Information Security Engineer
The Position: The Information Security Engineer will evaluate Morningstar infrastructure and internally developed applications to identify vulnerabilities and potential short- and long-term solutions. This individual will assist in maintaining Morningstar’s security posture by managing security solutions including Splunk, identity and access management, password vaulting, web filtering, antivirus, endpoint encryption, and vulnerability management. They will assist with penetration testing and security architecture reviews. They will be responsible for monitoring and responding to critical security events. This position is based in our Chicago office.
Responsibilities:
+ Automate and integrate security tools and activities
+ Understand and help execute information security program goals
+ Monitor and manage security alerts from key information security dashboards (IDS, antivirus, centralized logging, etc)
+ Perform malware investigation
+ Provide security remediation advice and training to technical personnel
+ Develop and enhance internal security processes, programs and procedures
+ Conduct risk assessments, threat modeling, privacy assessments and information security reviews on internal Morningstar systems, applications and platforms
+ Identify network and middleware security vulnerabilities, understand risk, and offer resolution advice
+ Work directly with internal business units to communicate risk and help resolve open vulnerabilities
+ Defining cloud security policies, procedures, solutions
+ Review / audit firewall changes
Requirements:
+ We’re looking for someone who enjoys solving puzzles, diagnosing problems, and building solutions
+ Excellent communication skills and an understanding of network security fundamentals.
+ Candidates should be interested in keeping up with the latest security trends, as well as enjoy performing architecture reviews and penetration test activities
+ Experience with network security tools, network traffic analyzers, NMap, Rapid7 and PaloAlto
+ An understanding of PowerShell, Python, Perl, and other scripting languages is preferred
+ Splunk experience is preferred