Job Details
Location(s):
- 7 World Trade Center, 250 Greenwich Street, New York, New York, 10007, US
- 1414 S Tryon Street, 7th Floor, The Railyard Floors 5-8, Charlotte, North Carolina, 28203, US
- 205 Detroit Street, 3rd Floor, Denver, Colorado, 80206, US
Line Of Business: CYBERSECURITY(CSG)
Job Category:
- Engineering & Technology
Experience Level: Experienced Hire
At Moody's, we unite the brightest minds to turn today’s risks into tomorrow’s opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they are-with the freedom to exchange ideas, think innovatively, and listen to each other and customers in meaningful ways.
If you are excited about this opportunity but do not meet every single requirement, please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship, lead with curiosity, champion diverse perspectives, turn inputs into actions, and uphold trust through integrity.
Skills and Competencies
- Excellent verbal and written communication skills; articulate and visually present technical information to a non-technical audience, build lasting relationships with stakeholders.
- Excellent analytical and problem-solving skills; able to think outside the box and ask probing questions to identify root cause and risk exposure.
- An in-depth understanding of cyber security and networking concepts and terminology; e.g. protocols, ports, processes, OWASP Top 10, common attack vectors, etc.
- Conversational knowledge of cyber security and regulatory compliance frameworks and requirements (e.g. GDPR, SEC, CCPA, NIST CSF, ISO 27001, MITRE ATTACK and SOC2).
- Experience in digital forensics technology, procedures, and processes, and the ability to talk confidently about each stage of the Cyber Incident Response Lifecycle (NIST/SANS).
- Ability to work in a time-sensitive environment, remain calm under pressure, maintain composure, follow processes, and purposefully prioritize to meet deadlines.
- A can-do attitude; comfortable ‘wearing many hats’ and demonstrating focus and proactiveness to get the job done, with a strong desire to learn and teach others.
Education
- Desired: BS or MS degree, preferably in Technology, Computer Science or Cybersecurity.
- Required: 7+ years working in a similar role; experience in the following would be advantageous:
- a national CERT (e.g. CERT-UK, CERT-US, CERT-EU),
- the cyber division of a government entity (e.g. NCSC, ENISA, US Cyber Command, FBI Cyber Crime Unit, Secret Service Cyber Investigations Unit), or
- a consulting firm that offers proactive cybersecurity services in the area of cyber crisis management and incident response (e.g. CrowdStrike, Deloitte).
- Relevant certifications from GIAC (e.g. GCIH, GCFA, GFCE), ISC2 (e.g. CISSP, CCSP), ISACA (e.g. CISM) or other industry-recognized certification bodies considered a plus.
Responsibilities
You will analyze, lead and coordinate cyber incidents and investigations - particularly complex cases that are high-profile and have high visibility within the organization.
- Own the end-to-end cyber investigations lifecycle; deliver timely and accurate responses to security events or investigations escalated by internal or external sources.
- Think and act holistically; ensure all investigations are conducted with legal, regulatory and organizational implications and standards in mind.
- Deliver clear, useful, actionable insights from analysis of relevant data and logs; explore and connect related activity, current and historical, to provide a comprehensive response.
- Provide on-call support for emergency or high severity issues, communicate and handle incidents in accordance with the Incident Response Plan.
- Perform forensic review of systems in response to incidents or investigations, write and test playbooks for common scenarios, facilitate or participate in cyber tabletop exercises.
- Keep abreast of current security threats, events, technologies, vendors and other aspects of the cyber threat landscape; drive enhancements to our security posture as appropriate.
- Coordinate with partner teams to mature investigation processes and ensure swift communication and response during real-world cyber incidents and investigations.
- Maintain accurate and comprehensive documentation of investigation findings; prepare detailed reports to present to senior management and stakeholders.
- Be accountable for the delivery of departmental roadmap items, initiatives and objectives.
About the team
The Moody's Cybersecurity team is responsible for helping the organization balance risk by aligning policies and procedures with Moody's business requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, and for the delivery of security services. The Cybersecurity team sets strategic direction for security within the organization and aligns with stakeholders throughout the company.
For US-based roles only: the anticipated hiring base salary range for this position is [[$184,100 - [[$266,900, depending on factors such as experience, education, level, skills, and location. This range is based on a full-time position. In addition to base salary, this role is eligible for incentive compensation. Moody’s also offers a competitive benefits package, including not but limited to medical, dental, vision, parental leave, paid time off, a 401(k) plan with employee and company contribution opportunities, life, disability, and accident insurance, a discounted employee stock purchase plan, and tuition reimbursement.
Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody’s also provides reasonable accommodation to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email accommodations@moodys.com. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance.
This position may be considered a promotional opportunity, pursuant to the Colorado Equal Pay for Equal Work Act.
Click here to view our full EEO policy statement. Click here for more information on your EEO rights under the law. Click here to view our Pay Transparency Nondiscrimination statement. Click here to view our Notice to New York City Applicants.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.