Senior Application Security Architect

Posted 7 Days Ago
Be an Early Applicant
Toronto, ON
Hybrid
Senior level
Enterprise Web • Fintech • Financial Services
The Role
The Senior Application Security Architect will provide security guidance to product teams, create application security standards, perform threat modeling, and conduct security architecture reviews to maintain the company's security posture. The role includes collaboration with development teams and managing security processes.
Summary Generated by Built In

The Team:
The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity, and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, infrastructure and cloud security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role:
The Senior Application Security Architect will be part of the central information security team and act as a subject matter expert to all of Morningstar's product teams by provide security guidance and creating application security standards and patterns. The successful candidate will contribute to maintaining Morningstar's security posture by performing threat modeling, security architecture reviews of Morningstar products and ensure that major projects receive appropriate architectural security guidance, requirements setting, and review. The Application Security Architect will also partner with the Director of Product Security to define the direction of the application security program as well as on improving security processes and tooling. The position will be based in our Chicago or Toronto office.
We follow a hybrid policy of 3 days onsite and 2 days remote work.
Job Responsibilities:

  • Collaborate with development teams across the organization to secure products
  • Contribute to secure reference architectures and patterns for all product teams to leverage
  • Develop, maintain, and communicate future and current product security initiatives
  • Develop and enhance internal security processes, programs, and procedures
  • Conduct risk assessments, threat modeling, and product security reviews on Morningstar systems
  • Work directly with internal business units to communicate risk, provide security remediation advice, and deliver education as needed.
  • Document secure coding guidelines and assist execution by internal development personnel
  • Identify web/mobile/api application security vulnerabilities and offer remediation advice


Qualifications:

  • A bachelor's degree and 5+ years' experience in a development or software security / penetration testing role, or equivalent experience
  • We are looking for someone who enjoys breaking code, solving puzzles, and diagnosing problems
  • Excellent communication skills and a strong understanding of software development, architecture, and application security
  • An ability to improve system development security across diverse technical teams and technologies
  • Strong understanding of risk management and the real-world impacts of architectural decisions
  • Experience architecting and deploying applications securely in cloud environments


Nice to have:

  • Strong understanding of common authentication models and protocols (SAML, OAuth, OpenID, etc.) preferred
  • Prior development experience preferred
  • Vulnerability management experience preferred


Morningstar's hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We've found that we're at our best when we're purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.

Top Skills

Application Security
Cloud Security

What the Team is Saying

Raaghavendar
Saurabh
Anna
Wendell
Jeff
Upasna
The Company
HQ: Chicago, IL
12,700 Employees
Hybrid Workplace
Year Founded: 1984

What We Do

At Morningstar, we believe in building great products in-house in a highly collaborative, agile environment where we focus on technical excellence, the user experience, and continuous improvement. Our technologists represent a range of skills and experience levels, but they all view their work as a craft and push technology’s boundaries.

Why Work With Us

Imagining big things is in our blood -- it's transformed us from a company with just a few employees in 1984 to a leading independent investment research company with a worldwide presence today. As of April 2020, we acquired Sustainalytics to drive long-term meaningful outcomes for investors in the ESG space. Join us on this exciting journey!

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Morningstar Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Typical time on-site: 3 days a week
HQGlobal Headquarters
Santiago Province
LU
NSW
TH
Amsterdam, NL
Cape Town, ZA
Dubai, Dubai
Frankfurt am Main, DE
Frederiksberg, DK
London, GB
Madrid, ES
Mexico City, Mexico City
Milano, IT
Navi Mumbai, Maharashtra
New York, NY
Oakland, MD
Oslo, NO
Paris, FR
São Paulo, São Paulo
PitchBook US Headquarters
Stockholm, SE
Tokyo, JP
Toronto, ON
Toronto, Ontario
Zürich, CH
Learn more

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account