Incident Response Lead
The Area: The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role: The Information Security Incident Response Lead is responsible for the management, operation and direction of the incident response program, related process development, and improvement activities including security breach simulation exercises. This individual will perform and manage daily tasks associated with cyber incidents, investigations, threat intelligence, threat hunting, and simulation exercises. In addition, this individual will drive the development of new processes and procedures for gathering, handling, searching, and retrieving, digital and/or physical evidence concerning incidents. Ensure forensically sound procedures are documented. Provide guidance and assistance to the vulnerability threat management program. This individual will coordinate processes and collaborate with technology incident management, business continuity, disaster recovery, public cloud and product teams to ensure process continuity in planned simulation exercises to demonstrate cyber resilience in the event of a cyber-attack or breach. This position is based in our Chicago office.
Responsibilities
- Lead active investigations, respond to security incidents, and perform forensics on IT systems
- Lead the Security Incident Response Team (SIRT) to employ strategy, standards, processes and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence
- Guide/lead mitigation strategies for identified vulnerabilities and threats
- Monitor, analyze, and tune Intrusion Detection Systems (IDS) to identify security issues for remediation
- Assist with implementation of counter-measures or mitigating controls
- Work on continuous proactive/reactive investigations and response activities/initiatives
- Prepare incident reports of analysis methodology and results
- Develop and maintain Incident Response capabilities in public cloud environments
- Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
- Develop monthly reporting dashboards and metrics on incidents and response capabilities
- Prepare executive summaries and conduct briefings on significant investigations
- Execute, develop and document incident handling guides and processes
- Analyze and tune security alerts and interpret events, as well as develop new alerts based on signatures and behavioral activities
- Developing the security event simulation program and conduct security event table top exercises at the global level
- Prioritizes events using existing tools to correlate data for the purposed of reducing false positives and detecting threat
Requirements
- A bachelor’s degree and 4+ years’ experience in a security operations, security engineering, security analyst or incident response role
- Excellent communication skills and an understanding of application security fundamentals
- Ability to work in a fast-paced collaborative environment
- Strong analytical and problem-solving skills
- In-depth knowledge and experience with Intrusion Detection Systems and Vulnerability Management Systems.
- Experience with malware analysis and security incident response
- Ability to work in a fast-paced collaborative environment
- Experience with Network protocols (TCP/IP), network apps and services, sniffers, DLP, and understanding network security issues
- Experience with Host/System security issues including identifying, analyzing and mitigating security vulnerabilities and weaknesses (malicious code, implementation flaws, hardening, etc.).
- Experience maintaining incident records (writing threat and risk assessments).
- Must have a genuine curiosity or passion for information security investigations
Preferred
- Relevant security certifications (CISSP, GIAC, Metasploit Pro, or CIPP)
- Incident response or forensics consulting/in-house experience
- Threat intelligence experience
- Experience with Splunk
- Experience with IR in public cloud environments
- Experience deploying and using enterprise EDR products such as Tanium, Crowdstrike, EnCase Cybersecurity, Fidelis, Damballa, FireEye, etc
- Experience with intrusion prevention systems such as McAfee Network Security Manager, Sourcefire, or Palo Alto
Morningstar is an equal opportunity employer.