Senior Application Security Architect

7 Months ago • 5 Years + • Cyber Security

Job Summary

Job Description

Senior Application Security Architect with 5+ years of experience in development or security, strong understanding of software development, architecture, and application security. Must have experience in threat modeling, security architecture reviews, and secure coding guidelines.
Must have:
  • Application Security
  • Threat Modeling
  • Security Architecture
  • Secure Coding
Good to have:
  • Authentication Models
  • Cloud Environments
  • Vulnerability Management
  • Development Experience
Perks:
  • Hybrid Work
  • Global Collaboration

Job Details

The Team:

The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity, and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, infrastructure and cloud security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.

The Role:
The Senior Application Security Architect will be part of the central information security team and act as a subject matter expert to all of Morningstar’s product teams by provide security guidance and creating application security standards and patterns. The successful candidate will contribute to maintaining Morningstar’s security posture by performing threat modeling, security architecture reviews of Morningstar products and ensure that major projects receive appropriate architectural security guidance, requirements setting, and review. The Application Security Architect will also partner with the Director of Product Security to define the direction of the application security program as well as on improving security processes and tooling. The position will be based in our Chicago or Toronto office.

We follow a hybrid policy of 3 days onsite and 2 days remote work.

Job Responsibilities:

  • Collaborate with development teams across the organization to secure products
  • Contribute to secure reference architectures and patterns for all product teams to leverage
  • Develop, maintain, and communicate future and current product security initiatives
  • Develop and enhance internal security processes, programs, and procedures
  • Conduct risk assessments, threat modeling, and product security reviews on Morningstar systems
  • Work directly with internal business units to communicate risk, provide security remediation advice, and deliver education as needed.
  • Document secure coding guidelines and assist execution by internal development personnel
  • Identify web/mobile/api application security vulnerabilities and offer remediation advice

Qualifications:

  • A bachelor’s degree and 5+ years’ experience in a development or software security / penetration testing role, or equivalent experience
  • We are looking for someone who enjoys breaking code, solving puzzles, and diagnosing problems
  • Excellent communication skills and a strong understanding of software development, architecture, and application security
  • An ability to improve system development security across diverse technical teams and technologies
  • Strong understanding of risk management and the real-world impacts of architectural decisions
  • Experience architecting and deploying applications securely in cloud environments

Nice to have:

  • Strong understanding of common authentication models and protocols (SAML, OAuth, OpenID, etc.) preferred
  • Prior development experience preferred
  • Vulnerability management experience preferred

 

100_MstarResCanad Morningstar Research, Inc. (Canada) Legal Entity

Morningstar’s hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We’ve found that we’re at our best when we’re purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you’ll have tools and resources to engage meaningfully with your global colleagues.

Similar Jobs

Microsoft - Software Engineer II/Senior Software Engineer - CTJ - POLY

Microsoft

Redmond, Washington, United States (On-Site)
1 Week ago
Saviynt - Technical Lead, Professional Services - NA

Saviynt

Bengaluru, Karnataka, India (Hybrid)
6 Months ago
Rackspace Technology - SOC Analyst L2

Rackspace Technology

Gurugram, Haryana, India (Remote)
1 Month ago
Google - Senior Software Engineer, Security/Privacy

Google

Kirkland, Washington, United States (On-Site)
15 Hours ago
Britive - ENGINEERING MANAGER

Britive

Bengaluru, Karnataka, India (Remote)
5 Months ago
Rockstar Games - Security Architect

Rockstar Games

New York, New York, United States (On-Site)
4 Days ago
Fluence - Cybersecurity Engineer (m/f/d)

Fluence

Erlangen, Bavaria, Germany (Hybrid)
6 Months ago
On Location - Senior Security Manager, Milano-Cortina 2026 Olympic & Paralympic Games

On Location

Milan, Lombardy, Italy (On-Site)
2 Months ago
Google - Senior Staff Engineer, Security Defense Platforms

Google

Bengaluru, Karnataka, India (On-Site)
1 Week ago
Microsoft - Senior Software Engineer - Microsoft Defender For Endpoint

Microsoft

Tel Aviv-Yafo, Tel Aviv District, Israel (On-Site)
1 Week ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Google - Customer Engineer, Platform Security, Google Cloud

Google

Singapore (On-Site)
1 Week ago
Google - Senior Strategic Security Consultant (Government)

Google

Brussels, Brussels, Belgium (On-Site)
1 Week ago
Axinous - Principal Product Specialist

Axinous

San Jose, California, United States (Hybrid)
5 Months ago
PwC - ETIC, Cybersecurity Cloud Security - Manager

PwC

Cairo, Cairo Governorate, Egypt (On-Site)
7 Months ago
ByteDance - Security Engineer (Penetration Tester) - Security Assurance

ByteDance

Singapore (On-Site)
5 Months ago
Britive - SENIOR SOFTWARE ENGINEER

Britive

San Francisco, California, United States (Remote)
5 Months ago
PwC - Data Protection Expert

PwC

Prague, Prague, Czechia (Hybrid)
5 Months ago
Nagarro - Staff Engineer - DevOps Site Reliability

Nagarro

Colombia (Remote)
2 Months ago
ION - Senior DevSecOps Engineer, Italy

ION

London, England, United Kingdom (On-Site)
6 Months ago
Britive - SENIOR QA ENGINEER

Britive

Bengaluru, Karnataka, India (Remote)
5 Months ago

Get notifed when new similar jobs are uploaded

Jobs in Chicago, Illinois, United States

Wolters Kluwer - Customer Success Associate

Wolters Kluwer

Dallas, Texas, United States (Hybrid)
7 Months ago
The Walt Disney Company - Disney Store Sales Associate (Part-Time)

The Walt Disney Company

South Carolina, United States (On-Site)
2 Weeks ago
Insomniac Games - Senior Visual Effects Artist

Insomniac Games

United States (Remote)
1 Month ago
InMobiInMobi - Manager, Client Development

InMobiInMobi

New York, New York, United States (On-Site)
3 Months ago
Onward Search - UX/UI Designer (Native Mobile App)

Onward Search

North Andover, Massachusetts, United States (Remote)
1 Week ago
Epic Games - Technical Animation Lead

Epic Games

Cary, North Carolina, United States (On-Site)
1 Week ago
The Walt Disney Company - Senior Manager, DET Marketing Analytics & Reporting

The Walt Disney Company

Santa Monica, California, United States (On-Site)
1 Month ago
Netflix - Sales Operations Senior Associate - Revenue Analytics & Insights

Netflix

New York, New York, United States (On-Site)
1 Week ago
WebFX - Jr. Digital Public Relations Specialist

WebFX

Harrisburg, Pennsylvania, United States (On-Site)
6 Months ago
Netflix - Manager, Broadcast Operations & Transmission

Netflix

Los Angeles, California, United States (On-Site)
2 Months ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

Google - Customer Engineer, Data Analytics, Google Cloud

Google

Portland, Oregon, United States (On-Site)
15 Hours ago
PwC - IT Audit Senior Manager

PwC

Bangkok, Bangkok, Thailand (On-Site)
7 Months ago
ByteDance - Senior Software Engineer - Network Security

ByteDance

San Jose, California, United States (On-Site)
2 Weeks ago
ByteDance - Technical Program Manager, Security Engineering

ByteDance

Singapore (On-Site)
1 Week ago
Google - Technical Program Manager, Physical Security Technology

Google

Austin, Texas, United States (On-Site)
1 Week ago
ByteDance - Executive Protection Specialist

ByteDance

Singapore (On-Site)
1 Month ago
ByteDance - Senior Technology Internal Auditor (Global Technology Audit)

ByteDance

Singapore (Hybrid)
2 Weeks ago
Netflix - Security Engineering, Security Incident Response

Netflix

Warsaw, Masovian Voivodeship, Poland (On-Site)
3 Months ago
Google - Senior Software Engineer, Security/Privacy, Google Cloud Platforms

Google

New York, New York, United States (On-Site)
1 Week ago
ByteDance - Executive Protection Specialist

ByteDance

Singapore (On-Site)
2 Months ago

Get notifed when new similar jobs are uploaded

About The Company

Chicago, Illinois, United States (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

New York, New York, United States (Hybrid)

Chicago, Illinois, United States (Hybrid)

Chicago, Illinois, United States (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

View All Jobs

Get notified when new jobs are added by Morning Star

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug