Senior Application Security Architect at Morningstar
The Senior Application Security Architect will be part of the central information security team and act as a subject matter expert to all of Morningstar's product teams by provide security guidance and creating application security standards and patterns. The successful candidate will contribute to maintaining Morningstar's security posture by performing threat modeling, security architecture reviews of Morningstar products and ensure that major projects receive appropriate architectural security guidance/review. The Application Security Architect will also partner with the Director of Product Security to define the direction of the application security program as well as on improving security processes and tooling.
Job Responsibilities• Collaborate with development teams and security champions across the organization to architect secure products• Contribute to secure reference architectures and patterns for all product teams to leverage• Develop, maintain, and communicate future and current security architecture strategies and models• Develop and enhance internal security processes, programs, and procedures• Conduct risk assessments, threat modeling and information security reviews on Morningstar systems, applications, and platforms• Work directly with internal business units to communicate risk, provide security remediation advice, and deliver training as needed.• Document secure coding guidelines and run training programs to assist internal development personnel• Identify web application security vulnerabilities and offer remediation advice
Nice to have• Strong understanding of common authentication models and protocols (SAML, OAuth, OpenID, etc.) preferred• Prior development experience preferred• Splunk experience preferred
001_MstarInc Morningstar Inc. Legal Entity