Sr. Cybersecurity Engineer - Application Security

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are-with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. 

If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity. 

Moody’s IT Risk department is looking for a Sr. Cybersecurity Engineer to join its growing organization. This is a challenging position requiring deep knowledge and experience with security standards, threat & vulnerability management, exploitation techniques, and secure development standards. The candidate should be motivated and willing to take on challenges, able to multi-task, collaborate, and have strong communication skills.

The Cybersecurity team is globally responsible for tracking security weaknesses, recommending improvements, and helping the company apply ever higher security standards. The job requires a concentrated and productive relationship with delivery and operation groups across the company.

Functional Responsibilities:

• Support dynamic/static testing using various tools, provide recommendations and guidance on mitigations and validate issue remediation.
• Maintain detailed evidence documentation throughout processes to support compliance obligations.
• Communicate software vulnerabilities and mitigation options to stakeholders that balance business agility with security.
• Partner with Developer teams to meet security objectives through training and integrating vendor solutions or building your own solutions into software development processes.
• Develop and implement vulnerability management strategies to identify, assess, and mitigate security risks across the organization.
• Collaborate with IT and engineering teams to integrate security best practices into the development and deployment processes.
• Facilitate conversations between vendors and delivery teams or other stakeholders.
• Establish policies & standards to guide developers to meet security requirements.
• Collaborate with colleagues from Cybersecurity Architecture & Assurance, Security Operations, and IT Development in the testing and remediation process, including resolution of issues stemming from risk assessments and third-party penetration testing.
• Demonstrate ability to prioritize and successfully manage competing work assignments in a time-sensitive environment.
• A high degree of initiative required with the ability to work independently or as part of a team.
• High level of personal integrity, and the ability to professionally handle confidential matters and project the appropriate level of urgency, judgment, and maturity.

Qualifications :

• Bachelor's in Computer Science or equivalent.
• 3+ years of experience in Application Security, Application Development, Secure SDLC, DevSecOps
• Relevant security certifications (technical/managerial)
• Knowledge of development and integration tools and technologies (e.g. CI/CD)
• Knowledge of test automation frameworks and how they integrate with SAST/DAST.
• Comfortable writing in at least 2 development/scripting languages (Java, .NET, Python, etc.)
• Passion for researching vulnerabilities, exploitation techniques, and industry trends/threats.

Technical Competencies:

• Background in web app development, sys admin, and/or code auditing strongly preferred
• Experience in the deployment and management of SAST/DAST tools and technologies.
• Deep understanding of web application security threats, exploits, and prevention
• Ability to triage, reproduce, recommend remediation, and implement fixes for vulnerabilities
• Practical applied knowledge of OWASP Top 10 and can confidently speak to all.
• Design and implement security practices and standards across web and cloud environments
• Threat modeling systems and applications and performing security reviews
• Identifying security risks and developing mitigation strategies
• Some experience or understanding of cloud and cloud security concepts
• Experience with containerized ecosystems a plus

Annual base salary gross: 58,400 EUR to 81,200 EUR. Applicable to Lithuania candidates: The base salary range represents the low and high end of the Moody’s salary range for this position. Actual salaries will vary and will be based on various factors, such as candidate’s qualifications, skills, and competencies. The salary is one component of Moody’s total compensation package for employees. Other rewards and benefits include the following: Medical, Personal Accident, Life Insurance and Time Off.

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.

For more information on the Securities Trading Program, please refer to the STP Quick Reference guide on ComplianceNet

Please note: STP categories are assigned by the hiring teams and are subject to change over the course of an employee’s tenure with Moody’s.