Senior Analyst – Threat & Vulnerability Management
- Identify potential risks and threats to Moody's an organization
- Conduct all-source analysis and adversary targeting to identify, monitor, assess, and counter the threat posed by actors against Moody's
- Analyze, correlate and action on data from subscription and public cyber intelligence services, develop tactics to combat future threats, and escalate to the Incident Response team
- Manage the successful delivery of Information Security tool projects, by working directly with key business stakeholders, Moody's Information Security & Risk teams, Moody's IT and project teams
- Conduct thorough and expeditious review of threat information from a wide range of intelligence sources and evaluate for inclusion in intelligence reports
- Research and produce daily intelligence reports and coordinates the sharing of intelligence reports and information within the Information Risk and Security organization
- Establish him/herself as the resident expert on the chosen and considered security tools, able to articulate use cases and functionality, as well as provide training to other employees
- Develop and showcase security tool coverage gap analyses and dashboards
The Senior Analyst will have hands-on experience in one or more general IT and specific Information Risk & Security areas to provide guidance to other IT personnel:
- Advanced Threat Protection solutions and Anti Malware
- Endpoint Security
Minimum education and work experience required for this position include:
- At least 5 years of IT industry experience, preferably in a financial services organization.
- Minimum of 3 recent years in threat management.
- Extensive knowledge and hands-on experience threat protection solutions
- Knowledge of regular expressions and at least one common scripting language (e.g. PERL, Python, PowerShell).
- BS or BA degree, preferably in technology.
- Relevant certifications such as GCIH, GCFE, GCFA, or CISSP are considered a plus.
- Interpersonal, organizational, and problem-solving skills, including a demonstrated ability to work effectively both independently and in a team or collaborative environment
- Creativity, analytical skills, and technical expertise
- Ability to think with a security mindset. The successful candidate has a strong IT background with knowledge of multiple relevant security practice areas (anti-malware solutions, threat protection solutions network security; monitoring; endpoint, etc.)
- Extensive knowledge of security tools which perform functions such as intrusion detection and prevention (IDS/IPS), software deployment, and log archiving
- Experience in correlating malware infections with attack vectors to determine the extent of security and data compromise
- Ability to work in a time-sensitive environment; must be detail oriented and able to multitask.
Experience in large, geographically diverse enterprise networks
Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email firstname.lastname@example.org.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.