Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead a team to enhance security in CI/CD pipelines using SAST, DAST, and SCA tools.
- Company: Join Morgan Stanley, a leader in financial services, shaping the future of global markets.
- Benefits: Enjoy a dynamic work environment with opportunities for innovation and professional growth.
- Why this job: Make a significant impact on application security while collaborating with talented engineers.
- Qualifications: 10+ years in IT, with 3+ years in software development and security practices.
- Other info: Ideal for self-starters eager to learn and apply new technologies in a fast-paced setting.
The predicted salary is between 54000 - 84000 £ per year.
Lead Application Security Engineer – VP
JR000996
Glasgow
Morgan Stanley is looking for a motivated Engineering lead to join the Cybersecurity department, who will be charged with enabling security controls in the CI/CD pipelines by rolling out SAST, SCA or DAST tools with a significant impact to the development community and to the security posture of firm’s applications.
In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. This is a Software Engineering Manager position at VP, P5 level, which is part of the job family responsible for developing and maintaining software solutions that support business needs.
Morgan Stanley is an industry leader in financial services, known for mobilizing capital to help governments, corporations, institutions, and individuals around the world achieve their financial goals.
What You’ll Do:
- Work with a team of engineers to implement Morgan Stanley specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications.
- Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.
- Define the security rules that need to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc.
- With your development background and security knowledge, provide security guidance to developers in the form of secure coding standards and guidelines.
- Support security standards, create templates and patterns to increase the efficiency and adoption of security program.
- Work with our partners to implement, manage, and optimize security measures within our GitHub repositories and pipelines to continuously improve code security and protect against vulnerabilities.
These skills will help you succeed in this role:
- Bachelor’s degree with 10+ years of work experience in the IT field
- 3+ years software development experience using Python, Java or JavaScript
- 3+ years of cumulative experience across the following:
- OWASP Secure Coding Practices
- Common software and web application security vulnerabilities
- Application security scanning tools
- Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins)
Even Better If You Have:
- A degree in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field
- Business acumen to support the implementation of SAST, DAST, SCA, Container Security, API Security and IaC tools across the enterprise
- Ability to perform code reviews with minimal assistance
- A self-starter, with a strong desire for learning new technologies and applying them to solve problems
- Expertise in monitoring, alerting, reporting, data analysis is desired.
- Experience with two or more of the application build environments like Jenkins, Gradle, Maven.
- Familiarity with public cloud services a plus
- Experience with two or more of the Secure SDLC tools like Github Advanced Security, Snyk, WhiteSource, Sonatype, X-Ray, Wiz.
- Experience with Threat Analysis.
- Experience with DevSecOps, Secure SDLC.
- DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus
- Experience with evaluation, integration and onboarding of application security tools is a plus
#J-18808-Ljbffr
Lead Application Security Engineer - VP employer: Morgan Stanley
Contact Detail:
Morgan Stanley Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Lead Application Security Engineer - VP
✨Tip Number 1
Familiarize yourself with the specific security tools mentioned in the job description, such as SAST, DAST, and SCA. Understanding how these tools integrate into CI/CD pipelines will give you a significant edge during discussions with the hiring team.
✨Tip Number 2
Showcase your experience with secure coding practices and application security vulnerabilities. Be prepared to discuss real-world examples where you've implemented security measures in software development, as this will demonstrate your hands-on expertise.
✨Tip Number 3
Highlight any experience you have with DevOps processes and tools like Jenkins, Gradle, or Maven. Being able to articulate how you've worked within these environments will show that you're well-versed in the integration of security within development workflows.
✨Tip Number 4
Prepare to discuss your approach to collaboration with cross-functional teams, especially Development and DevOps. Emphasizing your ability to work effectively with diverse teams to implement security policies will be crucial for this leadership role.
We think you need these skills to ace Lead Application Security Engineer - VP
Some tips for your application 🫡
Understand the Role: Make sure you fully understand the responsibilities and requirements of the Lead Application Security Engineer position. Familiarize yourself with terms like SAST, DAST, and CI/CD processes to demonstrate your knowledge in your application.
Tailor Your CV: Customize your CV to highlight relevant experience in software development, security practices, and any specific tools mentioned in the job description. Emphasize your leadership skills and experience in managing teams or projects.
Craft a Strong Cover Letter: Write a compelling cover letter that connects your background in software engineering and cybersecurity to the role. Mention specific experiences where you've implemented security measures or worked with CI/CD pipelines.
Showcase Your Technical Skills: In your application, clearly outline your technical skills related to programming languages (like Python, Java, or JavaScript) and any experience with application security tools. This will help you stand out as a qualified candidate.
How to prepare for a job interview at Morgan Stanley
✨Showcase Your Technical Expertise
Be prepared to discuss your experience with SAST, DAST, and SCA tools in detail. Highlight specific projects where you implemented these security measures and the impact they had on the development process.
✨Demonstrate Your Leadership Skills
As a Lead Application Security Engineer, you'll need to show that you can guide and mentor other engineers. Share examples of how you've led teams or initiatives in the past, particularly in implementing security policies within CI/CD pipelines.
✨Understand the Business Context
Morgan Stanley is a financial services leader, so it's crucial to understand how application security fits into their business model. Be ready to discuss how security measures can support business goals and enhance client trust.
✨Prepare for Technical Questions
Expect technical questions related to secure coding practices and common vulnerabilities. Brush up on OWASP guidelines and be ready to explain how you would approach code reviews and security assessments.
