Security Engineer

Moody's Cybersecurity is looking for a Security Engineer to join its growing organization. This is a challenging position requiring a strong background in Information Security practice, deep knowledge of Information Security standards and relevant regulations.

The Cybersecurity team is globally responsible for helping the organization balance risk by aligning policies and procedures with Moody's business and regulatory requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, disaster recovery programs, GRC (Governance, Risk and Compliance) reporting and the delivery of security services including the company's Cybersecurity program.

Responsibilities:
  • Act as the Cybersecurity face-off to Moody's technology infrastructure teams and outsourcing providers.
  • Documenting Cybersecurity exceptions and working with senior Cybersecurity team members to update procedures where appropriate.
  • Function as lead engineer for several IT Risk projects (e.g. Web Detonation system upgrades, security system monitoring transition, system hardening standards). The lead engineer provides security design, configuration, implementation, burn-in, and transition to operations, of security technologies.
  • Provide security engineering design and implementation expertise for Infrastructure and Moody's Analytics projects, making sure that security requirements are fulfilled and escalating issues where necessary.
  • Provide Engineering support to operations teams and infrastructure teams for upgrades and enhancements to current security technologies.
  • Manage and maintain the Log Archiving (Splunk) platform. Supervise and provide leadership to the Splunk operations team, following up on incidents, designing and implementing enhancements, and providing reports to management which include meaningful metrics.


The Moody's IT Risk Management team is globally responsible for helping the organization balance risk by aligning policies and procedures with Moody's business and regulatory requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, disaster recovery programs, GRC (Governance, Risk and Compliance) reporting and the delivery of security services including the company's Cyber Security program. The IT Risk Management team sets strategic direction for IT risk and security globally and aligns with stakeholders throughout the organization.

Job Knowledge:
  • Networking fundamentals including routing protocols
  • Server and workstation operating systems
  • Cloud and Virtualization
  • Network firewalls and IPS/IDS systems
  • Vulnerability assessment and management
  • Endpoint security controls
  • Content filtering


Qualifications:

  • Minimum 5 to 7 years of experience in the IT industry and at least 3 years of experience in Information Security or closely related fields.
  • Expertise in design documentation and tools, such as Microsoft Visio.
  • BS or BA degree, preferably in technology/business or equivalent.
  • Ability to think with a security mindset. The successful candidate has a strong IT background with expert level knowledge of a key security practice area: access control; application security; network security; monitoring; endpoint; etc.
  • Strong knowledge of regulatory standards that govern Information Security practices such as SOX, PCI, and state and federal privacy laws.
  • Experience working with Microsoft Windows in an Active Directory environment, including group-based security and group policy.
  • Knowledge of TCP/IP networking including basic firewall and packet filtering concepts.
  • Experience with ISO-27002, NIST and/or SANS CSC aligned security program.
  • Experience with shell scripting a plus
  • Relevant certifications such as CISSP, CISM or PMP are a plus.


Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.5 billion in 2015, employs approximately 10,400 people worldwide and maintains a presence in 36 countries. Further information is available at www.moodys.com.

Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.com.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.

MIS and MSS Candidates are asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.