Senior Information Security Engineer
The Area: The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role: The Senior Information Security Engineer will evaluate Morningstar infrastructure and internally developed applications to identify vulnerabilities and potential short- and long-term solutions. This individual will assist in maintaining Morningstar’s security posture by leveraging security solutions including Splunk, identity and access management, web filtering, antivirus, endpoint detection and response, and security orchestration, automation and response. They will assist with penetration testing and security architecture reviews. They will be responsible for monitoring and responding to critical security events. This role will also be responsible for leading security training sessions at both a technical and end-user level. This position is based in our Chicago office.
Responsibilities:
- Identify network and middleware security vulnerabilities and offer resolution advice
- Conduct risk assessments, threat modeling, privacy assessments and information security reviews on internal Morningstar systems, applications and platforms
- Work directly with internal business units to communicate risk and help resolve open vulnerabilities
- Understand and help execute information security program goals
- Monitor and manage security alerts from key information security dashboards (IDS, antivirus, EDR, centralized logging, etc)
- Perform malware investigation
- Automate and integrate security tools and activities
- Provide security remediation advice and training to technical personnel
- Develop and enhance internal security processes, programs and procedures
- Defining cloud security policies, procedures, solutions
Requirements:
- We’re looking for someone who enjoys solving puzzles, and diagnosing problems
- Excellent communication skills and an understanding of network security fundamentals.
- Candidates should be interested in keeping up with the latest security trends, as well as enjoy performing code / architecture reviews and penetration test activities
- Experience with network security tools, network traffic analyzers, NMap, Rapid7, Demisto, and PaloAlto
- An understanding of PowerShell, Python, Perl, and other scripting languages is required
- 5 years of information security experience
- CISSP or CEH certification is preferred
- Splunk experience is preferred