• Competitive
  • New York, NY, USA
  • Permanent, Full time
  • Moody's
  • 24 Mar 18

Senior Application Security (sSDLC) Analyst

Location: New York, NY, USA

Moody's IT Risk Management is looking for a Senior Security Analyst who will be aligned to the IT Risk function to support the secure SDLC program and application security architecture. This is a position requiring a background in application security design review, application vulnerability remediation oversight, metrics-driven reporting practices, and solid communication and organization skills.

The ideal candidate is very motivated and willing to take on challenges, able to prioritize and manage multiple tasks and has the ability work independently and with minimal oversight. The candidate has a broad understanding of both cybersecurity and application development practices, and a deep understanding of application vulnerabilities, and is able to articulate complex information through reports, dashboards, and presentations that tell a story.

The Application Security Architecture program supports the IT Risk Management team by identifying flaws in new application designs and planned application changes, working with application developers to architect solutions to security-related application challenges, providing detailed explanations to application developers about vulnerability findings, and reporting key vulnerability remediation metrics and dashboards to Moody's management.

The Moody's Information Risk and Security team is globally responsible for helping the organization balance risk by aligning policies and procedures with Moody's business and regulatory requirements. The team is responsible for the development, enforcement, and monitoring of security controls, policies and procedures, disaster recovery programs, GRC (Governance, Risk and Compliance) reporting, and the delivery of security services including the company's Cyber Security program. Information Risk and Security management sets strategic direction for IT risk and security and aligns with stakeholders throughout the organization.

General Qualifications:
  • The senior analyst must analyze information security systems/applications; make recommendations and develop security measures to protect information against unauthorized modification or loss.
  • The senior analyst will work with the various development teams to implement application security practices that meet Moody's defined policies and standards for information security.
  • The senior analyst will serve as subject matter expert for best practices and security controls for application security and will work with the various development teams to implement controls that are appropriate for Moody's information security.
  • Efforts will include:
  • Performing functional requirement reviews and technical design reviews
  • Identifying application security requirements for projects
  • Managing the application vulnerability assessment process and tools (SAST and DAST) focused on client-server, web, and mobile applications
  • Identifying, communicating, and driving the resolution of vulnerabilities
  • Providing reports to development management and business management on the status of vulnerability remediation for their applications
  • Serving as a subject matter expert for security in application projects
  • Developing and updating security patterns aligned with security requirements
  • Coordinating and collaborating with server infrastructure engineering, network infrastructure engineering, business application development, and database administration functions to ensure confidentiality, integrity, and availability of corporate infrastructure meets business demands
  • Performing other security-related projects that may be assigned according to skills


Technical Experience & Qualifications:
  • Bachelor's degree in a technical or business discipline
  • 4-6 years or more of experience, primarily in information security, application development, architecture or a related field, preferably in the financial sector and/or supporting IT Risk or Information Security initiatives
  • Experience with Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) tools, and enterprise architecture tools
  • Deep understanding of OWASP Top 10 and SANS Top 25 vulnerabilities
  • Strong experience with data visualization concepts and tools
  • Ability to analyze data using Excel including use of complex Excel macros / scripts for reporting purposes; some development experience is preferable
  • Experience with Veracode (or other SAST/DAST tools), Jira, ServiceNow, and Splunk is preferable
  • CISSP, GIAC, CISA, CISM, TOGAF certifications preferable
  • Ability to work individually and as part of a team
  • Strong written and oral communication skills
  • Strong presentation skills; ability to adjust message and filter details based on audience (e.g. technical, business, management)

Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.6 billion in 2016, employs approximately 10,700 people worldwide and maintains a presence in 36 countries. Further information is available at www.moodys.com.

Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.com.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.

New York, NY, USA New York NY US