• Competitive
  • New York, NY, USA
  • Permanent, Full time
  • Moody's
  • 20 Nov 17

Patch & Vulnerability Management Senior Analyst

Location: New York, NY, USA

Moody's Information Security is looking for a senior Analyst to assist with the processes and procedures of the Patch and Vulnerability Management program. The incumbent will be responsible for applying Patch & Vulnerability Management principles and best practices to proactively protect and maintain the confidentiality, integrity, and availability, of the company's data, computing systems, and networks. Additionally, the Analyst will play a key role in safeguarding the company's assets, intellectual property, and computer systems in support of the company's business objectives.

The Moody's Information Security team is responsible for helping the organization balance risk by aligning policies and procedures with Moody's business requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, and for the delivery of security services. The Information Security team sets strategic direction for security within the organization and aligns with stakeholders throughout the company.

The Senior Analyst- Will be involved in all the steps of Patch & Vulnerability Management. He or She Will utilize Nessus (Tenable tool to assist with managing vulnerabilities). Document procedures, assist with what/where/when to patch, set up scans and assist in coordinating patching efforts. Engages in awareness, coordinating and communicating patch-management process to stakeholders.

Functional Responsibilities:
  • Serve as Vulnerability Management Analyst for Applications and Network components.
  • Perform information system security vulnerability scanning to discover and analyze vulnerabilities and characterize risks to networks, operating systems, applications, databases, and other information system components.
  • Perform compliance scanning to analyze configurations and compare to established baselines, recommending remedial actions where necessary.
  • Engage with stakeholders, to include IT professionals, management, to facilitate vulnerability discovery, remediation and tracking.
  • Communicate security and compliance issues in an effective and appropriate manner.
  • Validate remedial actions and ensure compliance with security policy and remediation targets.
  • Perform vulnerability management system administration functions, as required.
  • Perform risk assessments and make remediation recommendations to tech owners.
  • Periodically review vulnerability exception requests to ensure compliance to the exception process.
  • Maintain vulnerability tracker to record Identification, publication, remediation and closure of vulnerabilities.
  • Ability to adapt and respond to environment and priorities; manage deadlines and projects.
  • Ability to exercise sound technical, interpersonal and organizational judgment while evaluating and solving complex problems.
  • Partner with system owners to identify upcoming end of life components, and plan track their decommissioning.


Moody's Information Technology ("MIT") is the largest department of Moody's Shared Services and provides technology solutions for Moody's Investors Service, Moody's Shared Services and Moody's Analytics. The organization is going through an exciting period of growth and opportunity as we embark on a corporate-wide Transformation program and partner with the business to drive revenue growth, efficiency, risk management, and expansion of our client base via new solutions and application modernization. The development and ongoing support of key ratings and enterprise systems ensure the company's premier standing among credit rating agencies and enable its evolution alongside regulatory and business demands.

Minimum education and work experience required for this position include:
  • At least 5 years of experience in IT industry, preferably in a financial services organization.
  • Minimum of 3 recent years direct Patch & Vulnerability Management.
  • Background & experience of designing, defining and implementing Vulnerability Assessment tooling and services.
  • Good working understanding and working knowledge of Tenable Security Center, Rapid7, Qualys, or other related tools.
  • Knowledge of python scripting is a plus.
  • Interpersonal, collaboration, and negotiation skills.
  • Good understanding of data analysis, business process analysis and reporting tools found within the Microsoft Office application suite.
  • Excellent understanding of project management methodologies & internal processes.
  • BS or BA degree, preferably in technology.
Key Competencies:
  • Ability to think with a security mindset. The successful candidate has an IT background with good level knowledge of multiple relevant security practice areas.
  • Experience in patch and vulnerability Management , procedures and processes.
  • Ability to work in a time-sensitive environment; must be detail oriented and able to multitask to meet deadlines and company objectives.
  • Experience in large, geographically diverse enterprise networks.
  • Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
  • Develop procedures and process documentations.


Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.6 billion in 2016, employs approximately 10,700 people worldwide and maintains a presence in 36 countries. Further information is available at www.moodys.com.

Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.com.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.

MIS and MSS Candidates are asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.