Senior Application Security Architect

7 Months ago • 5 Years + • Cyber Security

Job Summary

Job Description

Senior Application Security Architect with 5+ years of experience in development or security, strong understanding of software development, architecture, and application security. Must have experience in threat modeling, security architecture reviews, and secure coding guidelines.
Must have:
  • Application Security
  • Threat Modeling
  • Security Architecture
  • Secure Coding
Good to have:
  • Authentication Models
  • Cloud Environments
  • Vulnerability Management
  • Development Experience
Perks:
  • Hybrid Work
  • Global Collaboration

Job Details

The Team:

The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity, and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, infrastructure and cloud security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.

The Role:
The Senior Application Security Architect will be part of the central information security team and act as a subject matter expert to all of Morningstar’s product teams by provide security guidance and creating application security standards and patterns. The successful candidate will contribute to maintaining Morningstar’s security posture by performing threat modeling, security architecture reviews of Morningstar products and ensure that major projects receive appropriate architectural security guidance, requirements setting, and review. The Application Security Architect will also partner with the Director of Product Security to define the direction of the application security program as well as on improving security processes and tooling. The position will be based in our Chicago or Toronto office.

We follow a hybrid policy of 3 days onsite and 2 days remote work.

Job Responsibilities:

  • Collaborate with development teams across the organization to secure products
  • Contribute to secure reference architectures and patterns for all product teams to leverage
  • Develop, maintain, and communicate future and current product security initiatives
  • Develop and enhance internal security processes, programs, and procedures
  • Conduct risk assessments, threat modeling, and product security reviews on Morningstar systems
  • Work directly with internal business units to communicate risk, provide security remediation advice, and deliver education as needed.
  • Document secure coding guidelines and assist execution by internal development personnel
  • Identify web/mobile/api application security vulnerabilities and offer remediation advice

Qualifications:

  • A bachelor’s degree and 5+ years’ experience in a development or software security / penetration testing role, or equivalent experience
  • We are looking for someone who enjoys breaking code, solving puzzles, and diagnosing problems
  • Excellent communication skills and a strong understanding of software development, architecture, and application security
  • An ability to improve system development security across diverse technical teams and technologies
  • Strong understanding of risk management and the real-world impacts of architectural decisions
  • Experience architecting and deploying applications securely in cloud environments

Nice to have:

  • Strong understanding of common authentication models and protocols (SAML, OAuth, OpenID, etc.) preferred
  • Prior development experience preferred
  • Vulnerability management experience preferred

 

100_MstarResCanad Morningstar Research, Inc. (Canada) Legal Entity

Morningstar’s hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We’ve found that we’re at our best when we’re purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you’ll have tools and resources to engage meaningfully with your global colleagues.

Similar Jobs

Google - Cloud Security Architect

Google

Kuwait City, Al Asimah Governate, Kuwait (On-Site)
2 Days ago
Saviynt - Technical Lead, Professional Services - NA

Saviynt

Bengaluru, Karnataka, India (Hybrid)
6 Months ago
ByteDance - Senior Product Manager - Cloud Security

ByteDance

Singapore (On-Site)
5 Months ago
Reltio - Senior Engineer

Reltio

Bengaluru, Karnataka, India (On-Site)
1 Day ago
ION - Senior DevSecOps Engineer, Italy

ION

Milan, Lombardy, Italy (On-Site)
6 Months ago
PwC - Consultant expérimenté cybersécurité | CDI | H/F

PwC

Neuilly-sur-Seine, Île-de-France, France (On-Site)
7 Months ago
Nexon - Security Compliance Analyst

Nexon

El Segundo, California, United States (Hybrid)
1 Month ago
ByteDance - Software Engineer, Global Payment Privacy & Security

ByteDance

San Jose, California, United States (On-Site)
1 Month ago
Google - Security Engineering Manager, Product Security Engineering, Cloud CISO

Google

Málaga, Andalusia, Spain (On-Site)
2 Weeks ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

Aryaka - Senior Sales Engineer

Aryaka

(Remote)
1 Month ago
PwC - Senior Associate - Assurance - Risk Assurance - IT Cyber

PwC

Jakarta, Jakarta, Indonesia (On-Site)
7 Months ago
Google - Technical Security Advisor, Cloud Security

Google

São Paulo, State Of São Paulo, Brazil (On-Site)
2 Weeks ago
Varonis  - Senior Product Marketing Manager

Varonis

United States (On-Site)
6 Months ago
Zinnia - Senior Cloud Security Engineer

Zinnia

Noida, Uttar Pradesh, India (Hybrid)
6 Months ago
Britive - SOFTWARE ENGINEER

Britive

Bengaluru, Karnataka, India (Remote)
5 Months ago
techholding - Cloud Practice Lead

techholding

(Remote)
1 Day ago
Whoop - Senior Information Security Engineer

Whoop

Boston, Massachusetts, United States (On-Site)
1 Month ago
Saviynt - Consultant, Professional Services, IAM/IGA

Saviynt

Bengaluru, Karnataka, India (Hybrid)
6 Months ago

Get notifed when new similar jobs are uploaded

Jobs in Chicago, Illinois, United States

The Walt Disney Company - Sr Machine Learning Engineer

The Walt Disney Company

Santa Monica, California, United States (On-Site)
5 Months ago
Singularity 6 - Senior Brand Manager

Singularity 6

United States (Hybrid)
5 Months ago
Google - Software Engineer III, Infrastructure, Google Cloud Data Management

Google

Seattle, Washington, United States (On-Site)
1 Week ago
Minted - Senior Brand Manager

Minted

San Francisco, California, United States (Hybrid)
2 Weeks ago
Sphere Entertainment Co - Motion Graphics Compositor

Sphere Entertainment Co

Burbank, California, United States (On-Site)
1 Month ago
Tekion Corp - Customer Support Engineer I (Fixed operations)

Tekion Corp

West Chester, Ohio, United States (On-Site)
19 Hours ago
GameJobs - Principal Software Engineer, Account Authentication

GameJobs

San Mateo, California, United States (On-Site)
1 Day ago
Landor - Music Production / Creative Intern

Landor

New York, New York, United States (On-Site)
1 Day ago
Twitch - Software Engineer II - iOS

Twitch

San Francisco, California, United States (On-Site)
5 Months ago
Genies - Lead Machine Learning Engineer, 3D Gen AI & Graphics

Genies

San Mateo, California, United States (On-Site)
1 Month ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

Google - Red Teaming and Threat Emulation Consultant

Google

New South Wales, Australia (On-Site)
2 Weeks ago
PwC - Endpoint Engineer - US Client (Olivos/Barracas)

PwC

Olivos, Buenos Aires Province, Argentina (On-Site)
5 Months ago
Redhorse Corp - Industrial Security Policy SME

Redhorse Corp

Arlington, Virginia, United States (On-Site)
5 Months ago
ION - Senior Security Architect

ION

Italy (On-Site)
6 Months ago
Rackspace Technology - SOC Analyst L3 (Sentinel is mandatory) - R-19060

Rackspace Technology

Gurugram, Haryana, India (Hybrid)
6 Months ago
Saviynt - Account Executive

Saviynt

Kansas City, Kansas, United States (Remote)
6 Months ago
PwC - Risk & Quality - Information Security Analyst- Associate - KSA

PwC

Riyadh, Riyadh Province, Saudi Arabia (On-Site)
5 Months ago
PwC - Senior Associate - Assurance - Risk Assurance - IT Cyber

PwC

Jakarta, Jakarta, Indonesia (On-Site)
7 Months ago
Google - Insider Risk Analyst

Google

Hyderabad, Telangana, India (On-Site)
2 Days ago
Google - Product Manager, Google Distributed Cloud, Compliance and Security

Google

Bengaluru, Karnataka, India (On-Site)
2 Weeks ago

Get notifed when new similar jobs are uploaded

About The Company

Chicago, Illinois, United States (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

New York, New York, United States (Hybrid)

Chicago, Illinois, United States (Hybrid)

Chicago, Illinois, United States (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

View All Jobs

Get notified when new jobs are added by Morning Star

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug