Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's 55,000 employees, located in 1,200 offices across 43 countries, serve clients including corporations, governments, and individuals. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence, a strong team ethic and giving back to our communities. Morgan Stanley provides a superior foundation for building a professional career - a place for people to learn, achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.
Cyber, Data, Risk and Resilience
The Cyber, Data, Risk and Resilience (CDRR) division provides first-line defenses for information and cyber security, fraud, resilience, response and recovery, and technology risk and controls. The organization also includes Morgan Stanley’s Firmwide Data Office, International Technology offices, and the Non-Financial Risk Technology organization.
Threat Hunt and Cyber Detection
Threat Hunt and Cyber Detection (THCD) is looking for a talented individual to join our global team. The THCD mission is to seek out attacks against the Morgan Stanley network, to engineer detection strategies, and to reduce risk to Morgan Stanley assets.
The Cyber Threat Intelligence team is seeking an innovative self-starter to join our team in Singapore. CTI's Intelligence Engineer will build threat-centric analytic capabilities and automated data flows to empower CTI analysts to efficiently produce contextualized and actionable threat intelligence. The engineer will identify opportunities for efficiency in automation and develop tooling solutions that support all phases of the Intelligence Lifecycle and allow analysts to operate at scale.
The CTI Engineer will interface with diverse cybersecurity stakeholders to build and improve data processing pipelines.
Primary Duties:
- Design, develop, and improve systems for collecting, storing, processing, and analyzing raw data to produce actionable Threat Intelligence.
- Evaluate and analyze new data sources and APIs and adapt them for automating operations.
- Learn and integrate in-house analysis systems with automated workflows.
- Continuously develop and maintain CTI's Threat Intelligence Platform (TIP).
- Automate manual processes to enable CTI analysts and their efforts.
- Optimize data processing and analysis pipelines for Threat Intelligence.
- Analyze and translate complex problems and requirements into workable designs and solutions.
- Partner with other development teams and stakeholders to communicate technical specifications and identify opportunities for optimizing data analysis pipelines.
- Participate in calls and presentations to communicate technical concepts and specifications to audiences of all levels.
- Update and maintain documentation relevant to the implemented automation workflows.
- Action requests (RFIs) from partner teams that require development support (such as performing data extraction/analysis via programming/scripting).
- Provide ad-hoc support for scaling technical analysis/investigations via scripting and automated implementations.
Must Have:
- At least 1 year of experience in a Cyber Security field such as Security Operations, Threat Intelligence, DFIR etc.
- At least 1 year of experience building automation solutions using Python.
- Familiarity with threat intelligence or security-focused data analysis and/or network traffic analysis (network/endpoint log analysis, IOC analysis, malware analysis etc.).
- Other Skills:
- [Preferred] Knowledge of key cybersecurity frameworks – MITRE ATT&CK, STIX/TAXII, Diamond Model etc.
- [Preferred] Experience with software development practices such as Object-Oriented Programming (OOP) and debugging.
- [Preferred] Knowledge of modern distributed systems architecture (Kubernetes, Docker, Containerization etc.).
- [Preferred] Knowledge of vendor and open-source security research APIs.
- Excellent written and verbal communication skills, and experience working across multiple stakeholders.
- Comfortable working in a geographically distributed team setting.