Senior Analyst, Vulnerability Management

About The Role

• We are looking for a colleague to join our Global Security, Privacy, and Resilience Services team.
• The goal of the team is to support the entire global Morningstar business, break down silos between the different functional areas, and improve customer service for internal stakeholders.
• The role is responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks and partner with relevant stakeholders to support remediation operations.

Job Responsibilities

• Analyze technical vulnerabilities to determine the real impact to Morningstar systems. Review security vulnerabilities across a variety of technologies and environments to determine high risk vulnerabilities to business assets.
• Provides technical vulnerability analysis and remediation options.
• Staff the Enterprise-wide vulnerability management program, collaborating with partners to coach and support remediation operations while providing technical guidance and tracking resolution progress.
• Give real, actionable remediation advice above and beyond what the tools and testers provide.
• Create reports related to vulnerability management KPIs.
• Generate detailed security reports and metrics to communicate risk status and remediation progress to key stakeholders.
• Assist with documenting and regularly reviewing relevant processes and procedures.
• Train, mentor and guide junior colleagues.

Qualifications

• Verbal and written English skills at a professional level.
• A bachelor's degree in computer science or related field.
• Previous experience in information security (3+ years), with a minimum of 1 year in vulnerability management area.
• Knowledge of risk management processes.
• Previous experience with vulnerability assessment tools and techniques, vulnerability data sources, system threats and vulnerabilities.
• Basic understanding of attacker tactics, techniques, and procedures.
• Ability to understand code and configuration as it relates to security vulnerabilities.
• Capability to recognize and categorize types of vulnerabilities.
• Understanding of enterprise-scale infrastructure, technologies, and applications, both on-premises and in the public cloud.
• Strong communication skills.
• Ability to teach, influence, and adapt as new information becomes available.
• Enthusiasm to learn and gain hands-on experience across different security domains.
• Commitment to working as part of team to deliver a significant and measurable impact on security vulnerability risk.

Nice to have

• Knowledge of encryption algorithms, tools and techniques.
• Knowledge of programming language structures and logic.
• Understanding of cybersecurity laws and regulations, models and frameworks.
• Experience with cyber defense and hardening tools and techniques.
• Previous experience in penetration testing tools, principles and practices.

Morningstar's hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We've found that we're at our best when we're purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
315_Sustainalytics SRL Legal Entity