Security Engineer * Corporate Security and Security Operations

The Area:The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.The Role:The Information Security Engineer is responsible for helping secure Morningstar systems and maintain security monitoring solutions in partnership with our 24x7 SOC team. This individual will assist in maintaining Morningstar's security posture by managing security solutions including Splunk, password vaulting, web filtering, antivirus, and vulnerability management. They will assist with penetration testing and security architecture reviews. They will be responsible for detection engineering and security orchestration.This position is based in our Chicago office. We follow a hybrid policy of 3 days onsite and 2 days remote work.Responsibilities:Automate and integrate security tools and activitiesUnderstand and help execute information security program goalsCreate and tune security alerts from key information security dashboards (IDS, antivirus, centralized logging, etc)Able to assist with malware investigationProvide security remediation advice and training to technical personnelDevelop and enhance internal security processes, programs and proceduresConduct risk assessments, threat modeling, privacy assessments and information security reviews on internal Morningstar systems, applications and platformsIdentify network and middleware security vulnerabilities, understand risk, and offer resolution adviceWork directly with internal business units to communicate risk and help resolve open vulnerabilitiesDefining cloud security policies, procedures, solutionsRequirements:We're looking for someone who enjoys solving puzzles, diagnosing problems, and building solutionsExcellent communication skills and an understanding of network security fundamentals.Candidates should be interested in keeping up with the latest security trends, as well as enjoy performing architecture reviews and penetration test activitiesExperience with network security tools, network traffic analyzers, NMap, Rapid7 and PaloAltoAn understanding of PowerShell, Python, Perl, and other scripting languages is preferredSplunk experience is preferred

#J-18808-Ljbffr