Skills

Communication Penetration Testing Risk Management Encryption Vulnerability Assessment Research Programming

Job Specifications

About The Role

We are looking for a colleague to join our Remediation Operations team. The role is responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks and partner with relevant stakeholders to support remediation operations.

Job Responsibilities

Analyze technical vulnerabilities to determine the real impact to Morningstar systems. Review security vulnerabilities across a variety of technologies and environments to determine high risk vulnerabilities to business assets.
Provides technical vulnerability analysis and remediation options.
Staff the Enterprise-wide vulnerability management program, collaborating with partners to coach and support remediation operations while providing technical guidance and tracking resolution progress.
Give real, actionable remediation advice above and beyond what the tools and testers provide.
Create reports related to vulnerability management KPIs.
Generate detailed security reports and metrics to communicate risk status and remediation progress to key stakeholders.
Assist with documenting and regularly reviewing relevant processes and procedures.
Train, mentor and guide junior colleagues.

Qualifications

A bachelor’s degree in computer science or related field.
Previous experience in information security (3+ years), with a minimum of 1 year in vulnerability management area.
Knowledge of risk management processes.
Previous experience with vulnerability assessment tools and techniques, vulnerability data sources, system threats and vulnerabilities.
Basic understanding of attacker tactics, techniques, and procedures.
Ability to understand code and configuration as it relates to security vulnerabilities.
Capability to recognize and categorize types of vulnerabilities.
Understanding of enterprise-scale infrastructure, technologies, and applications, both on-premises and in the public cloud.
Strong communication skills.
Ability to teach, influence, and adapt as new information becomes available.
Enthusiasm to learn and gain hands-on experience across different security domains.
Commitment to working as part of team to deliver a significant and measurable impact on security vulnerability risk.

Nice to have

Knowledge of encryption algorithms, tools and techniques.
Knowledge of programming language structures and logic.
Understanding of cybersecurity laws and regulations, models and frameworks.
Experience with cyber defense and hardening tools and techniques.
Previous experience in penetration testing tools, principles and practices.

Base Salary Compensation Range

$90,489.00-132,711.00

Incentive Target Percentage

12.5% Annual

Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.

100_MstarResCanad Morningstar Research, Inc. (Canada) Legal Entity

About the Company

Morningstar, Inc. is a leading provider of independent investment insights in North America, Europe, Australia, and Asia. The Company offers an extensive line of products and solutions that serve a wide range of market participants, including individual and institutional investors in public and private capital markets, financial advisors and wealth managers, asset managers, retirement plan providers and sponsors, and issuers of fixed-income securities. Morningstar provides data and research insights on a wide range of invest... Know more