Cyber Incident Response Team (CIRT) Triage Analyst, Associate/Director (Assistant VP)

We’re seeking someone to join our Cyber Incident Response Team (CIRT) as a Triage Analyst in Cyber to provide a first point of contact for security related incidents within the Firm. Monitor the Firm's environment for abnormal behavior and potential security breaches. Triage Analysts are expected to review, triage, and investigate security alerts, and respond to or scale security incidents.

• Investigate cyber security incidents and threats to identify root causes, assess impact, and recommend remediation actions.
• Collaborate with stakeholders and leadership teams during incident response and remediation efforts, ensuring clear communication and timely updates.
• Improve detection, escalation, containment, and resolution processes to strengthen the organization’s incident response capabilities.
• Enhance existing incident response methods, tools, and workflows by identifying gaps and implementing best practices.
• Maintain up-to-date knowledge of technologies and evolving threat landscapes to anticipate and mitigate emerging risks.
• Provide support during non-core business hours in the event of emergencies, critical incidents, or large-scale security events.

• Min. 2 years of experience (or equivalent) with Security Analysis and Incident Response (i.e. working in SOC/CIRT/CSIRT/CERT).
• Scripting (Python, PowerShell), coding or other development experience to assist in automation.
• Understand the concept of a threat across multiple technologies and think like an adversary.
• Knowledge of TCP/IP protocols and core networking principles, with strong understanding of email flow and endpoint behavior. Skilled in interpreting security alerts and investigating incidents.
• Hands‑on experience in investigating diverse cyberattacks, performing detailed log analysis, and reviewing security events to identify threats and support incident response.
• Good understanding of Windows operating system processes and Active Directory architecture, including user and group management, authentication, and policy enforcement.
• Experience in applying OSINT techniques to identify, collect, and interpret publicly available data for investigative purposes.
• Excellent writing and presentation skills to communicate analysis findings and recommendations.
• Flexibility to work extended hours or on‑call during critical incidents and high‑severity security events.
• Proactive attitude toward continuous learning and actively contributes to team development and knowledge sharing.
• Subject matter expert in one or multiple areas such as Windows, Unix, Endpoint Detection Response, Firewalls, Intrusion Detection, Network and Host‑based Forensics will be good to have.
• Demonstrated interest in leveraging Artificial Intelligence (AI) and Generative AI tools to enhance operational efficiency, streamline workflows, and improve decision‑making processes will be good to have.

Morgan Stanley is a global leader in financial services, offering a broad range of investment banking, securities, wealth management, and asset management services. We are committed to diversity, inclusion, and giving back, and we provide a comprehensive benefits package to support our employees and their families.

Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential.