Moody’s Information Risk & Security is looking for a Senior Cybersecurity Analyst to join its growing organization. The Senior Cybersecurity Analyst will be responsible for handling, and escalation of, incidents which require highly technical analysis, such as network intrusions and advanced malware infections which have been identified by the Information Risk & Security team. In addition, they may assist with the identification, implementation and support of technologies and procedures used to aid in the detection of new threats and mitigation activities.
- • Analyze, correlate and action on data from subscription and public cyber intelligence services, develop tactics to combat future threats, and invoke the Incident Response Plan if necessary.
• Provide timely review of security alerts originating from any source, including managed security services, internal tools, and internal or external reporting.
• Analyze and respond to security events in alignment with the Incident Response Plan and its procedures.
• Perform forensic review of systems in response to incidents or investigations, providing timely and complete reports to management.
• Keep abreast of current security threats, events, technologies, vendors and other aspects of the cyber threat landscape. Propose changes or enhancements to our security posture where appropriate.
• Investigate security incidents and events, using SIEM and other tools; collect evidence and work with teams to isolate and/or remediate as necessary.
• Communicate and escalate incidents to management in accordance with the Incident Response Plan.
• Work with third party security monitoring firms to research and respond to incidents.
• Monitor security tools alerts for anomalous or suspicious activity; research alerts and make recommendations to remediate concerns.
• Respond to Electronic Discovery requests in a timely and accurate manner, as requested by the Human Resources, Legal and Compliance teams.
• Write playbook and standard operating procedure (SOP) documents.
- • Solid IT industry experience, preferably in a financial services organization.
• Relevant experience in direct incident management/handling.
• Extensive knowledge and hands-on experience with SIEM technologies and other forensics, evidence collection, and incident remediation tools.
• Knowledge of regular expressions and at least one common scripting language (e.g. PERL, Python, PowerShell).
• BS or BA degree, preferably in technology.
• Relevant certifications such as GCIH, GCFE, GCFA, or CISSP are considered a plus.
We have impact. So will you.
The views of each Moody’s employee matter and, collectively, those views contribute to our ability to serve credit-sensitive markets worldwide. Diverse opinions are encouraged and leverage the depth and breadth of experiences that our employees bring to work each day. We expect Moody’s employees to be accessible and collaborative and, in return, Moody’s offers a work environment that promotes intellectual curiosity, analytical rigor and collegiality. Our people and our environment uphold our core values of integrity, insight, intellectual leadership, inclusion and independence.
Moody’s is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status, sexual orientation, gender expression, gender identity or any other characteristic protected by law.
Candidates for Moody's Corporation may be asked to disclose securities holdings pursuant to Moody’s Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy, including remediation of positions in those holdings as necessary.