Senior Analyst, Vulnerability Management

About The Role

• We are looking for a colleague to join our Global Security, Privacy, and Resilience Services team.
• The goal of the team is to support the entire global Morningstar business, break down silos between the different functional areas, and improve customer service for internal stakeholders.
• The role is responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks and partner with relevant stakeholders to support remediation operations.

Job Responsibilities

• Analyze technical vulnerabilities to determine the real impact to Morningstar systems. Review security vulnerabilities across a variety of technologies and environments to determine high risk vulnerabilities to business assets.
• Provides technical vulnerability analysis and remediation options.
• Staff the Enterprise-wide vulnerability management program, collaborating with partners to coach and support remediation operations while providing technical guidance and tracking resolution progress.
• Give real, actionable remediation advice above and beyond what the tools and testers provide.
• Create reports related to vulnerability management KPIs.
• Generate detailed security reports and metrics to communicate risk status and remediation progress to key stakeholders.
• Assist with documenting and regularly reviewing relevant processes and procedures.
• Train, mentor and guide junior colleagues.

Qualifications

• Verbal and written English skills at a professional level.
• A bachelor’s degree in computer science or related field.
• Previous experience in information security (3+ years), with a minimum of 1 year in vulnerability management area.
• Knowledge of risk management processes.
• Previous experience with vulnerability assessment tools and techniques, vulnerability data sources, system threats and vulnerabilities.
• Basic understanding of attacker tactics, techniques, and procedures.
• Ability to understand code and configuration as it relates to security vulnerabilities.
• Capability to recognize and categorize types of vulnerabilities.
• Understanding of enterprise-scale infrastructure, technologies, and applications, both on-premises and in the public cloud.
• Strong communication skills.
• Ability to teach, influence, and adapt as new information becomes available.
• Enthusiasm to learn and gain hands-on experience across different security domains.
• Commitment to working as part of team to deliver a significant and measurable impact on security vulnerability risk.

Nice to have

• Knowledge of encryption algorithms, tools and techniques.
• Knowledge of programming language structures and logic.
• Understanding of cybersecurity laws and regulations, models and frameworks.
• Experience with cyber defense and hardening tools and techniques.
• Previous experience in penetration testing tools, principles and practices.

Morningstar’s hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We’ve found that we’re at our best when we’re purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you’ll have tools and resources to engage meaningfully with your global colleagues.