Job Description

About the role:

The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity, and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, infrastructure and cloud security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.

The Product Security Architect will be part of the central information security team and act as a subject matter expert to all of Morningstar\'s product teams by provide security guidance and creating product security standards and patterns. This individual will contribute to maintaining Morningstar\'s security posture by performing threat modeling, security architecture reviews, and security assessments of Morningstar products. The Product Security Architect will also partner with the Director of Product Security to guide the direction of the product security program as well as on improving security processes and tooling.

Job responsibilities:

• Collaborate with development teams and security champions across the organization to architect secure products
• Contribute to secure reference architectures and patterns for all product teams to leverage
• Develop, maintain, and communicate future and current security architecture strategies and models
• Develop and enhance internal security processes, programs, and procedures
• Conduct risk assessments, threat modeling and information security reviews on Morningstar systems, applications, and platforms
• Work directly with internal business units to communicate risk, provide security remediation advice, and deliver training as needed.
• Document secure coding guidelines and run training programs to assist internal development personnel
• Identify web application, mobile application, and API security vulnerabilities and offer remediation advice

Qualifications:

• A bachelor\'s degree and 2+ years\' experience in a development or software security / penetration testing role, or equivalent experience
• We are looking for someone who enjoys breaking code, solving puzzles, and diagnosing problems
• Excellent communication skills and a strong understanding of software development, architecture, and application security
• A strong understanding of security best practices in Java, JavaScript (and supporting frameworks), .NET, and Python programming languages
• Experience architecting and deploying applications securely in cloud environments

Nice to have:

• Strong understanding of common authentication models and protocols (SAML, OAuth, OpenID, etc.) preferred
• Prior development experience preferred
• Splunk experience preferred

100_MstarResCanad Morningstar Research, Inc. (Canada) Legal Entity

Morningstar\xe2\x80\x99s hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We\xe2\x80\x99ve found that we\xe2\x80\x99re at our best when we\xe2\x80\x99re purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you\xe2\x80\x99ll have tools and resources to engage meaningfully with your global colleagues.

Morningstar