Senior Analyst, Vulnerability Management

About the Role
We are looking for a colleague to join our Remediation Operations team. The role is responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks and partner with relevant stakeholders to support remediation operations.
Job Responsibilities

• Analyze technical vulnerabilities to determine the real impact to Morningstar systems. Review security vulnerabilities across a variety of technologies and environments to determine high risk vulnerabilities to business assets.
• Provides technical vulnerability analysis and remediation options.
• Staff the Enterprise-wide vulnerability management program, collaborating with partners to coach and support remediation operations while providing technical guidance and tracking resolution progress.
• Give real, actionable remediation advice above and beyond what the tools and testers provide.
• Create reports related to vulnerability management KPIs.
• Generate detailed security reports and metrics to communicate risk status and remediation progress to key stakeholders.
• Assist with documenting and regularly reviewing relevant processes and procedures.
• Train, mentor and guide junior colleagues.

Qualifications

• A bachelor's degree in computer science or related field.
• Previous experience in information security (3+ years), with a minimum of 1 year in vulnerability management area.
• Knowledge of risk management processes.
• Previous experience with vulnerability assessment tools and techniques, vulnerability data sources, system threats and vulnerabilities.
• Basic understanding of attacker tactics, techniques, and procedures.
• Ability to understand code and configuration as it relates to security vulnerabilities.
• Capability to recognize and categorize types of vulnerabilities.
• Understanding of enterprise-scale infrastructure, technologies, and applications, both on-premises and in the public cloud.
• Strong communication skills.
• Ability to teach, influence, and adapt as new information becomes available.
• Enthusiasm to learn and gain hands-on experience across different security domains.
• Commitment to working as part of team to deliver a significant and measurable impact on security vulnerability risk.

Nice to have

• Knowledge of encryption algorithms, tools and techniques.
• Knowledge of programming language structures and logic.
• Understanding of cybersecurity laws and regulations, models and frameworks.
• Experience with cyber defense and hardening tools and techniques.
• Previous experience in penetration testing tools, principles and practices.

Base Salary Compensation Range
$90,489.00-132,711.00
Incentive Target Percentage
12.5% Annual
Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
100_MstarResCanad Morningstar Research, Inc. (Canada) Legal Entity