This is an opportunity for a highly motivated individual to join a high energy team of security administrators responsible for managing Morgan Stanley’s global security infrastructure
The diversity of IT Security products & technologies under management provides for a learning experience that will satisfy even the ones the most eager to learn.
The position is fast paced, dynamic, challenging where a varied combination of technical skills and soft skills allows for the development of a well-rounded individual/professional.
This position is to be part of a global team reporting to the Security Operations Manager in HK.
- Level 3 operational support and administration of Network Security Products & Services like Firewalls, Internet Proxies, Malware Protection, Intrusion Detection Systems, Network Access Control, etc.
- Deployment and Administration of network security systems like Juniper & Fortinet Firewalls, Cisco ISE, TrustWave M86, FireEye, BlueCoat Proxy, Lancope, etc.
- Security policy administration
- Systems, network and application troubleshooting
The non-technical aspects of the position include:
- Coordinating and leading the response of technology problems and incidents
- Customer service. Including off hour coverage via cell phone/pager (oncall system, ~every 8 weeks)
- Creation/supplementation of Operational Runbooks
- Aligning global strategies with regional needs and demands
- Training teammates
- Interacting with service members of the networking, systems, e-business and PC support groups in major metropolitan regions across the globe.
- Strong knowledge and experience with network security (e.g., configuring firewalls, configuring Internet proxies, deploying and managing antimalware systems and related network security monitoring & management platforms like Lancope, RedSeal, Tufin).
- Strong knowledge and experience with firewall enterprise management suites e.g. Juniper NSM, Juniper SPACE, Fortigate e.g. manage 400+ firewalls.
- Experience with Bluecoat Management Center.
- Strong knowledge of packet filtering, stateful packet inspection and the differences between them
- Strong knowledge of fundamental networking/distributed computing environment concepts e.g. routing, switching, VLANs, VPNS, NIS, NFS.
- Intermediate to advanced understanding of packet capture and analysis using snoop, tcpdump and Ethereal or similar tools.
- Experience with host security (e.g., passwords, uids/gids, SIDs, file permissions, ACLs, filesystem integrity, use of security packages, IPTables).
- Familiarity with incident response techniques, intrusion prevention systems, information security methodologies, authentication protocols and different IT Security threat mechanisms.
- Active interest in IT Security and general knowledge of Information Security
- Excellent written and oral communication skills. Fluent English is required
- Strong interpersonal and communication skills; capable of writing documentation, training users in complex topics, making presentations to an internal audience, and interacting positively with upper management, colleagues and customers.
- Independent problem-solving, highly motivated and self-directing
- Comfortable working in an operations and support team with heavy end user interaction
- Ability to handle constantly changing flow of traffic; remain productive during slow times, be able to multitask effectively during busy times, exercise patience and professionalism during stressful situations.
Having skills and experience in the areas below is a major plus and will help the candidate integrate with the team and environment:
- Experience with any of the following firewall platforms: Juniper Netscreen & SRX, Palo Alto.
- Understanding of routing protocols (BGP, OSPF, RIP, etc)
- Experience with Linux system administration (Red Hat Enterprise Linux)
- Experience with any of the following load balancing devices: F5 BIG-IP, A10
- Experience with any of the following systems management and monitoring: Micromuse Netcool, Empire Sysedge, SNMP
- Experience using intrusion detection/prevention solutions
- Experience with network security risk and compliance tools like RedSeal, Tufin, Skybox.
- Experience with NBAD (Network Behavior Anomaly Detection) tools like Lancope.
- Experience in customer support and experience in interacting with business
Five to ten years of network security administration experience in an environment of more than 100 servers, with more than 100 users and more than 1 operating system (i.e. Solaris and Linux, Solaris and Windows, Linux and Windows or other combinations); preferably in the Financial Services sector.