Cybersecurity Engineer (IAM) - Sailpoint

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are-with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. 

If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity. 

Moody's (NYSE: MCO) is a global integrated risk assessment firm that empowers organizations to make better decisions. Our data, analytical solutions and insights help decision-makers identify opportunities and manage the risks of doing business with others. We believe that greater transparency, more informed decisions, and fair access to information open the door to shared progress. With over 11,000 employees in more than 40 countries, Moody's combines international presence with local expertise and over a century of experience in financial markets. Learn more at moodys.com.

Moody’s Shared Services are the front line professionals including Finance, Technology, Legal, Compliance and Human Resources, that operationally support our business units. Exceptional Shared Services teams are vital to the international success of our business.

Department

Moody’s Information Risk and Security

The Moody’s IT Risk Management team is globally responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business and regulatory requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, disaster recovery programs, GRC (Governance, Risk and Compliance) reporting and the delivery of security services including the company’s Cyber Security program. The IT Risk Management team sets strategic direction for IT risk and security globally and aligns with stakeholders throughout the organization.

Job Description

Moody’s IT Risk is looking for a Cybersecurity Engineer to join its growing organization. This is a challenging position requiring a strong background in security practice, Microsoft Active Directory, Azure Active Directory, Azure Automation, Identity and Access Management (IAM) tools and processes, Single Sign On (SSO) products and architectures, Identity Governance and Administration (IGA), and Privileged Access Management (PAM) solutions.

The Cybersecurity Engineer - Identity & Access Management - Sailpoint Engineer will participate in architectural design discussions, implementation, and administration of security tools and technologies. The ideal candidate is a strong hands-on subject matter expert that is comfortable working in a fast-paced enterprise environment. The candidate is also responsible for delivery of Information Security projects and for providing security-engineering support to other technical projects within the company. The job requires excellent organization skills and attention to detail so that requests are handled in a uniform manner, so that issues are properly documented for our auditors, and so that projects are delivered on time. The job requires a strong understanding of security platform infrastructure and associated security issues. The successful candidate is very motivated and willing to take on challenges, able to multi-task to succeed and has the ability work independently and with minimal oversight.

Functional Responsibilities

• Assist in Application Onboarding with Sailpoint
• Assist in managing and maintaining Moody’s Identity Infrastructure.
• Assist in managing and maintaining the Active Directory infrastructure as it pertains to Identity management.
• Troubleshooting and support for Identity-related escalations from the help desk team.
• Assist in the design, development and execution of new products and initiatives.
• Create and update documentation including standard operating procedures, asset inventory and build documents.
• Communicate with other teams and stakeholders. Ability to work with other Moody’s technology teams and with vendors.
• Provide demonstrations and overviews of architecture and authentication flows.
• Keep the relevant Moody’s Information Security policies and procedures aligned with industry standards, technology best practices, as well as infrastructure and organizational changes.
• Contribute to the overall security strategy and future roadmap for our security posture.
• Assist other technical teams in resolution of security incidents and outages related to information security tools, including coordinating of information security resources and root cause analysis.
• Develop and oversee the execution of implementation and improvement plans.

Qualifications

Work experience required for this position include:

• Monitor and troubleshoot the Sailpoint production environment, including tomcat, aws mysql, load balancers, and certificates.
• Respond to incidents and requests related to Sailpoint issues and escalations.
• Coordinate with the Sailpoint development team to implement patches, upgrades, and enhancements.
• Perform root cause analysis and provide solutions for Sailpoint issues.
• Document and maintain the Sailpoint production support procedures and best practices.
• Experience implementing solutions with Sailpoint IIQ (LCM, Compliance Manger, etc)
• Experience on boarding applications with Sailpoint
• Experience with Java / Beanshell
• Experience scripting with Powershell, Python, etc.
• Experience coding SQL queries and stored procedures
• Experience with web services and APIs
• Experience tuning Sailpoint environments
• Strong writing and communication skills. Ability to create and maintain accurate and detailed guidelines and procedures.
• Hands-on experience with implementing identity solutions.
• Hands-on experience with supporting an identity and access management system integrated with target applications such as Salesforce, SAP, O365.
• Ability to interact directly with customers that do not have an IT background including key business stakeholders and clients.
• BS or BA degree, preferably in technology/business or equivalent.
• 3 to 7 years of experience working on IAM - Sailpoint, Azure AD

Key Competencies

• Ability to think with a security mindset. The successful candidate has a strong IT background with expert level knowledge of multiple relevant security practice areas (access control; application security; network security; vulnerability management; monitoring; endpoint, etc.).
• Extensive knowledge of security tools which perform functions such as identity and access management, file system auditing. A wide range of experience in these tools, from hands-on configuration and operation, to high level design and architecture is preferred.
• Understanding of Role Based Access Control, Governance and Access Certification.
• Strong knowledge of regulatory standards or control frameworks that govern Information Security practices such as NIST, SANS, SOX, PCI, and state and federal privacy laws.
• Knowledge of the evolution and market trends of the areas described above including the vendor and threat landscapes.
• Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
• Ability to mentor and guide other team members.
• Proven ability to work within a large enterprise that spans multiple continents, is governed by change management, and has a tiered support model.
• Proven ability to execute projects and initiatives within schedule and budget.
• Security tool gap analysis documentation; must be able to write and proof documents intended for technical and executive audiences.
• Ability to work in a time-sensitive environment; must be detail oriented and able to multitask to meet deadlines and company objectives.

#LI-SD1

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.