Lead Security Engineer

About the role:

We are seeking a Lead Security Engineer to help drive our security detection and response efforts. In this role, you will be responsible for designing, implementing, and improving security monitoring, automation, and response capabilities. You will work closely with security engineers, analysts, and cross-functional teams to strengthen our security posture.

This position is based in our Toronto office. We follow a hybrid policy of 3 days onsite and 2 days remote work.

Key Responsibilities

• Lead security detection and response initiatives, ensuring effective threat monitoring, investigation, and mitigation.  
• Develop and maintain security detections across SIEM, SOAR, and EDR platforms.  
• Architect and optimize security automation workflows to enhance threat response efficiency.  
• Collaborate with our in-house SOC and IT teams to refine detection and preventative capabilities and reduce false positives.  
• Research and implement new security technologies and best practices to enhance monitoring and response effectiveness.  
• Perform security assessments, tuning detection rules, and developing playbooks for security incidents.  
• Mentor junior engineers and contribute to security strategy and roadmap planning.  

Requirements

• 5+ years of hands-on experience in security engineering, threat detection, and response.  
• Strong expertise with SIEM, SOAR, and EDR.  
• Experience developing and tuning detections using logs, telemetry, and threat intelligence.  
• Proficiency in scripting and automation (Python, PowerShell, Bash, etc.).  
• Strong understanding of attack techniques (MITRE ATT&CK framework) and incident response methodologies.  
• Ability to analyze security telemetry, investigate threats, and develop effective mitigation strategies.  
• Excellent communication skills and ability to collaborate across teams.  

Preferred Qualifications

• Experience with cloud security monitoring (AWS, Azure, GCP).  
• Familiarity with security frameworks (NIST, CIS, ISO 27001).  
• Certifications such as GIAC (GCDA, GCIH, GCFA), OSCP, CISSP, or relevant credentials.  

If you are passionate about security, automation, and detection engineering, we'd love to hear from you! Apply today to be a part of our growing security team.

Morningstar’s hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We’ve found that we’re at our best when we’re purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you’ll have tools and resources to engage meaningfully with your global colleagues.