The successful candidate is very motivated has solid communication and organizational skills, able to multi-task to succeed and has the ability work independently and with minimal oversight. In addition, they may assist with the identification, implementation and support of technologies and procedures used to aid in the detection of new threats and mitigation activities.
The Moody’s Information Risk & Security team is responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, and for the delivery of security services. The Information Risk & Security team sets strategic direction for security within the organization and aligns with stakeholders throughout the company.
Identify potential risks and threats to Moody’s an organization
Conduct all-source analysis and adversary targeting to identify, monitor, assess, and counter the threat posed by actors against Moody’s
Analyze, correlate and action on data from subscription and public cyber intelligence services, develop tactics to combat future threats, and escalate to the Incident Response team
Manage the successful delivery of Information Security tool projects, by working directly with key business stakeholders, Moody’s Information Security & Risk teams, Moody’s IT and project teams
Conduct thorough and expeditious review of threat information from a wide range of intelligence sources and evaluate for inclusion in intelligence reports and threat hunting pipeline
Research and produce daily intelligence reports and coordinates the sharing of intelligence reports and information within the Information Risk and Security organization
Establish him/herself as the resident expert on the chosen and considered security tools, able to articulate use cases and functionality, as well as provide training to other employees
Develop and showcase security tool coverage gap analyses and dashboards
Minimum education and work experience required for this position include:
Minimum of 3 recent years in threat hunting, red teaming, incident response or security operations center (SOC).
Ability to perform full-cycle threat hunting activities and recommend mitigations or improvements which mature the overall security incident response process.
Knowledge of at least one common scripting language (Python, PowerShell, Go).
Experience with applying threat intelligence and ATP tactics, techniques and procedures to drive threat hunting processes and create detection rules.
Familiar with industry best practices for threat hunting and security operations in line with NIST Cybersecurity Framework (CSF) and MITRE ATT&CK.
Relevant certifications such as GCIH, GCFE, GCFA, or OSCP are considered a plus.
BS or BA degree, preferably in technology.
Interpersonal, organizational, and problem-solving skills, including a demonstrated ability to work effectively both independently and in a team or collaborative environment
Creativity, analytical skills, and technical expertise
Ability to think with a security mindset. The successful candidate has a strong IT background with knowledge of multiple relevant security practice areas (anti-malware solutions, threat protection solutions network security; monitoring; endpoint, etc.)
Extensive knowledge of security tools which perform functions such as intrusion detection and prevention (IDS/IPS), software deployment, and log archiving
Experience in correlating malware infections with attack vectors to determine the extent of security and data compromise
Ability to work in a time-sensitive environment; must be detail oriented and able to multitask.
Experience in large, geographically diverse enterprise networks
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law.