We are looking for a Penetration tester at MSCI!

The organization has strengthened its application defense by implementing secure coding practices, managing third-party dependencies, enhancing container security, and improving CI/CD pipeline controls. These efforts are underpinned by a strong focus on secure architecture and empowering developers with the necessary tools and knowledge. Offensive security capabilities have also been expanded to include comprehensive testing strategies, real-world threat simulations, and close collaboration with threat intelligence teams to proactively identify and mitigate risks. In parallel, advancements in automation, vulnerability management, reporting, and system resilience contribute to efficient and scalable security operations. Ongoing initiatives also prioritize the integration of emerging technologies such as AI, along with threat modeling and the application of advanced security techniques, all aimed at further developing the team's expertise and preparedness.

• Manage the execution of penetration tests performed by MSCI vendors.
• Under the direction of senior AppSec staff, perform internal penetration tests:

Identify and exploit vulnerabilities in applications

Document findings and recommend remediation strategies

Collaborate with Cybersecurity and Engineering Teams to enhance security protocols.

Conduct Security Assessments and Risk Analysis

Develop and maintain security testing plans and protocols 

• Develop and implement recommendations to enhance MSCI's pen testing process with particular attention paid to enhancing the MSCI application owner/staff and vendor experience
• Performing operational tasks and engaging in proactive research and exploration of new technologies aligned with team objectives

• Advanced skills in planning and conducting penetration testing activities for both applications and infrastructure. Incorporating new tools and frameworks into pen-testing procedures, and assisting development teams in developing remediation options
• A moderate understanding of modern cloud and on-premises infrastructure concepts, encompassing federated authentication and authorization (OAuth experience is beneficial), Active Directory, networking essentials (such as VNets, routing, switching, advanced firewalls), DNS management, databases, middleware, and Linux administration
• Experience with cloud environments and configurations (Azure, GCP, AWS) is beneficiary
• Good understanding of network protocols, cryptography, and security vulnerabilities is beneficiary
• Strong written and verbal communication skills in English 
• Cybersecurity certification is preferred
• Deep understanding of the different penetration testing tools (e.g.: Metasploit, Burp Suite, Nessus)
• Bachelor degree in relevant field is required

What we offer you

• Transparent compensation schemes and comprehensive employee benefits, tailored to your location, ensuring your financial security, health, and overall wellbeing.

• Flexible working arrangements, advanced technology, and collaborative workspaces.

• A culture of high performance and innovation where we experiment with new ideas and take responsibility for achieving results.

• A global network of talented colleagues, who inspire, support, and share their expertise to innovate and deliver for our clients.

• Global Orientation program to kickstart your journey, followed by access to our Learning@MSCI platform, LinkedIn Learning Pro and tailored learning opportunities for ongoing skills development.

• Multi-directional career paths that offer professional growth and development through new challenges, internal mobility and expanded roles.

• We actively nurture an environment that builds a sense of inclusion belonging and connection, including eight Employee Resource Groups. All Abilities, Asian Support Network, Black Leadership Network, Climate Action Network, Hola! MSCI, Pride & Allies, Women in Tech, and Women’s Leadership Forum.

At MSCI we are passionate about what we do, and we are inspired by our purpose – to power better investment decisions. You’ll be part of an industry-leading network of creative, curious, and entrepreneurial pioneers. This is a space where you can challenge yourself, set new standards and perform beyond expectations for yourself, our clients, and our industry.

MSCI is a leading provider of critical decision support tools and services for the global investment community. With over 50 years of expertise in research, data, and technology, we power better investment decisions by enabling clients to understand and analyze key drivers of risk and return and confidently build more effective portfolios. We create industry-leading research-enhanced solutions that clients use to gain insight into and improve transparency across the investment process.

MSCI Inc. is an equal opportunity employer. It is the policy of the firm to ensure equal employment opportunity without discrimination or harassment on the basis of race, color, religion, creed, age, sex, gender, gender identity, sexual orientation, national origin, citizenship, disability, marital and civil partnership/union status, pregnancy (including unlawful discrimination on the basis of a legally protected parental leave), veteran status, or any other characteristic protected by law. MSCI is also committed to working with and providing reasonable accommodations to individuals with disabilities. If you are an individual with a disability and would like to request a reasonable accommodation for any part of the application process, please email Disability.Assistance@msci.com and indicate the specifics of the assistance needed. Please note, this e-mail is intended only for individuals who are requesting a reasonable workplace accommodation; it is not intended for other inquiries.

To all recruitment agencies

MSCI does not accept unsolicited CVs/Resumes. Please do not forward CVs/Resumes to any MSCI employee, location, or website. MSCI is not responsible for any fees related to unsolicited CVs/Resumes.

Note on recruitment scams

We are aware of recruitment scams where fraudsters impersonating MSCI personnel may try and elicit personal information from job seekers. Read our full note on careers.msci.com