- New York, NY, USA
- Permanent, Full time
- 20 Aug 17
Location: New York, NY, USARole/Responsibilities:
Moody's Information Risk & Security is looking for a Cybersecurity Engineer - Operations to join its growing organization. This is a challenging position requiring a strong background in Information Security practice, deep knowledge of Information Security standards, best practices, technologies and processes, as well as solid communication and organization skills. The candidate is very motivated and willing to take on challenges, able to multi-task to succeed and has the ability work independently and with minimal oversight.
The Moody's Information Security team is responsible for helping the organization balance risk by aligning policies and procedures with Moody's business requirements. The team has global responsible for the development, enforcement and monitoring of security controls, policies and procedures, and for the delivery of security services. The Cybersecurity team sets strategic direction for security within the organization and aligns with stakeholders throughout the company. The team is responsible for key programs including Cybersecurity Operations, Engineering, Patch and Vulnerability Management, Data Loss Prevention, Access Control, Threat Management, Security Monitoring and Incident Response.
The Senior Cybersecurity Engineer - Operations will maintain system health, configuration, perform changes, upgrades, patching and recommend new technologies, for Moody's cybersecurity systems such as firewalls, proxies, single sign-on, VPN, etc. The individual will also assist teams responsible for executing projects, providing guidance on how to integrate new technologies and solutions into the operational environment. The successful candidate will have a strong background in the areas of business process and service desk ticketing systems, security best practices standards (ISO, NIST, COBIT), and audit and regulatory frameworks such as SOX. Strong documentation skills are also crucial to being successful in this role.
- Function as lead Cybersecurity Operations engineer for several security systems (e.g. single sign-on, internet certificate issuance, endpoint anti-malware, endpoint encryption) and backup for other systems (firewall, VPN, content filtering, wireless network access). Maintain system health, monitoring, patch levels and vulnerability management, as well as end of life management.
- Assist in the maintenance of the Log Archiving (Splunk) platform. Work alongside the Splunk operations team, following up on incidents, designing and implementing enhancements, and providing reports to management which include meaningful metrics.
- Provide Cybersecurity operational support to infrastructure teams for upgrades and enhancements to current security technologies.
- Keeps abreast of current technologies in cybersecurity, making recommendations for changes or upgrades, enhancements and presenting proposals to management and other team members.
- Produce and maintain operational processes and procedures for use by all support personnel
- Work within current change management processes to apply system updates and patches, provide support for supported security tools.
- Remain up to date with current attack methods and characteristics in order to identify threats in support during incidents.
- Maintain and grow our current and future partner relationships.
- Carry out triage on raised incidents and support the incident management process.
- Maintain and align Moody's Information Security policies and standards with industry best practices and business needs.
Information Risk and Security
Minimum education and work experience required for this position include:
- Minimum of 2 plus years of experience in the IT industry and at least 1 year of experience in Information Security or closely related fields.
- Expertise in design documentation and tools, such as Microsoft Visio.
- BS or BA degree, preferably in technology/business or equivalent.
- Relevant certifications such as CISSP, CISM or PMP are a plus.
- Ability to think with a security mindset. The successful candidate has a strong IT background with expert level knowledge of a key security practice area: access control; application security; network security; monitoring; endpoint; etc.
- Understanding of regulatory standards that govern Information Security practices such as SOX, PCI, and state and federal privacy laws.
- Experience working with Microsoft Windows in an Active Directory environment, including group-based security and group policy.
- Knowledge of TCP/IP networking including basic firewall and packet filtering concepts.
- Experience with ISO-27002, NIST and/or SANS CSC aligned security program.
- Working knowledge of Splunk as both a user (searching, reporting, alerting) and an administrator.
- Experience with shell scripting or PowerShell a plus.
- Thinking with a security mindset. The successful candidate has a strong IT background with in depth knowledge of several key security practice areas: identity and access management; application security; audit and regulatory; security operations.
- Ability to maintain a high performing, motivated team, and adapt direction to accommodate changes in priorities.
- Process driven approach to managing security controls and customer touch points.
- Ability to analyze complex problems in a methodical manner and work through to resolution.
- Strong written and oral communication skills including the ability to interact directly with customers that do not have an IT background.
- Strong presentation skills involving large and of varying IT background audiences
- Proven ability to work within a large enterprise that spans multiple continents, is governed by change management and has a tiered support model.
Moody's is an essential component of the global capital markets, providing credit ratings, research, tools and analysis that contribute to transparent and integrated financial markets. Moody's Corporation (NYSE: MCO) is the parent company of Moody's Investors Service, which provides credit ratings and research covering debt instruments and securities, and Moody's Analytics, which offers leading-edge software, advisory services and research for credit and economic analysis and financial risk management. The Corporation, which reported revenue of $3.5 billion in 2015, employs approximately 10,400 people worldwide and maintains a presence in 36 countries. Further information is available atwww.moodys.com.
Moody's is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, sex, gender, age, religion, national origin, citizen status, marital status, physical or mental disability, military or veteran status, sexual orientation, gender identity, gender expression, genetic information, or any other characteristic protected by law. Moody's also provides reasonable accommodation to qualified individuals with disabilities in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please firstname.lastname@example.org.. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.
For San Francisco positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the San Francisco Fair Chance Ordinance. For New York City positions, qualified applicants with criminal histories will be considered for employment consistent with the requirements of the New York City Fair Chance Act. For all other applicants, qualified applicants with criminal histories will be considered for employment consistent with the requirements of applicable law.
Click here to view our full EEO policy statement.Click here for more information on your EEO rights under the law.
MIS and MSS Candidates are asked to disclose securities holdings pursuant to Moody's Policy for Securities Trading. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.