Security Engineer

Your Team Responsibilities

 MSCI is building a world-class information security and IT risk program.  We are moving beyond industry best practices and charting a path towards automation and resilience.  Our cyber team has met its Board-driven obligations against the NIST cybersecurity framework, and we have achieved certifications against ISO 27001:2022, SOC1, SOC2, SOX and other control sets.  Our strategy now focuses on attack simulation to improve our defensive and detection capabilities.    

Over time, we expect the cyber and IT risk regulatory environment to increase in its complexity and rigor. We also expect that cyber threat actors will get more sophisticated.  This role will help to shape and drive our approach towards these risks, which supports the broader business growth strategy of the firm by building trust with our clients. 

This role involves working as a member of the Security Engineering team on key and strategic projects to strengthen our defensive controls. Since we are also simultaneously building new detection capabilities alongside these new defensive controls, we expect candidates to work in close collaboration with our Security Operations team – hence we highly value strong communication and teamwork.  

Successful candidates will have the opportunity to work with different businesses and other departments across MSCI. A candidate Security Engineer will work across architecture, governance, business and technology groups to advise and build security solutions to improve our posture and reduce risk to the firm and our clients.

Your Key Responsibilities

• Support the overall cyber strategy of the firm (using MITRE ATT&CK and D3FEND to improve defensive and detection controls) to address cyber threats. 

• Implement enterprise-grade controls to address cyber risks. 

• Use existing tools to identify and analyze security risks and control gaps. 

• Make recommendations to senior management on how to obtain more value from existing tools and how to reduce risk in an efficient manner. 

• Advise internal application development (DevOps) stakeholders on how to rebuild applications “from scratch”, assuming a worst-case cyber scenario. 

• Support occasional client and auditor requests for control evidence in areas where you are a subject matter expert. 

• At times, serve as an internal consultant for matters involving security engineering. 

• Create design documents, implementation guides and other relevant documentation. 

Your skills and experience that will help you excel

• Be able to constructively influence partners across the organization to accomplish tasks.  

• Be an organized and thoughtful communicator.  

• Have a focus on team building and collaboration; we do not want siloed workers. 

• Have a strong foundation of IT skills (operating systems, database, network, etc.)  

• Have experience working with software developers and familiarity with modern software development practices.  

• Have a strong grasp of the MITRE ATT&CK framework.  

• Have prior experience working in a security operations, engineering, or architecture role.  

• Be fluent in scripting languages to collect / analyze data and build reporting dashboards.  

• Hands-on experience with Linux and Windows operating systems. 

• Experience building new controls and ensuring that they are effective and sustainable. 

• Knowledge of major cloud providers and Kubernetes architectures.  

• Certifications in cloud infrastructure, cybersecurity, Linux OS are all helpful to demonstrate your knowledge. 

• At least 4 years of relevant experience. 

About MSCI

What we offer you

• Transparent compensation schemes and comprehensive employee benefits, tailored to your location, ensuring your financial security, health, and overall wellbeing.

• Flexible working arrangements, advanced technology, and collaborative workspaces.

• A culture of high performance and innovation where we experiment with new ideas and take responsibility for achieving results.

• A global network of talented colleagues, who inspire, support, and share their expertise to innovate and deliver for our clients.

• Global Orientation program to kickstart your journey, followed by access to our Learning@MSCI platform, LinkedIn Learning Pro and tailored learning opportunities for ongoing skills development.

• Multi-directional career paths that offer professional growth and development through new challenges, internal mobility and expanded roles.

• We actively nurture an environment that builds a sense of inclusion belonging and connection, including eight Employee Resource Groups. All Abilities, Asian Support Network, Black Leadership Network, Climate Action Network, Hola! MSCI, Pride & Allies, Women in Tech, and Women’s Leadership Forum.

At MSCI we are passionate about what we do, and we are inspired by our purpose – to power better investment decisions. You’ll be part of an industry-leading network of creative, curious, and entrepreneurial pioneers. This is a space where you can challenge yourself, set new standards and perform beyond expectations for yourself, our clients, and our industry.

MSCI is a leading provider of critical decision support tools and services for the global investment community. With over 50 years of expertise in research, data, and technology, we power better investment decisions by enabling clients to understand and analyze key drivers of risk and return and confidently build more effective portfolios. We create industry-leading research-enhanced solutions that clients use to gain insight into and improve transparency across the investment process.

MSCI Inc. is an equal opportunity employer. It is the policy of the firm to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, creed, age, sex, gender, gender identity, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy (including unlawful discrimination on the basis of a legally protected parental leave), veteran status, or any other characteristic protected by law. MSCI is also committed to working with and providing reasonable accommodations to individuals with disabilities. If you are an individual with a disability and would like to request a reasonable accommodation for any part of the application process, please email Disability.Assistance@msci.com and indicate the specifics of the assistance needed. Please note, this e-mail is intended only for individuals who are requesting a reasonable workplace accommodation; it is not intended for other inquiries.

To all recruitment agencies

MSCI does not accept unsolicited CVs/Resumes. Please do not forward CVs/Resumes to any MSCI employee, location, or website. MSCI is not responsible for any fees related to unsolicited CVs/Resumes.

Note on recruitment scams

We are aware of recruitment scams where fraudsters impersonating MSCI personnel may try and elicit personal information from job seekers. Read our full note on careers.msci.com