Triage Analyst, Associate

Company Profile Morgan Stanley is a leading global financial services firm providing a wide range of investment banking, securities, investment management and wealth management services. The Firm's employees serve clients worldwide including corporations, governments, and individuals from more than 1,200 offices in 43 countries. As a market leader, the talent and passion of our people is critical to our success. Together, we share a common set of values rooted in integrity, excellence, and strong team ethic. Morgan Stanley can provide a superior foundation for building a professional career - a place for people to learn, to achieve and grow. A philosophy that balances personal lifestyles, perspectives and needs is an important part of our culture. Department Profile The mission of the Cyber Data Risk and Resilience division is to ensure the Firm manages its global businesses and serves clients on a market-leading technology platform that is resilient, safe, efficient, smart, fast, and flexible. The Security Response Team (SRT) is part of the Cyber Data Risk and Resilience division which manages the incident response capability to support day-to-day cross-enterprise event investigations and strategic input into security controls and countermeasures to proactively create better security for the Firm. The group's vision is to deliver programs that protect and enable the business, ensure secure delivery of services to clients, adjust to address the risks presented by an evolving threat landscape and meet regulatory expectations. Team Profile Morgan Stanley is looking for a Triage Analyst to join the firm's Cyber Incident Response Team Operations (CIRT Operations). The global CIRT Operations comprises of analysts providing a 24/7 coverage via a follow-the-sun model. With members in key geographical locations, the team provides a first point of contact for security related incidents within the Firm. Its members monitor the Firm's environment for abnormal behavior and potential security breaches. Triage Analysts are expected to review, triage, and investigate security alerts, and respond to or escalate security incidents. Primary Responsibilities > Investigate cyber security incidents and threats. > Interact with stakeholders and leadership teams as part of the response and remediation efforts. > Improve the detection, escalation, containment, and resolution of incidents. > Enhance existing incident response methods, tools, and processes. > Maintain knowledge of technologies and the threat landscape. > Assist non-core business hours during an emergency, critical or large-scale incident. > Candidates should have a genuine interest in cyber security and a good understanding of the tactics, techniques, and procedures of attackers. This role requires a detail oriented, critical thinker who can anticipate issues and solve problems. Candidates should be able to analyze large datasets to detect underlying patterns and drive to a root cause analysis. Required Skills

• Minimum Bachelor in Computer Science or Engineering
• Minimum 1 year experiences (or equivalent) with Security Analysis and Incident Response (i.e. working in SOC/CIRT/CSIRT/CERT).
• Sound understanding of TCP/IP and networking concepts; security alerts and incidents.
• Understand the concept of a threat across multiple technologies and think like an adversary.
• Experience with investigating different types of attacks; log analysis and reviewing security events.
• Experience applying Open-Source Intelligence (OSINT) techniques in support of investigations.
• Knowledge on Windows processes and Active Directory
• Excellent writing and presentation skills to communicate analysis findings and recommendations.
• Able to work extended working hours during incidents.
• Passion to learn and to contribute to the ongoing development of the team.

• Subject matter expert in one or multiple areas such as Windows, Unix, Endpoint Detection Response, Firewalls, Intrusion Detection, Network and Host-based Forensics.
• Scripting (Python, PowerShell), coding or other development experience.
• In-depth knowledge of security event management, network security monitoring, log collection, and correlation.
• Experience in SIEM usage or administration.
• Industry certifications: CEH, CHIF, GCIH, GNFA, GREM or other related certifications