Security Architect

The ideal candidate will have strong institutional knowledge, deep technical application security experience, penetration testing, as well as management experience.

This role is part of a global Security Design team. The team will perform security assessments and security deep dives of a wide range of applications used within Morgan Stanley such internally developed systems and vendor platforms. The team partners with application and application infrastructure developers as well as business owners.

The ideal candidate will be able to identify technical control gaps through architecture assessments and hands-on security testing as well as providing detailed remediation guidance to developers. The ideal candidate will also be able to explain to business owners, the risk to the business introduced by the identified control gaps.

The ideal candidate will be able to technically mentor members of this team and build partnerships with developers and engineers.

The successful candidate will be responsible for the quality of the security assessments as well as the team's throughput.

This team works with all Technology divisions and all lines of businesses within Morgan Stanley.

This team will perform security assessments on a very diverse technology stack: i.e. from agentic AI systems and foundational models to internet facing web applications, internal thick clients, iOS and Android applications.

Specific role responsibilities include:
> Threat model emerging technologies related to Generative AI such as Retrieval Augmented Generation, Agent Orchestration, and others
> Define security guidance in collaboration with other stakeholders to minimize the risks associated with these emerging technologies
> Develop patterns to increase the efficiency of the Security Design function
> Identify potential risk in existing platforms and applications with a high risk potential
> Conduct Deep Dive engagements participating throughout the engagement life cycle including planning, architecture analysis, security testing, and risk remediation
> Identify technical control gaps and review security requirements set to remediate identified risks.
> Provide technical security training to the team.
> Ensure that the quality of the security assessments is consistent and meets the objectives.
> Ensure that the throughput of the team meets the objectives.
> Provide architectural and implementation guidance to ensure developers follow security best practices.
> Communicate to the IT System Owners technical details on technical control gaps and provide attack scenarios relevant to the risks identified.
> Communicate to the IT System Owner detailed remediation guidance.
> Articulate risks introduced by technical control gaps to the application's Business Owner.
> Act as the local escalation point for developers and management engaging with the team.
> Peer review security assessments. Security Experience

> Application security expertise.
> Ability to explain common application vulnerabilities and detailed remediation strategies to developers.
> Ability to explain technology risks introduced by application vulnerabilities to a system's Business Owner.
> Ability to provide security training to developers.
> Penetration testing experience would be a plus.


Soft Skills:

> Strong interpersonal skills are critical, since the role involves working with developers and executives around the world.
> Ability to multi-task and handle multiple projects.
> Strong oral and written communication skills.
> Thirst for technical knowledge.

Development

> The ideal candidate will have experience in designing and implementing enterprise applications.
> The ideal candidate will have experience with several practical programming languages and technologies such as Python, Java, MCP/A2A protocols, etc.

Educational Requirements

Bachelor Degree in Computer Science, Software Engineering, or equivalent with minimum five years relevant work experience in high-paced, enterprise environment.

Additional
> Technology background in Financial Services.
> N-Tier application design and implementation, particularly web-based applications that cross company boundaries.
> Programming experience.
> Track record of executing and leading penetration tests.
> Track record of providing security training to developers.

WHAT YOU CAN EXPECT FROM MORGAN STANLEY:

We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 89 years. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work.

To learn more about our offices across the globe, please copy and paste https://www.morganstanley.com/about-us/global-offices​ into your browser.

Certified Persons Regulatory Requirements:
If this role is deemed a Certified role and may require the role holder to hold mandatory regulatory qualifications or the minimum qualifications to meet internal company benchmarks.

Flexible work statement
Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.