Sr. Engineer - Threat & Vulnerability Management (100% Remote Throughout US)
Job Description Moody's IT Risk department is looking for a Sr IT Risk Analyst Threat & Vulnerability Management to join its growing organization. This is a challenging position requiring deep knowledge and experience with security standards, threat & vulnerability management, exploitation techniques and secure development standards. The candidate should be motivated and willing to take on challenges, able to multi-task, collaborate, have strong communication and customer service skills.
The Cybersecurity team is globally responsible for tracking security weaknesses and improvements and helping the company applying ever higher security standards. The job requires an intensive and productive relationship with developer groups across the company. Functional Responsibilities
- Work with developer teams and their management to improve coding standards and detected issues
- Take ownership for continuous improvement in the working environment
- Report on findings, improvements, achievements, …
- Keep up to date on relevant evolving standards
- Bachelor's in Computer Science or equivalent, Masters preferred
- 3+ years of experience in Web App Security, Secure SDLC, DevSecOps
- Relevant security certifications (technical/managerial)
- Knowledge of development and integration tools and technologies (e.g. CI/CD)
- Knowledge of test automation frameworks and how they integrate with SAST/DAST.
- Comfortable writing in at least 2 development/scripting languages (Java, .NET, Python, etc.)
- Passion for researching vulnerabilities, exploitation techniques, and industry trends/threats.
- Background in web app development, sys admin, and/or code auditing strongly preferred
- Experience in the deployment and management of SAST/DAST tools and technologies.
- Deep understanding of web application security threats, exploits, and prevention
- Ability to triage, reproduce, recommend remediation, and implement fixes for vulnerabilities
- Practical applied knowledge of OWASP Top 10 and can confidently speak to all.
- Design and implement security practices and standards across web and cloud environments
- Threat modeling systems and applications and performing security reviews
- Identifying security risks and developing mitigation strategies
- Some experience or understanding of cloud and cloud security concepts
- Ability to work in a self-directed environment that is highly collaborative and cross functional.
- Experience communicating with Director/VP-level leadership
Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email email@example.com. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law. Click here to view our Pay Transparency Nondiscrimination statement.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.