Cybersecurity Analyst – Digital Forensics & Incident Response (DFIR)

The Moody’s Cybersecurity team is looking for a Cybersecurity Analyst or Senior Cybersecurity Analyst to join its growing organization. This position requires a thorough understanding of Cybersecurity concepts, terminology and practise, with specialisation in Digital Forensics and Incident Response. The successful candidate possesses a curious mindset and is highly driven to learn and solve challenges. Solid written and verbal communication, organizational and relationship management skills are also key.
The Moody’s Cybersecurity team is responsible for helping the organization balance risk by aligning policies and procedures with Moody’s business requirements. The team is responsible for the development, enforcement and monitoring of security controls, policies and procedures, and for the delivery of security services. The Cybersecurity team sets strategic direction for security within the organization and aligns with stakeholders throughout the company.

The Cybersecurity Analyst or Senior Cybersecurity Analyst will be responsible for handling escalated cyber incidents and internal investigations which require a high level of technical analysis and coordination, such as network intrusions, invoice fraud and advanced malware infections. In addition, they may assist with the identification, implementation and support of technologies and procedures used to aid in the detection and prevention of new threats.

• Provide timely review and response of security events escalated by the SOC or reported by internal or external sources; determine if the event should invoke the Incident Response Plan.

• Provide on-call support for emergency or high severity issues.

• Perform forensic review of systems in response to incidents or investigations, providing timely and complete reports to management.

• Keep abreast of current security threats, events, technologies, vendors and other aspects of the cyber threat landscape. Propose changes or enhancements to our security posture where appropriate.

• Analyse, correlate and action on data from subscription and public cyber threat intelligence services, develop tactics to combat future threats, and invoke the Incident Response Plan if necessary.

• Communicate and escalate incidents to management in accordance with the Incident Response Plan.

• Work with third party threat intelligence firms and platforms to research and respond to incidents.

• Respond to Human Resources, Legal and Compliance investigation requests in a timely, cordial, and accurate manner.

• Write and test playbooks for common incident response scenarios.

• Participate in Cyber tabletop exercises to build muscle memory and practise for real-world inciden

• Desired: BSc or MSc degree, ideally in technology, computer science or cybersecurity.
• Certifications such as GCIH, GCFE, GCFA, GCTI, GSEC, Security+, Network+, CySA+, SSCP, BTL1, BTL2 are considered a plus.

• Minimum 1-2 years experience working in a similar Cybersecurity role.

• A solid understanding of fundamental cybersecurity and networking concepts and terminology; e.g. protocols, ports, processes, OWASP Top 10, common attack vectors, etc.

• A high-level understanding of the MITRE ATTACK Framework, CIS Controls, and NIST Cybersecurity Framework.

• Experience in digital forensics technology, procedures, and processes, as well as a solid understanding of the NIST Incident Handling Guidelines (800-61r2). Ability to talk confidently about each stage of the Cyber Incident Response Lifecycle.

• Hands-on experience with digital forensics tools and techniques, as well as log analysis platforms such as Splunk or Graylog.

• Ability to remain calm under pressure; maintain composure to follow process and be detail oriented.

• Strong written and oral communication skills, including the ability to interact directly with stakeholders at various levels that do not necessarily have a technical background.

• Excellent analytical and problem-solving skills; able to think outside the box and asking probing questions to help understand root cause and risk exposure.

• A passion for Cybersecurity with a strong desire to learn and develop your skills.

• A can-do attitude; being comfortable ‘wearing many hats’ and demonstrating focus and proactiveness to get the job done.