Senior Analyst – Threat & Vulnerability Management - New York - 16946BR

Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $4.4 billion in 2018, employs approximately 13,100 people worldwide and maintains a presence in 42 countries. Further information is available at
Moody’s Shared Services are the front line professionals including Finance, Technology, Legal, Compliance and Human Resources, that operationally support our business units. Exceptional Shared Services teams are vital to the international success of our business.


Moody’s Information Risk & Security is looking for a Senior Analyst of Threat & Vulnerability Management to join its growing organization. This position requires a strong technical background and experience in advanced threat protection solutions. Responsibilities include the security product management function, maintaining the security tools map, identifying gaps, and proposing solutions to address gaps and make improvements. Further responsibilities include working closely with platform engineering teams to integrate security monitoring tools in the network and server environment and owns relationships with third-party security monitoring vendors.

The successful candidate is very motivated has solid communication and organizational skills, able to multi-task to succeed and has the ability work independently and with minimal oversight. In addition, they may assist with the identification, implementation and support of technologies and procedures used to aid in the detection of new threats and mitigation activities.

The Moody’s Information Risk & Security team is responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, and for the delivery of security services. The Information Risk & Security team sets strategic direction for security within the organization and aligns with stakeholders throughout the company.

Job Description

  • Identify potential risks and threats to Moody’s an organization

  • Conduct all-source analysis and adversary targeting to identify, monitor, assess, and counter the threat posed by actors against Moody’s

  • Analyze, correlate and action on data from subscription and public cyber intelligence services, develop tactics to combat future threats, and escalate to the Incident Response team

  • Manage the successful delivery of Information Security tool projects, by working directly with key business stakeholders, Moody’s Information Security & Risk teams, Moody’s IT and project teams

  • Conduct thorough and expeditious review of threat information from a wide range of intelligence sources and evaluate for inclusion in intelligence reports and threat hunting pipeline

  • Research and produce daily intelligence reports and coordinates the sharing of intelligence reports and information within the Information Risk and Security organization

  • Establish him/herself as the resident expert on the chosen and considered security tools, able to articulate use cases and functionality, as well as provide training to other employees

  • Develop and showcase security tool coverage gap analyses and dashboards


Minimum education and work experience required for this position include:

  • Minimum of 3 recent years in threat hunting, red teaming, incident response or security operations center (SOC).

  • Ability to perform full-cycle threat hunting activities and recommend mitigations or improvements which mature the overall security incident response process.

  • Knowledge of at least one common scripting language (Python, PowerShell, Go).

  • Experience with applying threat intelligence and ATP tactics, techniques and procedures to drive threat hunting processes and create detection rules.

  • Familiar with industry best practices for threat hunting and security operations in line with NIST Cybersecurity Framework (CSF) and MITRE ATT&CK.

  • Relevant certifications such as GCIH, GCFE, GCFA, or OSCP are considered a plus.

  • BS or BA degree, preferably in technology.

Key Competencies

  • Interpersonal, organizational, and problem-solving skills, including a demonstrated ability to work effectively both independently and in a team or collaborative environment

  • Creativity, analytical skills, and technical expertise

  • Ability to think with a security mindset. The successful candidate has a strong IT background with knowledge of multiple relevant security practice areas (anti-malware solutions, threat protection solutions network security; monitoring; endpoint, etc.)

  • Extensive knowledge of security tools which perform functions such as intrusion detection and prevention (IDS/IPS), software deployment, and log archiving

  • Experience in correlating malware infections with attack vectors to determine the extent of security and data compromise

  • Ability to work in a time-sensitive environment; must be detail oriented and able to multitask.

  • Experience in large, geographically diverse enterprise networks

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody’s also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.

Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.