The successful candidate is very motivated has solid communication and organizational skills, able to multi-task to succeed and has the ability work independently and with minimal oversight. In addition, they may assist with the identification, implementation and support of technologies and procedures used to aid in the detection of new threats and mitigation activities.
The Moody’s Information Risk & Security team is responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, and for the delivery of security services. The Information Risk & Security team sets strategic direction for security within the organization and aligns with stakeholders throughout the company.
Identify potential risks and threats to Moody’s an organization
Conduct all-source analysis and adversary targeting to identify, monitor, assess, and counter the threat posed by actors against Moody’s
Analyze, correlate and action on data from subscription and public cyber intelligence services, develop tactics to combat future threats, and escalate to the Incident Response team
Manage the successful delivery of Information Security tool projects, by working directly with key business stakeholders, Moody’s Information Security & Risk teams, Moody’s IT and project teams
Conduct thorough and expeditious review of threat information from a wide range of intelligence sources and evaluate for inclusion in intelligence reports
Research and produce daily intelligence reports and coordinates the sharing of intelligence reports and information within the Information Risk and Security organization
Establish him/herself as the resident expert on the chosen and considered security tools, able to articulate use cases and functionality, as well as provide training to other employees
Develop and showcase security tool coverage gap analyses and dashboards
The Senior Analyst will have hands-on experience in one or more general IT and specific Information Risk & Security areas to provide guidance to other IT personnel:
- Advanced Threat Protection solutions and Anti Malware
- At least 5 years of IT industry experience, preferably in a financial services organization.
- Minimum of 3 recent years in threat management.
- Extensive knowledge and hands-on experience threat protection solutions
- Knowledge of regular expressions and at least one common scripting language (e.g. PERL, Python, PowerShell).
- BS or BA degree, preferably in technology.
- Relevant certifications such as GCIH, GCFE, GCFA, or CISSP are considered a plus.
- Interpersonal, organizational, and problem-solving skills, including a demonstrated ability to work effectively both independently and in a team or collaborative environment
- Creativity, analytical skills, and technical expertise
- Ability to think with a security mindset. The successful candidate has a strong IT background with knowledge of multiple relevant security practice areas (anti-malware solutions, threat protection solutions network security; monitoring; endpoint, etc.)
- Extensive knowledge of security tools which perform functions such as intrusion detection and prevention (IDS/IPS), software deployment, and log archiving
- Experience in correlating malware infections with attack vectors to determine the extent of security and data compromise
- Ability to work in a time-sensitive environment; must be detail oriented and able to multitask.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.