At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are—with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways. Moody’s is transforming how the world sees risk. As a global leader in ratings and integrated risk assessment, we’re advancing AI to move from insight to action—enabling intelligence that not only understands complexity but responds to it. We decode risk to unlock opportunity, helping our clients navigate uncertainty with clarity, speed, and confidence.

If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity. 

Role Overview

The Senior Cybersecurity Engineer will be the subject matter expert (SME) for securing both our enterprise SaaS applications and our AI/ML initiatives. This individual will work directly inside the existing AI & SSPM Team, ensuring seamless integration with established processes and contributing to define new process and expand the collective knowledge base. They will maintain the SSPM program (using platforms like CrowdStrike Falcon Shield) and pioneer the AI Security Architecture program, mitigating novel risks by evaluating, recommending, and enforcing secure AI system design patterns across the organization.

Key Responsibilities

1. AI Security Architecture & Pattern Recommendation (Team Focus)

• Team Contribution: Actively collaborate with and contribute specialized knowledge to the AI & SSPM Team on all AI security and architectural patterns.
• Secure Pattern Evaluation: Evaluate, define, and document robust AI security design patterns for common use cases (RAG, fine-tuning, external API tool usage) and integrate them into the team's security standards.
• Security Architecture Review: Lead security reviews of new and existing AI systems, recommending architectural controls to manage risks like data leakage, adversarial attacks, and inference manipulation.
• Context/Tool Security: Establish and enforce a comprehensive security and governance framework for all Model Context Protocol (MCP) servers and tool-use orchestration layers in collaboration with the SSPM team's expertise in Non-Human Identities (NHI) and API security.
• Guardrail Design: Design and implement pre- and post-processing filters/guardrails to effectively prevent Prompt Injection/Jailbreaks, PII/PHI leakage, and unauthorized function calls.

1. SaaS Security Posture Management (SSPM) (Team Focus)

• Platform & Strategy: Work within the AI & SSPM Team to design, deploy, and manage the SSPM platform (e.g., CrowdStrike Falcon Shield).
• Compliance Enforcement: Develop and enforce security baselines and configuration standards for major SaaS applications, leveraging the team's tooling and reporting to meet regulations (e.g., GDPR, SOC 2).
• Identity & Remediation: Collaborate with team members to lead efforts to identify and remediate configuration drifts and excessive Non-Human Identity (NHI) permissions.

1. MLSecOps Integration

• Lifecycle Integration: Collaborate with MLOps and Data Science teams to embed security controls into the entire machine learning lifecycle (data ingestion, model training, deployment, and monitoring).
• Threat Modelling: Lead advanced threat modeling sessions specifically tailored for AI/ML systems and their complex data/tool dependencies.

Required Qualifications & Skills

1. Experience:

• Minimum of 5+ years in cybersecurity, with at least 2+ years focused on security architecture, cloud security, or AI/ML security.
• Demonstrated experience in defining, implementing, and documenting secure architectural patterns for production-grade AI/ML systems.
• Proven, hands-on experience implementing and managing an enterprise SSPM platform (e.g., CrowdStrike Falcon Shield).
• Prior experience working effectively as part of a dedicated, cross-functional security engineering team.

1. Technical Expertise:

• Deep, practical knowledge of current AI security patterns and best practices (e.g., securing RAG pipelines, defensive prompting, secure model hosting).
• Expertise in securing the Agent Loop, including securing Model Context Protocol (MCP) servers and tool orchestration.
• Strong background in Cloud Security Architecture (e.g., AWS, Azure, or GCP) and IAM principles as they apply to both SaaS and AI services.
• Proficiency in scripting/programming (Python preferred) for security automation and developing security tooling/plugins for AI models.

1. Soft Skills:

• Exceptional analytical, strategic thinking, and pattern recognition skills to apply existing security knowledge to novel AI domains.
• Strong collaboration skills and ability to drive security initiatives and share knowledge within a high-performing security engineering team.
• Critical Thinking and Innovation, proactive to challenge existing processes and propose alternative solutions.
• Provide multiple solutions or mitigation strategies when faced with problems.
• Communicate clearly with both technical and non-technical colleagues.

1. Risk Management

• Prioritise security above all other tasks and ensure assigned work does not require follow-ups.

1. Certifications (Preferred):

• Relevant security architecture and cloud certifications such as CISSP-ISSAP, CCSP, CCSK, or specialized AI/ML security certifications.

Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.

Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.