About the role:
We are seeking a Lead Security Engineer to help drive our security detection and response efforts. In this role, you will be responsible for designing, implementing, and improving security monitoring, automation, and response capabilities. You will work closely with security engineers, analysts, and cross-functional teams to strengthen our security posture.
This position is based in our Toronto office. We follow a hybrid policy of 3 days onsite and 2 days remote work.
Key Responsibilities
- Lead security detection and response initiatives, ensuring effective threat monitoring, investigation, and mitigation.
- Develop and maintain security detections across SIEM, SOAR, and EDR platforms.
- Architect and optimize security automation workflows to enhance threat response efficiency.
- Collaborate with our in-house SOC and IT teams to refine detection and preventative capabilities and reduce false positives.
- Research and implement new security technologies and best practices to enhance monitoring and response effectiveness.
- Perform security assessments, tuning detection rules, and developing playbooks for security incidents.
- Mentor junior engineers and contribute to security strategy and roadmap planning.
Requirements
- 5+ years of hands-on experience in security engineering, threat detection, and response.
- Strong expertise with SIEM, SOAR, and EDR.
- Experience developing and tuning detections using logs, telemetry, and threat intelligence.
- Proficiency in scripting and automation (Python, PowerShell, Bash, etc.).
- Strong understanding of attack techniques (MITRE ATT&CK framework) and incident response methodologies.
- Ability to analyze security telemetry, investigate threats, and develop effective mitigation strategies.
- Excellent communication skills and ability to collaborate across teams.
Preferred Qualifications
- Experience with cloud security monitoring (AWS, Azure, GCP).
- Familiarity with security frameworks (NIST, CIS, ISO 27001).
- Certifications such as GIAC (GCDA, GCIH, GCFA), OSCP, CISSP, or relevant credentials.
If you are passionate about security, automation, and detection engineering, we'd love to hear from you! Apply today to be a part of our growing security team.
Morningstar's hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We've found that we're at our best when we're purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
Top Skills
What the Team is Saying
What We Do
At Morningstar, we believe in building great products in-house in a highly collaborative, agile environment where we focus on technical excellence, the user experience, and continuous improvement. Our technologists represent a range of skills and experience levels, but they all view their work as a craft and push technology’s boundaries.
Why Work With Us
Imagining big things is in our blood -- it's transformed us from a company with just a few employees in 1984 to a leading independent investment research company with a worldwide presence today. As of April 2020, we acquired Sustainalytics to drive long-term meaningful outcomes for investors in the ESG space. Join us on this exciting journey!
Gallery
Morningstar Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
