Senior Application Security Analyst
The Area: The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role: The Senior Application Security Analyst will evaluate Morningstar infrastructure and internally developed applications to determine potential short- and long-term security vulnerabilities. This individual will assist in maintaining Morningstar’s security posture by performing application threat modeling, penetration testing and security architecture reviews. This role will also be responsible for leading security training sessions at both a technical and end-user level. This position is based in our Chicago office.
Responsibilities:
+ Identify web application security vulnerabilities (e.g., OWASP Top 10) and offer resolution advice
+ Develop, maintain and communicate future and current state security architecture strategies and models
+ Conduct risk assessments, threat modeling and information security reviews on Morningstar systems, applications and platforms
+ Work directly with internal business units to communicate risk and help resolve open vulnerabilities
+ Understand and help execute information security program goals
+ Assist in maintaining and updating information security policies and standards+ Provide security remediation advice and training to technical personnel
+ Develop and enhance internal security processes, programs and procedures
+ Document secure coding guidelines and run training programs to assist internal development personnel
+ Collect application vulnerability metrics and introduce automated security checks into application build process
+ Manage WAF rule-set to address application security vulnerabilities where necessary
Requirements:
+ A bachelor’s degree and 5+ years’ experience in a development or software security / penetration testing role
+ We’re looking for someone who enjoys breaking code, solving puzzles, and diagnosing problems
+ Excellent communication skills and a strong understanding of software development and application security fundamentals
+ Experience with common static and dynamic analysis tools+ A strong understanding of security best practices in Java, JavaScript (and supporting framework), .NET, PHP and Ruby programming languages
+ Strong understanding of common authentication models (SAML, OAuth, OpenID, etc.) is preferred
+ CISSP and TOGAF certification preferred
Morningstar is an equal opportunity employer.