Cyber Incident Response Team Triage Analyst

Cyber Incident Response Team Triage Analyst

Posted 2 weeks ago by Morgan Stanley

Apply
Negotiable
Undetermined
Onsite
Glasgow, Scotland, United Kingdom
Apply
Active Directory Banking Bash (Scripting Language) Cloud Computing Cloud Technology Cyber Incident Response Cyber Security Financial Services Global Financial Services Input/Output Intrusion Detection And Prevention Investment Banking Investment Management Investments Log Analysis Management Microsoft Windows Network Packet Network Security Open Source Development Open Source Intelligence Perl (Programming Language) Root Cause Analysis Scheduling Securities (Finance) Security Analysis Software Coding Stakeholder Management TCP/IP Unix Wealth Management Windows PowerShell Workflows

Summary: The Cyber Incident Response Team Triage Analyst role at Morgan Stanley involves monitoring and investigating security incidents as part of a global 24/7 operation. The analyst will engage with stakeholders to enhance incident response processes and ensure the security of the firm's technology platform. This position requires mandatory holiday and weekend shifts, reflecting the critical nature of the role in maintaining cybersecurity resilience. Candidates should possess a strong interest in cybersecurity and relevant technical skills to effectively analyze and respond to threats.

Key Responsibilities:

  • Monitor and triage security events.
  • Investigate cyber security incidents and threats.
  • Interact with stakeholders and leadership teams as part of the response and remediation efforts.
  • Improve the detection, escalation, containment, and resolution of incidents.
  • Enhance existing incident response methods, tools, and processes.
  • Maintain knowledge of technologies and the threat landscape.
  • Support emergency, critical, or large-scale incidents during non-core business hours as required.

Key Skills:

  • Understanding of the end-to-end workflow of a threat across multiple technologies.
  • Sound understanding of TCP/IP and networking concepts, security alerts, and incidents.
  • Excellent writing and presentation skills.
  • Experience with investigating common types of attacks, network packet analysis, log analysis, and reviewing security events.
  • Experience in applying Open-Source Intelligence (OSINT) techniques.
  • Knowledge of Windows processes and Active Directory.
  • Able to work extended hours during incidents.
  • 1+ years experience with Security Analysis and Incident Response.
  • Subject matter expert in areas such as Windows, Unix, firewalls, and forensics.
  • Scripting or coding experience (Python, BASH, Perl, or PowerShell).
  • In-depth knowledge of security event management and network security monitoring.
  • Splunk usage or administration experience.
  • Security Orchestration and Automated Response (SOAR) experience.
  • Industry certifications: GCIH, GNFA, GREM, or related certifications.
  • Financial industry experience.
  • Foundational Cloud Security knowledge.
  • OWASP Top 10 Knowledge.

Salary (Rate): undetermined

City: Glasgow

Country: United Kingdom

Working Arrangements: on-site

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Cyber Incident Response Team Triage Analyst Contract Glasgow based - 3 days in the office with occasional weekend work

About Morgan Stanley

Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence, and strong team ethic. We can provide a superior foundation for building a professional career – a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture.

What will you be doing?

The mission of the Cyber Data Risk and Resilience division is to ensure the Firm manages its global businesses and serves clients on a market-leading technology platform that is resilient, safe, efficient, smart, fast, and flexible. The Security Response Team (SRT) is part of the Cyber Data Risk and Resilience division and manages the incident response capability to support day-to-day cross-enterprise event investigations and strategic input into security controls and countermeasures to proactively create better security for the Firm. The group's vision is to deliver programs that protect and enable the business, ensure secure delivery of services to clients, adjust to address the risks presented by an evolving threat landscape, and meet regulatory expectations.

Morgan Stanley is seeking a Triage Analyst (TA) to join the Firm's Cyber Incident Response Team (CIRT). The global CIRT is a 24/7 operation with members in key geographical locations providing a first point of contact for security related incidents within the Firm. Its members monitor the Firm's environment for abnormal behavior and potential security breaches. TAs review, triage, and investigate security alerts, and respond to or escalate security incidents. TAs provide 24/7 coverage via a follow-the-sun model.

Primary Responsibilities: (Important) Holiday and weekend shifts are mandatory. Schedule to be adjusted during the week to accommodate this requirement.

  • Monitor and triage security events.
  • Investigate cyber security incidents and threats.
  • Interact with stakeholders and leadership teams as part of the response and remediation efforts.
  • Improve the detection, escalation, containment, and resolution of incidents.
  • Enhance existing incident response methods, tools, and processes.
  • Maintain knowledge of technologies and the threat landscape.
  • During non-core business hours support emergency, critical, or large-scale incidents as required.

Skills that will help you in the role:

Candidates should have a genuine interest in cyber security and a good understanding of the tactics, techniques, and procedures of attackers. This role requires a detail oriented, critical thinker who can anticipate issues, and solve problems. Candidates should be able to analyze large datasets to detect underlying patterns and drive to a root cause analysis.

Required Skills:

  • Understand the end-to-end workflow of a threat across multiple technologies.
  • Sound understanding of TCP/IP and networking concepts, security alerts, and incidents.
  • Excellent writing and presentation skills are required to communicate findings and recommendations.
  • Experience with investigating common types of attacks, network packet analysis, log analysis, and reviewing security events.
  • Experience in applying Open-Source Intelligence (OSINT) techniques in support of investigations.
  • Knowledge of Windows processes and Active Directory.
  • Able to work on extended working hours during incidents.

Desired skills:

  • 1+ years experience (or equivalent) with Security Analysis and Incident Response (i.e., working in SOC/CIRT/CSIRT/CERT).
  • Subject matter expert in one or more areas such as Windows, Unix, firewalls, intrusion detection, network- and host-based forensics.
  • Scripting (Python, BASH, Perl, or PowerShell), coding, or other development experience.
  • In-depth knowledge of security event management, network security monitoring, log collection, and correlation.
  • Splunk usage or administration experience.
  • Security Orchestration and Automated Response (SOAR) experience.
  • Industry certifications: GCIH, GNFA, GREM, or other related certifications.
  • Financial industry experience.
  • Foundational Cloud Security knowledge.
  • OWASP Top 10 Knowledge.
Apply
Similar Jobs
Loading data...