Senior Application Security Architect

The Team: The Information Security department is responsible for setting enterprise security policies and standards to protect the confidentiality, integrity, and availability of Morningstar information. The security team provides guidance and technical expertise in application security, infrastructure and cloud security, policies and procedures, disaster recovery, and compliance/regulation. They analyze emerging security threats and conduct risk and vulnerability assessments to ensure information security. The Role: The Senior Application Security Architect is part of the central information security team, serving as a subject matter expert to Morningstar's product teams by providing security guidance and establishing application security standards and patterns. The candidate will maintain Morningstar's security posture through threat modeling, security architecture reviews, and ensuring security guidance for major projects. They will collaborate with the Director of Product Security to shape the application security program and improve security processes and tooling. The position is based in Chicago or Toronto, following a hybrid work policy of 3 days onsite and 2 days remote. Job Responsibilities: Collaborate with development teams to secure products. Contribute to secure reference architectures and patterns for product teams. Develop and communicate security initiatives. Enhance internal security processes, programs, and procedures. Conduct risk assessments, threat modeling, and security reviews. Work with business units to communicate risk and provide remediation advice. Document secure coding guidelines and support their implementation. Identify security vulnerabilities in web, mobile, and API applications and advise on remediation. Qualifications: Bachelor's degree and 5+ years' experience in development, security, or penetration testing, or equivalent. Enjoys solving puzzles, diagnosing problems, and breaking code. Excellent communication skills and understanding of software development, architecture, and application security. Ability to improve security across diverse technical teams and technologies. Strong understanding of risk management and architectural impacts. Experience deploying applications securely in cloud environments. Nice to have: Knowledge of authentication protocols (SAML, OAuth, OpenID, etc.). Development experience. Vulnerability management experience.

#J-18808-Ljbffr