allocate capital for our clients – helping them reach their goals. We do it in a way that’s differentiated – and we’ve done that for 90 years.  Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work.

To learn more about our offices across the globe, please copy and paste https://www.morganstanley.com/about-us/global-offices​ into your browser.

Salary range for the position $65000 to $125,000 per year. The successful candidate may be eligible for an annual discretionary incentive compensation award. The successful candidate may be eligible to participate in the relevant business unit’s incentive compensation plan, which also may include a discretionary bonus component. Morgan Stanley offers a full spectrum of benefits, including Medical, Prescription Drug, Dental, Vision, Health Savings Account, Dependent Day Care Savings Account, Life Insurance, Disability and Other Insurance Plans, Paid Time Off (including Sick Leave consistent with state and local law, Parental Leave and X Vacation Days annually), 10 Paid Holidays, 401(k), and Short/Long Term Disability, in addition to other special perks reserved for our employees. Please visit mybenefits.morganstanley.com to learn more about our benefit offerings.

Morgan Stanley is an equal opportunity employer committed to building and maintaining a workforce that is diverse in experience and background.  Our recruiting efforts reflect our strong commitment to a culture of inclusion, where individuals are hired, developed, and advanced based on their skills and talents.

Our workforce reflects a broad cross-section of the global communities in which we operate, bringing a variety of backgrounds, talents, perspectives, and experiences.

For more information, please visit: https://www.morganstanley.com/people-opportunities/eeo.