Incident Response Lead Incident Response Lead …

à Chicago, IL, États-Unis
CDI, Plein-temps
Soyez parmi les premiers à postuler
à Chicago, IL, États-Unis
CDI, Plein-temps
Soyez parmi les premiers à postuler
Incident Response Lead
Incident Response Lead Chicago/en-US/Americas/job/Chicago/Incident-Response-Lead_REQ-017003/apply

The Area: The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.

The Role: The Information Security Incident Response Lead is responsible for the management, operation and direction of the incident response program, related process development, and improvement activities including security breach simulation exercises. This individual will perform and manage daily tasks associated with cyber incidents, investigations, threat intelligence, threat hunting, and simulation exercises. In addition, this individual will drive the development of new processes and procedures for gathering, handling, searching, and retrieving, digital and/or physical evidence concerning incidents. Ensure forensically sound procedures are documented. Provide guidance and assistance to the vulnerability threat management program. This individual will coordinate processes and collaborate with technology incident management, business continuity, disaster recovery, public cloud and product teams to ensure process continuity in planned simulation exercises to demonstrate cyber resilience in the event of a cyber-attack or breach. This position is based in our Chicago office.


  • Lead active investigations, respond to security incidents, and perform forensics on IT systems
  • Lead the Security Incident Response Team (SIRT) to employ strategy, standards, processes and technology to detect, respond and recover from security incidents and to limit the impact of any such occurrence
  • Guide/lead mitigation strategies for identified vulnerabilities and threats
  • Monitor, analyze, and tune Intrusion Detection Systems (IDS) to identify security issues for remediation
  • Assist with implementation of counter-measures or mitigating controls
  • Work on continuous proactive/reactive investigations and response activities/initiatives
  • Prepare incident reports of analysis methodology and results
  • Develop and maintain Incident Response capabilities in public cloud environments
  • Recognize potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
  • Develop monthly reporting dashboards and metrics on incidents and response capabilities
  • Prepare executive summaries and conduct briefings on significant investigations
  • Execute, develop and document incident handling guides and processes
  • Analyze and tune security alerts and interpret events, as well as develop new alerts based on signatures and behavioral activities
  • Developing the security event simulation program and conduct security event table top exercises at the global level
  • Prioritizes events using existing tools to correlate data for the purposed of reducing false positives and detecting threat


  • A bachelors degree and 4+ years experience in a security operations, security engineering, security analyst or incident response role
  • Excellent communication skills and an understanding of application security fundamentals
  • Ability to work in a fast-paced collaborative environment
  • Strong analytical and problem-solving skills
  • In-depth knowledge and experience with Intrusion Detection Systems and Vulnerability Management Systems.
  • Experience with malware analysis and security incident response
  • Ability to work in a fast-paced collaborative environment
  • Experience with Network protocols (TCP/IP), network apps and services, sniffers, DLP, and understanding network security issues
  • Experience with Host/System security issues including identifying, analyzing and mitigating security vulnerabilities and weaknesses (malicious code, implementation flaws, hardening, etc.).
  • Experience maintaining incident records (writing threat and risk assessments).
  • Must have a genuine curiosity or passion for information security investigations


  • Experience with SOAR tools such as Demisto (Cortex XSOAR), Splunk Phantom, etc.
  • Relevant security certifications (CISSP, GIAC, Metasploit Pro, or CIPP)
  • Incident response or forensics consulting/in-house experience
  • Threat intelligence experience
  • Experience with Splunk
  • Experience with IR in public cloud environments
  • Experience deploying and using enterprise EDR products such asTanium, Cybereason, Crowdstrike, EnCase Cybersecurity, Fidelis, Damballa, FireEye, etc
  • Experience with intrusion prevention systems such as McAfee Network Security Manager, Sourcefire, or Palo Alto
001_MstarInc Morningstar Inc. Legal EntityPosted 3 Days AgoFull timeREQ-017003

How to Apply for a Job at Morningstar

Step 1

When you find a position you're interested in, click the 'Apply' button. Please fill out this form completely, attaching your resume and cover letter in the approved format. Read the job requirements carefully and make sure to attach writing or design samples as required. Applicants must submit their resume and other information through our corporate website to be considered for a job at Morningstar. No phone calls, please.

Step 2

You will receive an email notification to confirm that we've received your application.

Step 3

If you are called in for an interview, a representative from Morningstar will contact you to set up a date, time, and location. Be prepared for a rigorous interview process. To make sure you're a good fit for Morningstar and we're a good fit for you, we'll schedule time for you to meet with multiple staff members at all levels of the company. Expect to return for multiple interviews as part of the process. A representative from Morningstar will contact you with the results of your intervieweither with a job offer or to let you know our plans for the position.

Applicants With Disabilities Who Need Accommodation

Morningstar is committed to working with and providing reasonable accommodation to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the employment process, please call +1 312 384-3900 or email and let us know the nature of your request and your contact information.

Please note:

  • We only accept calls from applicants who need accommodation related to a disability. Please, no calls with unrelated questions or requests.
  • Please be sure to include the title and location of the open position youre interested in when you leave a message.

US Applicants: Morningstar is an E-Verify program participant.

Learn more:

  • This Organization Participates in E-Verify (English) -
  • This Organization Participates in E-Verify (Spanish) -
  • Right to Work (English) -
  • Right to Work (Spanish) -
  • EEO is the Law:
  • Pay Transparency Notice:

Morningstar is strongly committed to creating and preserving equal opportunity for all employees and applicants. We make all employment decisionsincluding recruitment, hiring, compensation, training, promotion, transfer, discipline, termination, and other personnel matterswithout regard to race, color, ancestry, religion, sex, national origin, age, disability, protected veteran status, marital status, sexual orientation, genetic information, citizenship, gender identity and expression, parental status, or other legally protected characteristics or conduct.

Morningstar logo
Offres similaires
Plus d'offres