Assistant Director - Sr Software Engineer (Application Security Engineer)
Location: Omaha, NE, USARole/Responsibilities:
Our Application Security Team is looking for a highly skilled software developer with a strong understanding of secure engineering concepts such as secure coding practices and secure code reviews.
In this role you will be responsible for both development of new technologies and the interfaces that engineering teams within Moody's can integrate into their own development projects to secure sensitive data while remaining the security expert to teams within Moody's.
You will get to work with all aspects of security operations pertaining to our public-facing production environments. You will be providing technical security expertise across a broad range of environments and will develop technology solutions that will be usable across the business to increase the level of security around how we handle sensitive data. It would be common to expect that you would be pairing with other Moody's engineering teams to review project design and implementation, performing secure code reviews and large data set analysis, and helping develop APIs in order to secure sensitive data.
Ideally you will be an experienced software developer with a very good understanding of .NET
Application Security/Enterprise Risk Solutions
- Research, initiate and drive the evaluation of third party or homegrown tools/technologies/processes to maintain and enhance the security of Moody's applications
- Provide security related advice and consultancy to overall engineering team, IT, Risk Management and other business groups as needed
- Perform analyses against large data sets to identify potentially malicious behavior
- Provide technical and operational security support to IT, Engineering, Legal, and business units
- Be a member of the development teams and the remediation of application vulnerabilities detected through security scanning tools
- Actively manage the security activities associated with secure software development, including performing peer code reviews, to address risks and threats
- Deep knowledge of common web application vulnerabilities (e.g. XSS, CSRF, clickjacking) and their mitigation strategies
- Knowledge of related technologies:
- .Net (ASP.Net / C#)
- SQL Server
- Knowledge of system security vulnerabilities and remediation techniques
- Knowledge of network and web related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
- Experience working in a security capacity with development team(s) that deliver a software-based service
- Knowledge of security across multiple disciplines (data, database, operating system)
- Strong understanding of threat modeling and security methodologies
- Experience with at least one code security review tool
- Familiar with protocol analysis methods and cryptography
Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.5 billion in 2015, employs approximately 10,400 people worldwide and maintains a presence in 36 countries. Further information is available at www.moodys.com.
Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email email@example.com.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.
MIS and MSS Candidates are asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.