The Area: The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure. The Role: The Lead Security Analyst will assist in supporting Morningstarâs application security automation program. This individual will help integrate static and dynamic security analysis tools into Morningstarâs continuous integration processes, assist with security remediation activities, ensure that vulnerabilities are being remediated in a timely manner and support development and technical personnel as required. This position is based in our Mumbai location. Responsibilities + Create, manage and maintain Jenkins continuous integration jobs to support application security automation + Administer common static and dynamic security assessment tools + Verify automated application security findings that result from automated static and dynamic assessments + Work directly with internal business units to communicate risks and to help ensure open vulnerabilities are resolved in a timely manner + Collect and analyze application security metrics + Provide security remediation advice and training to technical personnel + Assist with documenting secure coding guidelines and running training programs to assist internal development personnel + Provide software security support and remediation guidance to development personnel Requirements + A bachelorâs degree and 7+ yearsâ experience in a development or software security / penetration testing role + Weâre looking for someone who enjoys breaking code, solving puzzles, and diagnosing problems + Excellent communication skills and a strong understanding of software development and application security fundamentals + Candidates should be interested in keeping up with the latest security trends, as well as enjoy performing code / architecture reviews and penetration test activities + Experience with common static and dynamic analysis tools (Semgrep, Brightsec, WAF etc.) + A strong understanding of security best practices in Java, JavaScript, .NET, PHP and Ruby programming languages + Strong understanding of common authentication models (SAML, OAuth, OpenID, etc.) is preferred + A software development and application security background is preferred Morningstar is an equal opportunity employer. Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues. I10_MstarIndiaPvtLtd Morningstar India Private Ltd. (Delhi) Legal Entity How to Apply for a Job at Morningstar Step 1 When you find a position you're interested in, click the 'Apply' button. Please fill out this form completely, attaching your resume and cover letter in the approved format. Read the job requirements carefully and make sure to attach writing or design samples as required. Applicants must submit their resume and other information through our corporate website to be considered for a job at Morningstar. No phone calls, please. Step 2 You will receive an email notification to confirm that we've received your application. Step 3 If you are called in for an interview, a representative from Morningstar will contact you to set up a date, time, and location. Be prepared for a rigorous interview process. To make sure you're a good fit for Morningstar and we're a good fit for you, we'll schedule time for you to meet with multiple staff members at all levels of the company. Expect to return for multiple interviews as part of the process. A representative from Morningstar will contact you with the results of your interviewâeither with a job offer or to let you know our plans for the position. Applicants With Disabilities Who Need Accommodation Morningstar is committed to working with and providing reasonable accommodation to individuals with disabilities. If, because of a medical condition or disability, you need a reasonable accommodation for any part of the employment process, please call +1 312 384-3900 or email AskHR@morningstar.com and let us know the nature of your request and your contact information. Please note: We only accept calls from applicants who need accommodation related to a disability. Please, no calls with unrelated questions or requests. Please be sure to include the title and location of the open position youâre interested in when you leave a message. US Applicants: Morningstar is an E-Verify program participant. Learn more: This Organization Participates in E-Verify (English) This Organization Participates in E-Verify (Spanish) Right to Work (English) Right to Work (Spanish) EEO is the Law Pay Transparency Notice Morningstar is strongly committed to creating and preserving equal opportunity for all employees and applicants. We make all employment decisionsâincluding recruitment, hiring, compensation, training, promotion, transfer, discipline, termination, and other personnel mattersâwithout regard to race, color, ancestry, religion, sex, national origin, age, disability, protected veteran status, marital status, sexual orientation, genetic information, citizenship, gender identity and expression, parental status, or other legally protected characteristics or conduct.
