Sr Cybersecurity Engineer - Red Team

At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are—with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. Moody’s is transforming how the world sees risk. As a global leader in ratings and integrated risk assessment, we’re advancing AI to move from insight to action—enabling intelligence that not only understands complexity but responds to it. We decode risk to unlock opportunity, helping our clients navigate uncertainty with clarity, speed, and confidence.

If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity. 

Skills and Competencies

• Strong knowledge of offensive security testing methodologies; including operating system, software and web application vulnerabilities and exploitation techniques.
• Strong understanding of networking fundamentals (OSI layers, protocols, etc.), and Windows and Linux operating systems.
• Strong knowledge of, and experience with, commercial or open-source offensive security tools, as well as at least one scripting language (e.g. Python, Perl, PowerShell).
• Security experience in Cloud-based environments and technologies such as Amazon Web Services, Azure or GCP.
• Excellent verbal and written communication skills; articulate and visually present technical information to a non-technical audience, build lasting relationships with stakeholders.
• Ability to work independently within minimal supervision; timely and accurate delivery of assigned tasks, seeks help from peers or supervisor(s) as and when required.
• Ability to work in a time-sensitive environment; must be detail oriented and able to prioritize accordingly to meet deadlines and company objectives.
• Basic understanding of artificial intelligence concepts, with curiosity and enthusiasm for learning how AI tools can be used to improve processes and drive efficiency.
• Interest in exploring AI systems and a willingness to develop awareness of responsible AI practices, including risk management and ethical use. 
• Experience in security assessment methodologies (e.g., OWASP Top Ten, NIST Cybersecurity Framework), offensive testing tools, and resiliency testing techniques to evaluate and strengthen the organization’s defences.

Education 

• Desired: BS or BA degree, preferably in Information Security, Computer Science or equivalent.
• Relevant certifications such as SANS (GPEN, GXPN, GWAPT, GCPN), TCM Security (PNPT, PJPT), Offensive Security (OSCP, OSCE), or equivalent are considered a plus.
• 3-5 years working experience in a related cyber security role. 

Responsibilities

The Cybersecurity Senior Engineer – Red Team will simulate real-world cyberattacks to test defences, uncover vulnerabilities, and strengthen organisational security posture.

• Support the Red Team Lead with day-to-day operations and strategy for the team, take end-to-end ownership of red team engagements (with guidance and support as needed).
• Build and maintain offensive security infrastructure for both continuous testing and unannounced exercises.
• Development of tooling to support the red team in operations and automated testing capabilities. 
• Contribute to maintaining Moody’s external security posture by conducting independent internal bug hunting / bounty across the enterprise.
• Perform technical security testing to assess and validate security posture and related risk; document and communicate findings to senior management.
• Maintain up-to-date knowledge of the cyber threat landscape, including emerging offensive security techniques; regularly produce situational awareness digests and suggest improvements to Moody’s security posture where relevant.
• Participate in cyber security projects and initiatives; provide technical expertise, operational support and testing (e.g. Threat Intelligence, Breach & Attack Simulation, Purple Teaming).
• Mentoring and coaching junior members of the team and the wider enterprise including customers and the cyber security group.
• Assist the Security Operations Centre (SOC) with enhancing capabilities, and the Cyber Incident Response Team (CIRT) with responding to cyber incidents, as required.

About the team

The Moody’s Red Team, part of the Cyber Threat Management division, emulates real-world adversaries to identify vulnerabilities, test defences, and strengthen our global security posture. We conduct controlled, intelligence-driven offensive operations and penetration testing to simulate advanced threat scenarios across Moody’s infrastructure. Joining our team in Edinburgh means working on cutting-edge engagements alongside Cybersecurity Engineering, Incident Response, and SOC teams, collaborating globally across the enterprise to safeguard Moody’s and its affiliates.

#LI-Hybrid

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.