Senior Application Security Architect

7 Months ago • 5 Years + • Cyber Security

Job Summary

Job Description

Secure Morningstar products by collaborating with dev teams. Develop secure reference architectures and patterns. Conduct risk assessments, threat modeling, and product security reviews. Must have strong communication skills and experience in software development, architecture, and application security.
Must have:
  • Application Security
  • Software Development
  • Risk Management
  • Threat Modeling
Good to have:
  • Authentication Models
  • Vulnerability Management
  • Cloud Environments
  • Prior Development
Perks:
  • Hybrid Work
  • Global Colleagues

Job Details

The Team:

The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity, and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, infrastructure and cloud security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.

The Role:
The Senior Application Security Architect will be part of the central information security team and act as a subject matter expert to all of Morningstar’s product teams by provide security guidance and creating application security standards and patterns. The successful candidate will contribute to maintaining Morningstar’s security posture by performing threat modeling, security architecture reviews of Morningstar products and ensure that major projects receive appropriate architectural security guidance, requirements setting, and review. The Application Security Architect will also partner with the Director of Product Security to define the direction of the application security program as well as on improving security processes and tooling. The position will be based in our Chicago or Toronto office.

We follow a hybrid policy of 3 days onsite and 2 days remote work.

Job Responsibilities:

  • Collaborate with development teams across the organization to secure products
  • Contribute to secure reference architectures and patterns for all product teams to leverage
  • Develop, maintain, and communicate future and current product security initiatives
  • Develop and enhance internal security processes, programs, and procedures
  • Conduct risk assessments, threat modeling, and product security reviews on Morningstar systems
  • Work directly with internal business units to communicate risk, provide security remediation advice, and deliver education as needed.
  • Document secure coding guidelines and assist execution by internal development personnel
  • Identify web/mobile/api application security vulnerabilities and offer remediation advice

Qualifications:

  • A bachelor’s degree and 5+ years’ experience in a development or software security / penetration testing role, or equivalent experience
  • We are looking for someone who enjoys breaking code, solving puzzles, and diagnosing problems
  • Excellent communication skills and a strong understanding of software development, architecture, and application security
  • An ability to improve system development security across diverse technical teams and technologies
  • Strong understanding of risk management and the real-world impacts of architectural decisions
  • Experience architecting and deploying applications securely in cloud environments

Nice to have:

  • Strong understanding of common authentication models and protocols (SAML, OAuth, OpenID, etc.) preferred
  • Prior development experience preferred
  • Vulnerability management experience preferred

 

Morningstar’s hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We’ve found that we’re at our best when we’re purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you’ll have tools and resources to engage meaningfully with your global colleagues.

Similar Jobs

Salesforce - Director, Network Security Engineering

Salesforce

Bengaluru, Karnataka, India (On-Site)
7 Months ago
Netskope - Staff Engineer, Client

Netskope

Bengaluru, Karnataka, India (Remote)
7 Months ago
Trend Micro - Information Security Specialist – Intrusion Prevention

Trend Micro

Ottawa, Ontario, Canada (On-Site)
7 Months ago
Flutter International - Security Engineer III

Flutter International

Bengaluru, Karnataka, India (On-Site)
6 Months ago
Axinous - Senior Full Stack Engineer (Avalor)

Axinous

Tel Aviv-Yafo, Tel Aviv District, Israel (Hybrid)
5 Months ago
Google - Technical Solutions Engineer, Google Cloud Security

Google

Warsaw, Masovian Voivodeship, Poland (On-Site)
5 Months ago
Cyara - Senior Security Compliance Analyst

Cyara

Hyderabad, Telangana, India (Hybrid)
6 Months ago
Axinous - Principal Zero-Day Vulnerability Researcher

Axinous

San Jose, California, United States (Remote)
5 Months ago
PwC - Cybersecurity-Strategy Risk & Compliance-NIST-Senior Associate-Hyderabad

PwC

Hyderabad, Telangana, India (On-Site)
6 Months ago
PwC - IN-Senior Associate_GIS _Citizen  Services_Advisory _BANGALORE

PwC

Bengaluru, Karnataka, India (On-Site)
7 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

ION - Platform Security Analyst

ION

Pisa, Tuscany, Italy (On-Site)
6 Months ago
Axinous - Technical Account Manager

Axinous

Tokyo, Japan (Hybrid)
6 Months ago
Hitachi - Senior Offshore Azure Infrastructure - EST Shift

Hitachi

Pune, Maharashtra, India (On-Site)
6 Months ago
PwC - IN-Manager _ Control Testing _Internal audit services_ Advisory _Pune

PwC

Pune, Maharashtra, India (On-Site)
7 Months ago
Krafton  - [Infra Div.] Cloud Security Engineer (5년 이상)

Krafton

Seoul, South Korea (On-Site)
6 Months ago
Google - Technical Curriculum Developer, Security, Cloud Learning Services

Google

Cambridge, Massachusetts, United States (On-Site)
5 Months ago
Axinous - Senior Development Manager (C |Networking |Cloud Security)

Axinous

Bengaluru, Karnataka, India (Hybrid)
5 Months ago
Google - Senior Staff Software Engineer, Google Cloud Security and Privacy

Google

Sunnyvale, California, United States (On-Site)
5 Months ago
Axinous - Staff Product Manager, Network Security

Axinous

San Jose, California, United States (Hybrid)
5 Months ago
PwC - Manager / Senior Manager Cyber Technology and Transformation

PwC

Zürich, Zurich, Switzerland (On-Site)
7 Months ago

Get notifed when new similar jobs are uploaded

Jobs in Toronto, Ontario, Canada

Cineplex - Cook (LBE)

Cineplex

Toronto, Ontario, Canada (On-Site)
6 Months ago
Diligent Corporation - Software Engineer, Platform Reporting

Diligent Corporation

Vancouver, British Columbia, Canada (On-Site)
6 Months ago
Trek - Sales Associate

Trek

Montreal, Quebec, Canada (On-Site)
6 Months ago
Cision - Media Intelligence Analyst

Cision

Ottawa, Ontario, Canada (Remote)
6 Months ago
Fabric - Principal Design Verification Engineer, CPU

Fabric

Ontario, Canada (On-Site)
6 Months ago
Ubisoft - Développeuse.eur Golang

Ubisoft

Montreal, Quebec, Canada (Hybrid)
7 Months ago
Cineplex - Service Manager - The Rec Room Square One

Cineplex

Mississauga, Ontario, Canada (On-Site)
7 Months ago
Keywords Studios (Player Support) - PE Team Lead

Keywords Studios (Player Support)

Montreal, Quebec, Canada (Remote)
11 Months ago
Newrick Network - Email Marketing Manager

Newrick Network

Toronto, Ontario, Canada (Remote)
6 Months ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

DNEG - Chief Information Security Officer

DNEG

Mumbai, Maharashtra, India (Hybrid)
6 Months ago
gigamon - Principal Project Manager - Professional Services - Mexico

gigamon

Mexico City, Mexico City, Mexico (On-Site)
6 Months ago
Meta - Security Engineer - Surface Coverage, Detection Engineering

Meta

Menlo Park, California, United States (On-Site)
5 Months ago
PwC - CD&E -SOC L1 Support- Associate 2 - Bangalore

PwC

Bengaluru, Karnataka, India (On-Site)
7 Months ago
Upstox - Software Development Engineer II - Application Security

Upstox

Bengaluru, Karnataka, India (On-Site)
6 Months ago
Google - Technical Program Manager, Research, Development and Infrastructure

Google

Boulder, Colorado, United States (On-Site)
5 Months ago
Balbix - Sr Cyber Risk Consultant

Balbix

San Jose, California, United States (Hybrid)
6 Months ago
Egnyte - Sr Solutions Engineer - AEC

Egnyte

(Remote)
6 Months ago
ION - Cyber Security Analyst, Italy

ION

Turin, Piedmont, Italy (On-Site)
6 Months ago
Google - Red Team Security Consultant, Mandiant, Google Cloud

Google

Alexandria, Virginia, United States (On-Site)
5 Months ago

Get notifed when new similar jobs are uploaded

About The Company

Chicago, Illinois, United States (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

New York, New York, United States (Hybrid)

Chicago, Illinois, United States (Hybrid)

Chicago, Illinois, United States (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

Mumbai, Maharashtra, India (Hybrid)

View All Jobs

Get notified when new jobs are added by Morning Star

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug