Skip to main contentA logo with &quat;the muse&quat; in dark blue text.

Lead Application Security Engineer, VP

AT Morgan Stanley
Morgan Stanley

Lead Application Security Engineer, VP

Glasgow, United Kingdom

We're seeking someone to join our Application Security team as a Lead Application Security Engineer in Cyber to implement Morgan Stanley specific security controls in the CI/CD security tools including but not limited to SAST, DAST and SCA applications, enabling a significant developer community.

In the Technology division, we leverage innovation to build the connections and capabilities that power our Firm, enabling our clients and colleagues to redefine markets and shape the future of our communities. This is a Software Engineering Manager position at Vice President level, which is part of the job family responsible for developing and maintaining software solutions that support business needs.

Morgan Stanley is an industry leader in financial services, known for mobilizing capital to help governments, corporations, institutions, and individuals around the world achieve their financial goals.

Want more jobs like this?

Get jobs in Glasgow, United Kingdom delivered to your inbox every week.

By signing up, you agree to our Terms of Service & Privacy Policy.


At Morgan Stanley Glasgow, we support the Firm's global Operations, Technology, Finance, Corporate, and Institutional Securities divisions. The Glasgow office, known for its excellence in process, client service & leadership, has led us to win numerous innovation and people awards. Morgan Stanley has been rooted in the Glasgow community since 2000, steadily contributing to the development of a vibrant local financial services and fintech industry. Everyone is encouraged to chart their own meaningful career and achieve goals with the support of our best-in-class training and development opportunities.

Interested in joining a team that's eager to create, innovate and make an impact on the world? Read on...

What you'll do in the role:
  • Work with a team of engineers to implement Morgan Stanley specific security policies in the CI/CD security tools including but not limited to SAST, DAST and SCA applications.
  • Work with Development, DevOps and Security teams to identify and develop automated security and compliance capabilities in support of DevOps processes.
  • Define the security rules that needs to be adhered to at a code level in web and mobile applications written in Java, React, Objective C, SWIFT, Kotlin etc.
  • With your development background and security knowledge, provide security guidance to developers in the form secure coding standards and guidelines.
  • Support security standards, create templates and patterns to increase the efficiency and adoption of security program.
  • Work with our partners to implement, manage, and optimizing security measures within our GitHub repositories and pipelines to continuously improve code security and protect against vulnerabilities.

What you'll bring to the role:
  • Bachelor's degree or equivalent with knowledge of the IT field
  • Software development knowledge using Python
    • Commercial knowledge of the following:
    • OWASP Secure Coding Practices
    • Common software and web application security vulnerabilities
    • Application security scanning tools
    • Continuous Integration/Continuous Deployment (CI/CD) processes and concepts using relevant technologies and tools (e.g., Jenkins)
  • Ability to analyze large datasets for reporting and analysis
  • Good understanding of Java, JavaScript
  • A degree or equivalent in Cybersecurity or CISSP/CSSLP certification or keen desire to move to security field
  • Business acumen to support the implementation of SAST, DAST, SCA, Container Security, API Security and IaC tools across the enterprise
  • Ability to perform code reviews with minimal assistance
  • Expertise in monitoring, alerting, reporting, data analysis is desired.
  • Knowledge of two or more of the application build environments like Jenkins, Gradle, Maven.
  • Familiarity with public cloud services a plus
  • Knowledge of two or more of the Secure SDLC tools like Github Advanced Security, Snyk, WhiteSource, Sonatype, X-Ray, Wiz.
  • Knowledge of Threat Analysis.
  • Knowledge of DevSecOps, Secure SDLC.
  • DevOps container/orchestration tools (Kubernetes, Docker, Puppet, etc) is a plus
  • Knowledge of evaluation, integration and onboard of application security tools is a plus

What you can expect from Morgan Stanley:

We are committed to maintaining the first-class service and high standard of excellence that have defined Morgan Stanley for over 85 years. At our foundation are five core values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - that guide our more than 80,000 employees in 1,200 offices across 42 countries.

At Morgan Stanley, you'll find trusted colleagues, committed mentors and a culture that values diverse perspectives, individual intellect and cross-collaboration. Our Firm is differentiated by the caliber of our diverse team, while our company culture and commitment to inclusion define our legacy and shape our future, helping to strengthen our business and bring value to clients around the world. Learn more about how we put this commitment to action: morganstanley.com/diversity

We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry.

Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.

Client-provided location(s): Glasgow, UK
Job ID: Morgan-549781521168
Employment Type: Other

Perks and Benefits

  • Health and Wellness

    • Health Insurance
    • Dental Insurance
    • Vision Insurance
    • Life Insurance
    • Short-Term Disability
    • Long-Term Disability
    • Fitness Subsidies
    • On-Site Gym
    • Pet Insurance
    • Mental Health Benefits
    • FSA
    • Virtual Fitness Classes
    • HSA
  • Parental Benefits

    • Fertility Benefits
    • Adoption Assistance Program
    • Family Support Resources
    • Return-to-Work Program
    • Birth Parent or Maternity Leave
    • Non-Birth Parent or Paternity Leave
    • Adoption Leave
  • Work Flexibility

    • Hybrid Work Opportunities
  • Office Life and Perks

    • Commuter Benefits Program
    • Company Outings
    • On-Site Cafeteria
    • Holiday Events
  • Vacation and Time Off

    • Paid Vacation
    • Paid Holidays
    • Leave of Absence
    • Volunteer Time Off
    • Personal/Sick Days
  • Financial and Retirement

    • 401(K) With Company Matching
    • Stock Purchase Program
    • Performance Bonus
    • Relocation Assistance
    • Financial Counseling
  • Professional Development

    • Tuition Reimbursement
    • Promote From Within
    • Mentor Program
    • Access to Online Courses
    • Lunch and Learns
    • Work Visa Sponsorship
    • Leadership Training Program
    • Associate or Rotational Training Program
    • Internship Program
  • Diversity and Inclusion

    • Diversity, Equity, and Inclusion Program
    • Employee Resource Groups (ERG)