Senior Application Security Architect

Job Description

The Team:The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity, and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, infrastructure and cloud security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.

The Role:The Senior Application Security Architect will be part of the central information security team and act as a subject matter expert to all of Morningstar’s product teams by provide security guidance and creating application security standards and patterns. The successful candidate will contribute to maintaining Morningstar’s security posture by performing threat modeling, security architecture reviews of Morningstar products and ensure that major projects receive appropriate architectural security guidance, requirements setting, and review. The Application Security Architect will also partner with the Director of Product Security to define the direction of the application security program as well as on improving security processes and tooling. This position is based in our Chicago office.

We follow a hybrid policy of at least 4 days onsite. Morningstar’s hybrid work environment gives you the opportunity to collaborate in-person each week as we’ve found that we’re at our best when we’re purposely together on a regular basis.

In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you’ll have tools and resources to engage meaningfully with your global colleagues.

Job Responsibilities:Collaborate with development teams across the organization to secure productsContribute to secure reference architectures and patterns for all product teams to leverageDevelop, maintain, and communicate future and current product security initiativesDevelop and enhance internal security processes, programs, and proceduresConduct risk assessments, threat modeling, and product security reviews on Morningstar systemsWork directly with internal business units to communicate risk, provide security remediation advice, and deliver education as needed. Document secure coding guidelines and assist execution by internal development personnelIdentify web/mobile/api application security vulnerabilities and offer remediation adviceQualifications:A bachelor’s degree and 5+ years’ experience in a development or software security / penetration testing role, or equivalent experienceWe are looking for someone who enjoys breaking code, solving puzzles, and diagnosing problemsExcellent communication skills and a strong understanding of software development, architecture, and application securityAn ability to improve system development security across diverse technical teams and technologiesStrong understanding of risk management and the real-world impacts of architectural decisionsExperience architecting and deploying applications securely in cloud environmentsNice to have:Strong understanding of common authentication models and protocols (SAML, OAuth, OpenID, etc. ) preferredPrior development experience preferredVulnerability management experience preferredCompensation and BenefitsAt Morningstar we believe people are at their best when they are at their healthiest.

That’s why we champion your wellness through a wide-range of programs that support all stages of your personal and professional life. Here are some examples of the offerings we provide:Financial Health75% 401k match up to 7%Stock Ownership PotentialCompany provided life insurance – 1x salary + commissionPhysical Health Comprehensive health benefits (medical/dental/vision) including potential premium discounts and company-provided HSA contributions (up to $500-$2,000 annually) for specific plans and coveragesAdditional medical Wellness Incentives – up to $300-$600 annualCompany-provided long- and short-term disability insuranceEmotional Health Trust-Based Time Off6-week Paid Sabbatical Program6-Week Paid Family Caregiving LeaveCompetitive 8-24 Week Paid Parental Bonding LeaveAdoption AssistanceLeadership Coaching & Formal Mentorship OpportunitiesAnnual Education StipendTuition ReimbursementSocial Health Charitable Matching Gifts programDollars for Doers volunteer programPaid volunteering days15+ Employee Resource & Affinity GroupsTotal Cash Compensation Range$114,100.

00 – 193,9700 USD AnnualInclusive of annual base salary and target incentiveMorningstar’s hybrid work environment gives you the opportunity to collaborate in-person each week as we’ve found that we’re at our best when we’re purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week.

A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you’ll have tools and resources to engage meaningfully with your global colleagues. 100\_MstarResCanad Morningstar Research, Inc.

(Canada) Legal Entity

EWJD3