Cloud Security Engineer

About the Role 

As a Cloud Security Engineer on the Cloud Services team, you will be supporting the creation/communication of our cloud security best practices across all product teams at Morningstar. The responsibility of the role is to support the information security roadmap and contribute to the delivery of secure systems, technical projects, and regulatory and risk requirements. This includes infosec framework, engineering new technologies, program optimization, vulnerability remediation, metrics reporting, performance analysis, and mitigating operational risk. The role is required to support complex project work efforts, perform advanced analyses, make near real-time decisions, collaborate with project/business/audit teams, issue documentation/reports, investigate cases or design solutions, adhere to architecture guides, engineer solutions to advance the infosec roadmap, remediate risk, offer solutions to teams, and coordinate implementing the solutions or apply standards/audits requirements to ensure security infrastructure and solutions/technologies implementation comply. 

This position is based in our Chicago office. We follow a hybrid policy of 3 days onsite and 2 days remote work.

Job Responsibilities:

• Security reviews for new products, technologies, and services 
• Secure design, architecture, and implementation 
• Influence decision-makers and stakeholders to achieve a consistently high security bar 
• Create security guidance and documentation 
• Aid in security projects (including security reviews, tool development, and creation of new security practices 
• Develop security tools and automation 
• Develop and deliver security training and outreach to internal development teams 

Qualifications:

• Bachelor (undergraduate) degree in a relevant field (Computer Science, Software Engineer, Security, or others) OR an equivalent combination of education, training, and experience 
• Minimum of 3 years of professional experience with any combination of at least 2 technical disciplines, including the following: cloud engineering, cloud security, network security, application security, mobile security, secure development methodologies, software development and coding, identity management, authentication and authorization, network architecture, system administration, and systems engineering 
• Strong foundational knowledge across AWS, Microsoft Azure, and/or Google Cloud technology stack 
• Standardizing Azure/GCP and/or AWS Security Best practices, processes, and procedures 
• Building and operating automated security operations 
• Experience implementing AWS, Azure, and/or GCP via Infrastructure-as-Code 
• Experience scripting (i.e. Python, Bash, PowerShell, etc.) 
• Designing and advising against security requirements to support cloud migration efforts 
• Strong knowledge of industry trends in security technology. 
• Strong debugging and critical thinking skills.  
• Solid communication and documentation skills. 

Nice to Have:  

• Experience with CI/CD - deployment pipelines, automated build and configuration tools, infrastructure-as-code (such as Harness, Cloudbees, Terraform, CDK, ARM) 
• Networking and infrastructure skills. 
• Experience working with Wiz 
• Passion for staying current on trends and best practices in cloud/information security 

Morningstar’s hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We’ve found that we’re at our best when we’re purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you’ll have tools and resources to engage meaningfully with your global colleagues.