Similar Jobs at Morningstar
Artificial Intelligence • Big Data • Enterprise Web • Fintech • Software • Financial Services
Develop and maintain web applications, collaborate on features, write efficient code, troubleshoot issues, and deploy in AWS.
Top Skills:
AWSCSSHTMLJavaScriptNode.jsNuxt.JsTypescriptVue
Artificial Intelligence • Big Data • Enterprise Web • Fintech • Software • Financial Services
The Manager of Information Security leads compliance efforts, manages audits, enforces policies, and oversees third-party risk management to ensure information security compliance.
Top Skills:
CobitGdprIsoNistPci-DssSoc2Sox
Artificial Intelligence • Big Data • Enterprise Web • Fintech • Software • Financial Services
The role involves full stack development, collaborating in cross-functional teams, and managing cloud infrastructure, focusing on user experience and code quality.
Top Skills:
AngularAWSCi/CdDockerElasticsearchEs6+GitJavaScriptMssqlMySQLNode.jsPostgresPythonSQLVue
The Team:
The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity, and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, infrastructure and cloud security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role:
The Lead Application Security Architect will be part of the central information security team and act as a subject matter expert to all of Morningstar's product teams by provide security guidance and creating application security standards and patterns. The successful candidate will contribute to maintaining Morningstar's security posture by performing threat modeling, security architecture reviews of Morningstar products and ensure that major projects receive appropriate architectural security guidance, requirements setting, and review. The Application Security Architect will also partner with the Director of Product Security to define the direction of the application security program as well as on improving security processes and tooling. This position is based in our Chicago office. We follow a hybrid policy of at least 4 days onsite.
Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
Job Responsibilities:
Qualifications:
Nice to have:
Base Salary Compensation Range
$101,422.00-148,755.33
Incentive Target Percentage
12.5% Annual
Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
100_MstarResCanad Morningstar Research, Inc. (Canada) Legal Entity
The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity, and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, infrastructure and cloud security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role:
The Lead Application Security Architect will be part of the central information security team and act as a subject matter expert to all of Morningstar's product teams by provide security guidance and creating application security standards and patterns. The successful candidate will contribute to maintaining Morningstar's security posture by performing threat modeling, security architecture reviews of Morningstar products and ensure that major projects receive appropriate architectural security guidance, requirements setting, and review. The Application Security Architect will also partner with the Director of Product Security to define the direction of the application security program as well as on improving security processes and tooling. This position is based in our Chicago office. We follow a hybrid policy of at least 4 days onsite.
Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
Job Responsibilities:
- Collaborate with development teams across the organization to secure products
- Contribute to secure reference architectures and patterns for all product teams to leverage
- Develop, maintain, and communicate future and current product security initiatives
- Develop and enhance internal security processes, programs, and procedures
- Conduct risk assessments, threat modeling, and product security reviews on Morningstar systems
- Work directly with internal business units to communicate risk, provide security remediation advice, and deliver education as needed.
- Document secure coding guidelines and assist execution by internal development personnel
- Identify web/mobile/api application security vulnerabilities and offer remediation advice
Qualifications:
- A bachelor's degree and 5+ years' experience in a development or software security / penetration testing role, or equivalent experience
- We are looking for someone who enjoys breaking code, solving puzzles, and diagnosing problems
- Excellent communication skills and a strong understanding of software development, architecture, and application security
- An ability to improve system development security across diverse technical teams and technologies
- Strong understanding of risk management and the real-world impacts of architectural decisions
- Experience architecting and deploying applications securely in cloud environments
Nice to have:
- Strong understanding of common authentication models and protocols (SAML, OAuth, OpenID, etc.) preferred
- Prior development experience preferred
- Vulnerability management experience preferred
Base Salary Compensation Range
$101,422.00-148,755.33
Incentive Target Percentage
12.5% Annual
Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
100_MstarResCanad Morningstar Research, Inc. (Canada) Legal Entity
Morningstar Chicago, Illinois, USA Office
Morningstar Global Headquarters Office
22 West Washington Street, Chicago, IL, United States, 60602
What you need to know about the Chicago Tech Scene
With vibrant neighborhoods, great food and more affordable housing than either coast, Chicago might be the most liveable major tech hub. It is the birthplace of modern commodities and futures trading, a national hub for logistics and commerce, and home to the American Medical Association and the American Bar Association. This diverse blend of industry influences has helped Chicago emerge as a major player in verticals like fintech, biotechnology, legal tech, e-commerce and logistics technology. It’s also a major hiring center for tech companies on both coasts.
Key Facts About Chicago Tech
- Number of Tech Workers: 245,800; 5.2% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: McDonald’s, John Deere, Boeing, Morningstar
- Key Industries: Artificial intelligence, biotechnology, fintech, software, logistics technology
- Funding Landscape: $2.5 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Pritzker Group Venture Capital, Arch Venture Partners, MATH Venture Partners, Jump Capital, Hyde Park Venture Partners
- Research Centers and Universities: Northwestern University, University of Chicago, University of Illinois Urbana-Champaign, Illinois Institute of Technology, Argonne National Laboratory, Fermi National Accelerator Laboratory
