Sr Cybersecurity Engineer

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are-with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. 

If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity. 

Moody’s Information Risk and Security is looking for a Sr. Cybersecurity Engineer to join its growing organization. This is a challenging position requiring a strong background in Information Security practice, solid communication and organization skills, and a deep knowledge of Information Security and how it can be applied to infrastructure and cloud components. The candidate is very motivated and willing to take on challenges, able to multi-task to succeed, and can work independently with minimal oversight.

The Moody’s Information Risk and Security team is responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business and regulatory requirements. The team's mission is to identify risks to Moody's data and systems and implement strategies to aid in defending against and mitigating those risks. They are responsible for key programs including Security Architecture, Cyber Security, Identity Management and Vendor Security Management. The Information Risk and Security team sets the strategic direction for IT risk and security globally and aligns with stakeholders throughout the organization.

Functional Responsibilities

• Provide security architecture designs and security consulting services for enterprise IT projects that cross multiple platforms and ensure alignment with Moody’s security architecture.
• Support the creation of and adherence to Cyber Security and Information Security Reference Architectures by working with the Cyber Security Engineering teams and developing reusable patterns for security.
• Be able to perform application and infrastructure Risk Assessments to determine the appropriate technical/process solutions are in place to protect assets.
• Support successful delivery of Information Security projects and services for our customers by working directly with key business stakeholders and technology SMEs
• Liaise with Business Information Security Officers and application development community to assist in identifying and reducing Information Security risk within applications to acceptable levels
• Collaborate on problem analysis, proof-of-concepts, pilots, MVP design, quality and control related to IT infrastructure security solutions
• Monitor progress of corrective action plans and risk exceptions
• Develop and continually refine metrics and provide reporting to peers and senior executives

Qualifications:

• Minimum education and work experience required for this position include:
• Minimum 7-10 years of experience in IT industry, preferably in a financial services or consulting organization
• Minimum 3-5 years of experience of Project Management and / or Web Development / Application Development / Architecture.
• BS or BA degree, preferably in technology/business or equivalent
• Thorough understanding of subject matters, like next generation infrastructure, virtualization, network and micro segmentation, Firewalls, IDSs, WAFs, Containers, etc.
• Relevant certifications such as CISSP, SANS, CCNA/P/E or other known technical certifications are a plus
• Development experience with python, lambda, PowerShell is a plus.

Key Competencies:

• Ability to think with a security mindset. The successful candidate has a strong IT background with a depth knowledge of several key security practice area: network/host security; cloud security; security architecture.
• Adaptability and flexibility to work on a variety of assignments as defined by constantly evolving priorities.
• Knowledge of AWS or Azure Cloud technologies, Active Directory, Authentication/Authorization protocols, and Single Sign On technologies.
• Knowledge of NIST, CIS, and CCM security controls.
• Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
• Strong presentation skills involving large and of varying IT background audiences.

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.