- Edinburgh, Scotland, United Kingdom
- Permanent, Full time
- 22 Sep 17
Senior Cybersecurity Engineer
Location: Edinburgh, Scotland, United KingdomMoody's IT Risk department is looking for a Senior Cyber Security Engineer to join its growing organization. This is a challenging position requiring deep knowledge of security products and networking. The candidate should be motivated and willing to take on challenges, able to multi-task to succeed and have the ability to work independently and with minimal oversight.
- Act as the Cybersecurity Engineering SME to Moody's technology infrastructure teams and outsourcing providers.
- Documenting Cybersecurity exceptions and working with senior Cybersecurity team members to update procedures where appropriate.
- Function as lead engineer for several Information Risk & Security projects. The lead engineer provides security design, configuration, implementation, burn-in, and transition to operations, of security technologies.
- Provide Cybersecurity Engineering support to operations teams and infrastructure teams for upgrades and enhancements to current security technologies.
- Provide Cybersecurity engineering design and implementation expertise for Infrastructure and Moody's Analytics projects, making sure that security requirements are fulfilled and escalating issues where necessary.
- Develop, collect and mature security metrics for Information Risk & Security programs.
This Senior Cybersecurity Engineer will have hands-on experience in one or more general IT and specific Information Risk & Security areas to provide guidance to other IT personnel:
- Security Incident Response and Threat Management.
- Networking fundamentals including Network Forensics.
- Patch and Vulnerability and management.
- Endpoint security.
- Anti-malware and advanced threat protection solutions
- Network vulnerability scanning tools
The Cybersecurity team is globally responsible for helping the organization balance risk by aligning policies and procedures with Moody's business and regulatory requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, disaster recovery programs, GRC (Governance, Risk and Compliance) reporting and the delivery of security services including the company's Cybersecurity program
Minimum education and work experience required for this position include:
- Minimum 5-7 years of experience in IT industry, preferably in a financial services or consulting organization
- BS or BA degree, preferably in technology/business or equivalent
- CISSP, SANS or equivalent certifications
- Experience managing one or more of the following next-gen firewalls: Cisco, Checkpoint, or Palo Alto
- Experience managing one or more of the following web proxies: Websense, BlueCoat, or WebTitan
- Experience managing one or more of the following application delivery controllers (ADCs): Citrix NetScaler or F5 Big-IP
- Have excellent networking knowledge; be able to collect and analyze packet captures, use web debugging tools like Fiddler to analyze SSO connectivity issues.
- Capability to troubleshoot effectively at all OSI layers.
- 5-7 years prior development experience
- 5-7 years IT security product experience
- Familiar with one or more following: Java, Python, Ruby, AWS and Azure APIs, Service Now APIs, Puppet, Ansible.
- Familiar with various databases and SQL.
- Ability to quickly assimilate new technologies, tools, internal/external systems and design frameworks. Strong and broad technology background.
- Ability to think with a security mindset. The successful candidate has a strong IT background with in depth knowledge of several key security practice area: access control; application security; network security; security architecture; security strategy
- Strong knowledge of application architecture, development and secure coding practices.
- Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
- Strong presentation skills involving large and of varying IT background audiences.
- Proven ability to work within a large enterprise that spans multiple continents, is governed by change management and has a tiered support model.
Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.6 billion in 2016, employs approximately 10,700 people worldwide and maintains a presence in 36 countries. Further information is available at www.moodys.com.
Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation or any other characteristic protected by law.
MIS and MSS Candidates are asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.