The Area:
The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role:
The Information Security Engineer is responsible for helping secure Morningstar systems and maintain security monitoring solutions in partnership with our 24x7 SOC team. This individual will assist in maintaining Morningstar's security posture by managing security solutions including Splunk, password vaulting, web filtering, antivirus, and vulnerability management. They will assist with penetration testing and security architecture reviews. They will be responsible for detection engineering and security orchestration.
This position is based in our Chicago office. We follow a hybrid policy of 3 days onsite and 2 days remote work.
Responsibilities:
- Automate and integrate security tools and activities
- Understand and help execute information security program goals
- Create and tune security alerts from key information security dashboards (IDS, antivirus, centralized logging, etc)
- Able to assist with malware investigation
- Provide security remediation advice and training to technical personnel
- Develop and enhance internal security processes, programs and procedures
- Conduct risk assessments, threat modeling, privacy assessments and information security reviews on internal Morningstar systems, applications and platforms
- Identify network and middleware security vulnerabilities, understand risk, and offer resolution advice
- Work directly with internal business units to communicate risk and help resolve open vulnerabilities
- Defining cloud security policies, procedures, solutions
Requirements:
- We're looking for someone who enjoys solving puzzles, diagnosing problems, and building solutions
- Excellent communication skills and an understanding of network security fundamentals.
- Candidates should be interested in keeping up with the latest security trends, as well as enjoy performing architecture reviews and penetration test activities
- Experience with network security tools, network traffic analyzers, NMap, Rapid7 and PaloAlto
- An understanding of PowerShell, Python, Perl, and other scripting languages is preferred
- Splunk experience is preferred
001_MstarInc Morningstar Inc. Legal Entity
Morningstar's hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We've found that we're at our best when we're purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
What We Do
At Morningstar, we believe in building great products in-house in a highly collaborative, agile environment where we focus on technical excellence, the user experience, and continuous improvement. Our technologists represent a range of skills and experience levels, but they all view their work as a craft and push technology’s boundaries.
Why Work With Us
Imagining big things is in our blood -- it's transformed us from a company with just a few employees in 1984 to a leading independent investment research company with a worldwide presence today. As of April 2020, we acquired Sustainalytics to drive long-term meaningful outcomes for investors in the ESG space. Join us on this exciting journey!
Gallery
Morningstar Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
Morningstar’s hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We’ve found that we’re at our best when we’re purposely together on a regular basis, at least three days each week.