Security Analyst
Description:
The Area: The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role: The Security Analyst will evaluate Morningstar infrastructure and internally developed applications to determine potential short- and long-term security vulnerabilities. This individual will assist in maintaining Morningstar’s security posture by performing vulnerability assessment, penetration testing and mobile application security assessment. This role will also be responsible for leading security training sessions at both a technical and end-user level. This position is based in our Mumbai office.
Responsibilities
+ Identify web application security vulnerabilities (e.g., OWASP Top 10) and offer resolution advice
+ Integrate security touch points into existing SDLC processes
+ Conduct risk assessments, threat modeling and information security reviews on Morningstar systems, applications and platforms+
+ Work directly with internal business units to communicate risk and help resolve open vulnerabilities
+ Understand and help execute information security program goals
+ Assist in maintaining and updating information security policies and standards
+ Provide security remediation advice and training to technical personnel and security champions
+ Document secure coding guidelines and run training programs to assist internal development personnel
+ Collect application vulnerability metrics and introduce automated security checks into application build process.
Requirements
+ A bachelor’s degree and 3 years’ experience in a development or software security / penetration testing role
+ We’re looking for someone who enjoys breaking code, solving puzzles, and diagnosing problems.
+ Excellent communication skills and a strong understanding of software development and application security fundamentals
+ Candidates should be interested in keeping up with the latest security trends, as well as enjoy performing code / architecture reviews and penetration test activities.
+ Experience with common static and dynamic analysis tools (Checkmarx. Burp Suite)
+ A strong understanding of security best practices in Java, JavaScript, .NET, PHP and Ruby programming languages.
Morningstar is an equal opportunity employer.
I10_MstarIndiaPvtLtd Morningstar India Private Ltd. (Delhi) Legal Entity
Morningstar’s hybrid work environment gives you the opportunity to work remotely and collaborate in-person each week. We’ve found that we’re at our best when we’re purposely together on a regular basis, at least three days each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you’ll have tools and resources to engage meaningfully with your global colleagues.
REQ-044592