Cybersecurity Engineer - Vulnerability Management

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are—with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. Moody’s is transforming how the world sees risk. As a global leader in ratings and integrated risk assessment, we’re advancing AI to move from insight to action—enabling intelligence that not only understands complexity but responds to it. We decode risk to unlock opportunity, helping our clients navigate uncertainty with clarity, speed, and confidence.

If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity. 

Skills and Competencies

• 3–5 years of cybersecurity engineering experience in an enterprise environment, with a focus on vulnerability management.
• Strong knowledge of security technologies, frameworks, and platforms such as Qualys and WIZ.
• Proven ability to ensure operational reliability and mitigate risk within global, team-based organizations.
• Excellent written and oral communication skills, including the ability to effectively engage with non-technical stakeholders.
• Demonstrated critical thinking skills and a proactive approach to problem-solving.
• Scripting experience (e.g., Python, PowerShell) is a plus for automating tasks and improving efficiency in vulnerability management.

Education

• BS or BA degree or relevant certifications, preferably in Information Systems, Computer Science, Computer Engineering or equivalent. 

Responsibilities

• Proactively identify and resolve risks while continuously improving and maintaining a clean environment (targeting 200+ hours/year). Strong knowledge of NIST, CVSS scoring, CWE, MITRE, OWASP, and CIS Benchmarks. Represent and document problem records generated by your work.
• Maintain a ticket closure rate above average, ensure tasks are resolved within 4 days on average, update tickets with relevant information at least twice a week, and avoid escalations or follow-ups.
• Double-check work to prevent chance-caused incidents (CCI) and prioritize security above all other tasks.
• Acknowledge and follow up on requests promptly, provide clear answers to technical and non-technical colleagues, and raise awareness of your contributions.
• Challenge existing processes, propose improvements, share knowledge, and take ownership of projects to support business enablement.
• Be visible, responsive, and reliable in all assigned tasks, ensuring high-quality output without requiring follow-ups.
• Document findings, search for solutions, and contribute to knowledge-sharing initiatives across the team.

About the team

The Cybersecurity team is globally responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business and regulatory requirements.  The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, disaster recovery programs, GRC (Governance, Risk and Compliance) reporting and the delivery of security services including the company’s Cyber Security program.

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.

For more information on the Securities Trading Program, please refer to the STP Quick Reference guide on ComplianceNet

Please note: STP categories are assigned by the hiring teams and are subject to change over the course of an employee’s tenure with Moody’s.