ABOUT SUSTAINALYTICS – a Morningstar company

Sustainalytics – a Morningstar company has been a leading independent provider of Environmental, Social and Governance (ESG) research for the last 25 years. Our insights are used by clients to make better informed investment decisions, engage with companies in relation to their business activities and drive change. Sustainalytics is a growing organization with 800 employees and 17 offices globally. In 2020, Sustainalytics has joined Morningstar, a leading provider of independent investment research.

We have a flexible and supportive working culture and empower our employees to progress and develop quickly in an entrepreneurial environment.

Under COVID-19 circumstances, all Sustainalytics employees are now working from home. More than ever, ESG factors are critical to building a more ethical and sustainable global economy. Our teams need passionate colleagues to join us in delivering quality research products to our clients worldwide.

Our recruitment and selection process is continuing via phone or video meetings. New team members are onboarded and start their first day with the company from the safety of their homes.

We rely on virtual team meetings and management practices, as well as a remote buddy program, to support a smooth integration in our virtual offices.


The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity, and availability of Morningstar information.

The security team offers guidance and technical expertise in areas like application security, infrastructure and cloud security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.


  • Identify network and middleware security vulnerabilities and offer resolution advice
  • Conduct risk assessments, threat modeling, privacy assessments and information security reviews on internal Sustainalytics systems, applications, and platforms
  • Work directly with internal business units to communicate risk and help resolve open vulnerabilities
  • Understand and help execute information security program goals
  • Monitor and manage security alerts from key information security dashboards (IDS, antivirus, EDR, centralized logging, etc)
  • Perform malware investigations, penetration testing, and threat hunting
  • Participate in incident response activities
  • Automate and integrate security tools and activities
  • Provide security remediation advice and training to technical personnel
  • Develop and enhance internal security processes, programs, and procedures
  • Defining cloud security policies, procedures, solutions


  • 4+ years of information security experience
  • Experience with network security tools, network traffic analyzers, vulnerability management (e.g., Rapid7, Nessus, Qualys), and SOAR platforms (e.g., Splunk Phantom, Palo Alto XSOAR (Demisto))
  • An understanding of PowerShell, Python, Perl, or other scripting languages
  • Splunk experience
  • Experience with AWS services
  • Candidates should be interested in keeping up with the latest security trends, and enjoy performing code / architecture reviews and penetration test activities
  • CISSP or CEH certification is preferred


In keeping with our ongoing efforts to represent the diversity of our community, we strongly encourage people from diverse groups to apply. Sustainalytics is committed to providing accommodations for individuals with disabilities, upon request.

Sustainalytics thanks all applicants for their interest, however only those applicants requested to participate in the interview process will be contacted.

Your privacy while being in contact with Sustainalytics is one of our fundamental commitments here. Review our Privacy Policy to find out more about how we handle the personal data you provide us during the recruitment process.