Job Description

In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities.

This is a Cyber Security Engineering position at VP which is part of the job family responsible for providing specialist cyber expertise and creating solutions that protect the organization's systems and networks against actual and potential security threats and vulnerabilities.

Morgan Stanley Since 1935, Morgan Stanley is known as a global leader in financial services, continuously evolving and innovating to better serve our clients and our communities in more than 40 countries around the world.

What you will do

• Lead the design and implementation of deploy-time security controls for cloud services across Azure, AWS, and GCP, using OPA (Rego) and Regula

• Translate firm-wide configuration baseline requirements into enforceable policy-as-code controls integrated directly into Terraform workflows and CI/CD pipelines

• Own end-to-end control implementation lifecycle: requirement interpretation, policy authoring, testing, optimization, and deployment within engineering pipelines.

• Establish and maintain reusable policy libraries and modules to ensure consistency and scalability of controls across services and environments.

• Provide deep technical expertise in Terraform, infrastructure-as-code- patterns, and pipeline orchestration, ensuring secure and efficient deployments.

• Define and implement testing strategies for policy validation, including unit and integration testing.

• Identify gaps where requirements cannot be enforced at deploy-time and propose compensating controls or alternative enforcement points.

• Contribute to the evolution of a unified control framework, enabling consistent control logic across deploy-time and runtime evaluation points

• Contribute to cloud security strategy and standards.

• Lead and develop a team of engineers responsible for deploy-time control implementation, setting technical direction and ensuring high-quality delivery

• Provide hands-on mentorship and coaching in OPA/Rego, Regula, Terraform, and secure pipeline design.

• Manage performance, provide actionable feedback, and support career development for team members

• Foster a high-accountability, low-friction operating model, reducing handoffs and accelerating baseline delivery.

What you will bring

• 7+ years of hands-on experience in cloud security engineering, with a strong focus on infrastructure-as-code and deployment pipelines.

• Bachelor's degree in computer science, Information Security, or a related field, or equivalent experience.

• Proven experience designing and implementing policy-as-code controls using OPA (Rego) and/or Regular in production environments.

• Deep hands-on expertise with Terraform, including module design, state management, and secure configuration patterns.

• Strong experience integrating security controls into CI/CD pipelines, including gating and enforcement mechanisms.

• Demonstrated ability to translate security requirements into automated, testable, and enforceable controls at deploy-time.

• Solid understanding of cloud security architectures across AWS, Azure, and/or GCP, including IM, networking, and data protection controls.

• Experience implementing control validation and testing strategies, including policy unit testing, pipeline validation, and drift detection.

• Familiarity with CSPM platforms and the ability to align deploy-time controls with runtime detection and compliance models.

• Strong understanding of modern threat models, attack paths, and misconfigurations risks in cloud environments, and how to mitigate them through preventive controls.

• Experience building and maintaining reusable policy libraries and shared control frameworks at enterprise scale.

• Proven experience leading a team of engineers, including task prioritization, delivery oversight, and technical direction setting

• Demonstrated ability to mentor and develop engineers, particularly in policy-as-code, Terraform, and secure pipeline practices.

• Experience establishing code quality standards, review processes, and engineering best practices for IaC and policy development.

• Strong stakeholder management skills, with the ability to partner effectively with platform engineering, security architecture, and application teams.

• Ability to communicate complex technical concepts clearly to both engineering audiences and senior leadership.

What you can expect from Morgan Stanley

At Morgan Stanley, we raise, manage and allocate capital for our clients – helping them reach their goals. We do it in a way that’s differentiated – and we’ve done that for 90 years. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work To learn more about our offices across the globe,

please copy and paste https://www.morganstanley.com/about-us/global-offices into your browser.

WHAT YOU CAN EXPECT FROM MORGAN STANLEY:

At Morgan Stanley, we raise, manage and allocate capital for our clients – helping them reach their goals. We do it in a way that’s differentiated – and we’ve done that for 90 years. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren’t just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you’ll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There’s also ample opportunity to move about the business for those who show passion and grit in their work.

To learn more about our offices across the globe, please copy and paste https://www.morganstanley.com/about-us/global-offices​ into your browser.

Morgan Stanley is an equal opportunity employer committed to building and maintaining a workforce that is diverse in experience and background. Our recruiting efforts reflect our strong commitment to a culture of inclusion, where individuals are hired, developed, and advanced based on their skills and talents.

Our workforce reflects a broad cross-section of the global communities in which we operate, bringing a variety of backgrounds, talents, perspectives, and experiences.

For more information, please visithttps://www.morganstanley.com/people-opportunities/eeo