Let's begin! Sr Cybersecurity Engineer

At Moodys we unite the brightest minds to turn todays risks into tomorrows opportunities. We do this by striving to create an inclusive environment where everyone feels welcome to be who they arewith the freedom to exchange ideas think innovatively and listen to each other and customers in meaningful ways. Moodys is transforming how the world sees risk. As a global leader in ratings and integrated risk assessment were advancing AI to move from insight to actionenabling intelligence that not only understands complexity but responds to it. We decode risk to unlock opportunity helping our clients navigate uncertainty with clarity speed and confidence.

If you are excited about this opportunity but do not meet every single requirement please apply! You still may be a great fit for this role or other open roles. We are seeking candidates who model our values: invest in every relationship lead with curiosity champion diverse perspectives turn inputs into actions and uphold trust through integrity.

Role Overview

The Senior Cybersecurity Engineer will be the subject matter expert (SME) for securing both our enterprise SaaS applications and our AI/ML initiatives. This individual will work directly inside the existing AI & SSPM Team ensuring seamless integration with established processes and contributing to define new process and expand the collective knowledge base. They will maintain the SSPM program (using platforms like CrowdStrike Falcon Shield) and pioneer the AI Security Architecture program mitigating novel risks by evaluating recommending and enforcing secure AI system design patterns across the organization.

Key Responsibilities

1. AI Security Architecture & Pattern Recommendation (Team Focus)

• Team Contribution: Actively collaborate with and contribute specialized knowledge to the AI & SSPM Team on all AI security and architectural patterns.
• Secure Pattern Evaluation: Evaluate define and document robust AI security design patterns for common use cases (RAG fine-tuning external API tool usage) and integrate them into the teams security standards.
• Security Architecture Review: Lead security reviews of new and existing AI systems recommending architectural controls to manage risks like data leakage adversarial attacks and inference manipulation.
• Context/Tool Security: Establish and enforce a comprehensive security and governance framework for all Model Context Protocol (MCP) servers and tool-use orchestration layers in collaboration with the SSPM teams expertise in Non-Human Identities (NHI) and API security.
• Guardrail Design: Design and implement pre- and post-processing filters/guardrails to effectively prevent Prompt Injection/Jailbreaks PII/PHI leakage and unauthorized function calls.

1. SaaS Security Posture Management (SSPM) (Team Focus)

• Platform & Strategy: Work within the AI & SSPM Team to design deploy and manage the SSPM platform (e.g. CrowdStrike Falcon Shield).
• Compliance Enforcement: Develop and enforce security baselines and configuration standards for major SaaS applications leveraging the teams tooling and reporting to meet regulations (e.g. GDPR SOC 2).
• Identity & Remediation: Collaborate with team members to lead efforts to identify and remediate configuration drifts and excessive Non-Human Identity (NHI) permissions.

1. MLSecOps Integration

• Lifecycle Integration: Collaborate with MLOps and Data Science teams to embed security controls into the entire machine learning lifecycle (data ingestion model training deployment and monitoring).
• Threat Modelling: Lead advanced threat modeling sessions specifically tailored for AI/ML systems and their complex data/tool dependencies.

Required Qualifications & Skills

1. Experience:

• Minimum of 5 years in cybersecurity with at least 2 years focused on security architecture cloud security or AI/ML security.
• Demonstrated experience in defining implementing and documenting secure architectural patterns for production-grade AI/ML systems.
• Proven hands-on experience implementing and managing an enterprise SSPM platform (e.g. CrowdStrike Falcon Shield).
• Prior experience working effectively as part of a dedicated cross-functional security engineering team.

1. Technical Expertise:

• Deep practical knowledge of current AI security patterns and best practices (e.g. securing RAG pipelines defensive prompting secure model hosting).
• Expertise in securing the Agent Loop including securing Model Context Protocol (MCP) servers and tool orchestration.
• Strong background in Cloud Security Architecture (e.g. AWS Azure or GCP) and IAM principles as they apply to both SaaS and AI services.
• Proficiency in scripting/programming (Python preferred) for security automation and developing security tooling/plugins for AI models.

1. Soft Skills:

• Exceptional analytical strategic thinking and pattern recognition skills to apply existing security knowledge to novel AI domains.
• Strong collaboration skills and ability to drive security initiatives and share knowledge within a high-performing security engineering team.
• Critical Thinking and Innovation proactive to challenge existing processes and propose alternative solutions.
• Provide multiple solutions or mitigation strategies when faced with problems.
• Communicate clearly with both technical and non-technical colleagues.

1. Risk Management

• Prioritise security above all other tasks and ensure assigned work does not require follow-ups.

1. Certifications (Preferred):

• Relevant security architecture and cloud certifications such as CISSP-ISSAP CCSP CCSK or specialized AI/ML security certifications.

Moodys is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race color religion sex national origin disability protected veteran status sexual orientation gender expression gender identity or any other characteristic protected by law.

Candidates for Moodys Corporation may be asked to disclose securities holdings pursuant to Moodys Policy for Securities Trading and the requirements of the position. Employment is contingent upon compliance with the Policy including remediation of positions in those holdings as necessary.