Let's begin! Sr Cybersecurity Engineer Red Team

At Moodys we unite the brightest minds to turn todays risks into tomorrows opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they arewith the freedom to exchange ideas think innovatively and listen to each other and customers in meaningful ways. Moodys is transforming how the world sees risk. As a global leader in ratings and integrated risk assessment were advancing AI to move from insight to actionenabling intelligence that not only understands complexity but responds to it. We decode risk to unlock opportunity helping our clients navigate uncertainty with clarity speed and confidence.

If you are excited about this opportunity but do not meet every single requirement please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship lead with curiosity champion diverse perspectives turn inputs into actions and uphold trust through integrity.

Skills and Competencies

• Strong knowledge of offensive security testing methodologies; including operating system software and web application vulnerabilities and exploitation techniques.
• Strong understanding of networking fundamentals (OSI layers protocols etc.) and Windows and Linux operating systems.
• Strong knowledge of and experience with commercial or open-source offensive security tools as well as at least one scripting language (e.g. Python Perl PowerShell).
• Security experience in Cloud-based environments and technologies such as Amazon Web Services Azure or GCP.
• Excellent verbal and written communication skills; articulate and visually present technical information to a non-technical audience build lasting relationships with stakeholders.
• Ability to work independently within minimal supervision; timely and accurate delivery of assigned tasks seeks help from peers or supervisor(s) as and when required.
• Ability to work in a time-sensitive environment; must be detail oriented and able to prioritize accordingly to meet deadlines and company objectives.
• Basic understanding of artificial intelligence concepts with curiosity and enthusiasm for learning how AI tools can be used to improve processes and drive efficiency.
• Interest in exploring AI systems and a willingness to develop awareness of responsible AI practices including risk management and ethical use.
• Experience in security assessment methodologies (e.g. OWASP Top Ten NIST Cybersecurity Framework) offensive testing tools and resiliency testing techniques to evaluate and strengthen the organizations defences.

Education

• Desired: BS or BA degree preferably in Information Security Computer Science or equivalent.
• Relevant certifications such as SANS (GPEN GXPN GWAPT GCPN) TCM Security (PNPT PJPT) Offensive Security (OSCP OSCE) or equivalent are considered a plus.
• 3-5 years working experience in a related cyber security role.

Responsibilities

The Cybersecurity Senior Engineer Red Team will simulate real-world cyberattacks to test defences uncover vulnerabilities and strengthen organisational security posture.

• Support the Red Team Lead with day-to-day operations and strategy for the team take end-to-end ownership of red team engagements (with guidance and support as needed).
• Build and maintain offensive security infrastructure for both continuous testing and unannounced exercises.
• Development of tooling to support the red team in operations and automated testing capabilities.
• Contribute to maintaining Moodys external security posture by conducting independent internal bug hunting / bounty across the enterprise.
• Perform technical security testing to assess and validate security posture and related risk; document and communicate findings to senior management.
• Maintain up-to-date knowledge of the cyber threat landscape including emerging offensive security techniques; regularly produce situational awareness digests and suggest improvements to Moodys security posture where relevant.
• Participate in cyber security projects and initiatives; provide technical expertise operational support and testing (e.g. Threat Intelligence Breach & Attack Simulation Purple Teaming).
• Mentoring and coaching junior members of the team and the wider enterprise including customers and the cyber security group.
• Assist the Security Operations Centre (SOC) with enhancing capabilities and the Cyber Incident Response Team (CIRT) with responding to cyber incidents as required.

About the team

The Moodys Red Team part of the Cyber Threat Management division emulates real-world adversaries to identify vulnerabilities test defences and strengthen our global security posture. We conduct controlled intelligence-driven offensive operations and penetration testing to simulate advanced threat scenarios across Moodys infrastructure. Joining our team in Edinburgh means working on cutting-edge engagements alongside Cybersecurity Engineering Incident Response and SOC teams collaborating globally across the enterprise to safeguard Moodys and its affiliates.

#LI-Hybrid

Moodys is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race color religion sex national origin disability protected veteran status sexual orientation gender expression gender identity or any other characteristic protected by law.

Candidates for Moodys Corporation may be asked to disclose securities holdings pursuant to Moodys Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy including remediation of positions in those holdings as necessary.