Senior IAM Cloud Engineering Specialist (Hybrid)
Morgan Stanley
We offer:
• To work with some of the best professionals in the business - for a firm that values individual intellect as much as teamwork
• State-of-the-art offices that are designed to maximize collaboration
• Flexible working arrangements
• Enriching challenges that provide opportunity for constant learning and advancement
• An environment which is leveraging technology to its highest potential
Team Profile:
Technology Risk's (Tech Risk) mandate is to enable the Firm to manage its technology related risks. The department executes the first line of defense technology risk management capabilities and implements proactive, comprehensive, and consistent risk management practices across the Firm.
Tech Risk protects the Firm’s information, systems, and infrastructure from cyber and insider threats; ensures the secure and stable delivery of services to our clients; and adjusts to risks presented by an evolving threat landscape. The department delivers a range of operational capabilities, as well as suite of advanced detection, monitoring and analytics, and also provides expert advice on secure design and development and control effectiveness. Tech Risk manages responses to regulatory and client inquiries about the Firm’s technology environment and ensures Technology divisions meet governance and oversight obligations along all lines of defense, driving material and measurable risk reduction. Tech Risk maintains strategic relationships with external entities, both public and private, to facilitate information sharing and innovation in financial services, technology, and government, and is also responsible for building risk education and security awareness programs to increase vigilance across the Firm.
Position Description:
The Cloud Identity and Access Management team is responsible for enabling the public cloud to become a preferred platform across Morgan Stanley IT. This is a global, multi-discipline team responsible for architecting and delivering secure, robust, and innovative solutions which would enable the development teams to build and deploy new applications as well as migrate selected existing applications into the public cloud.
The team works with multiple public cloud providers and are presently looking for an experienced Cloud Engineering specialist familiar with various cloud concepts, services, and tools, preferably from multiple public cloud providers but primarily in the Identity and Access Management space (IAM) for Google Cloud. The candidate will be involved in multiple aspects of the team’s work, including evaluation of new cloud products and services, and integrating them into standard Morgan Stanley cloud solutions.
This position will require 24/7 on-call rotation up to once every 10 weeks (about 2 and a half months).
Primary Responsibilities:
• Providing IAM solutions for migrating or new applications in the Morgan Stanley environment across multiple Cloud providers with an emphasis on Google Cloud
• Provide IAM services for complex, multi-tier applications that are migrating to Google Cloud, including authentication and authorization (Role-based access control or i.e., RBAC)
• Selecting appropriate IAM Cloud controls for migrating applications based on given requirements
• Working in a globally distributed team to provide innovative and robust Cloud centric solutions
• Closely working with vendors to develop and deploy Cloud services to meet customer expectations
• Integrate, configure, document, and deploy compliant infrastructure and supporting services in Google Cloud
• Design, optimization and documentation of the operational aspects in Google Cloud
• Troubleshooting problems, resolving root cause, and where possible, fixing the bug(s)
• Collaborate with Risk Management to ensure necessary controls to Cloud services are deployed and tested
Skills Required:
• 5+ years experience in the industry
• Experience setting up and managing Google Cloud environments
• Strong understanding of IAM services offered in Google Cloud
• Prior experience in providing RBAC solutions for Google Cloud
• Expert knowledge of authentication protocols like SAML, OAuth, OpenID, and Kerberos
• Strong knowledge in providing Federated Identity with solutions such as PING Federate or ADFS
• Experience creating technical architecture documentation
• Strong communication and written skills
Skills Desired:
• Working knowledge of Azure Active Directory and using it as an Identity Provider (i.e., IdP) for Google Cloud
• Strong scripting and automation abilities including PowerShell and/or Python
• Prior experience with products from HashiCorp such as Terraform, Vault and Consul
• Prior experience with risk control frameworks and engagements with risk and regulatory functions
• Experience in the financial sector
About us:
Morgan Stanley is a global financial services firm and a market leader in investment banking, securities, investment management and wealth management services. At Morgan Stanley Montreal, we are shaping the future of our global business and contributing to our local community. Our team works across numerous areas.
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.
All our positions are located in Montreal, Quebec. We offer a hybrid work environment, combining remote work and attendance in the office.
Knowledge of French and English is required.
Build a career with impact. Visit morganstanley.com for more information.