Security Engineer • Corporate Security and Security Operations
Chicago
Morningstar
Our independent research, ratings, and tools are helping people across the investing ecosystem write their own financial futures.The Area:
The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role:
The Information Security Engineer is responsible for helping secure Morningstar systems and maintain security monitoring solutions in partnership with our 24x7 SOC team. This individual will assist in maintaining Morningstar’s security posture by managing security solutions including Splunk, password vaulting, web filtering, antivirus, and vulnerability management. They will assist with penetration testing and security architecture reviews. They will be responsible for detection engineering and security orchestration.
This position is based in our Chicago office. We follow a hybrid policy of 3 days onsite and 2 days remote work.
Responsibilities:
Automate and integrate security tools and activities
Understand and help execute information security program goals
Create and tune security alerts from key information security dashboards (IDS, antivirus, centralized logging, etc)
Able to assist with malware investigation
Provide security remediation advice and training to technical personnel
Develop and enhance internal security processes, programs and procedures
Conduct risk assessments, threat modeling, privacy assessments and information security reviews on internal Morningstar systems, applications and platforms
Identify network and middleware security vulnerabilities, understand risk, and offer resolution advice
Work directly with internal business units to communicate risk and help resolve open vulnerabilities
Defining cloud security policies, procedures, solutions
Requirements:
We’re looking for someone who enjoys solving puzzles, diagnosing problems, and building solutions
Excellent communication skills and an understanding of network security fundamentals.
Candidates should be interested in keeping up with the latest security trends, as well as enjoy performing architecture reviews and penetration test activities
Experience with network security tools, network traffic analyzers, NMap, Rapid7 and PaloAlto
An understanding of PowerShell, Python, Perl, and other scripting languages is preferred
Splunk experience is preferred
001_MstarInc Morningstar Inc. Legal Entity
Morningstar’s hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We’ve found that we’re at our best when we’re purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you’ll have tools and resources to engage meaningfully with your global colleagues.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Antivirus Application security Cloud Compliance IDS Malware Monitoring Network security Nmap Pentesting Perl PowerShell Privacy Python Risk assessment Scripting SOC Splunk Vulnerabilities Vulnerability management
Perks/benefits: Team events
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.