The Lead Security Analyst supports application security automation by integrating analysis tools, helping with vulnerability remediation, and training technical staff.
The Area: The Information Security department is responsible for setting enterprise security policies and standards that are designed to protect the confidentiality, integrity and availability of Morningstar information. The security team offers guidance and technical expertise in areas like application security, policies and procedures, disaster recovery and compliance/regulation. We analyze emerging security threats and conduct risk and vulnerability assessments to ensure that our information remains secure.
The Role: The Lead Security Analyst will assist in supporting Morningstar's application security automation program. This individual will help integrate static and dynamic security analysis tools into Morningstar's continuous integration processes, assist with security remediation activities, ensure that vulnerabilities are being remediated in a timely manner and support development and technical personnel as required. This position is based in our Mumbai location.
Responsibilities
+ Create, manage and maintain Jenkins continuous integration jobs to support application security automation
+ Administer common static and dynamic security assessment tools
+ Verify automated application security findings that result from automated static and dynamic assessments
+ Work directly with internal business units to communicate risks and to help ensure open vulnerabilities are resolved in a timely manner
+ Collect and analyze application security metrics
+ Provide security remediation advice and training to technical personnel
+ Assist with documenting secure coding guidelines and running training programs to assist internal development personnel
+ Provide software security support and remediation guidance to development personnel
Requirements
+ A bachelor's degree and 7+ years' experience in a development or software security / penetration testing role
+ We're looking for someone who enjoys breaking code, solving puzzles, and diagnosing problems
+ Excellent communication skills and a strong understanding of software development and application security fundamentals
+ Candidates should be interested in keeping up with the latest security trends, as well as enjoy performing code / architecture reviews and penetration test activities
+ Experience with common static and dynamic analysis tools (Semgrep, Brightsec, WAF etc.)
+ A strong understanding of security best practices in Java, JavaScript, .NET, PHP and Ruby programming languages
+ Strong understanding of common authentication models (SAML, OAuth, OpenID, etc.) is preferred
+ A software development and application security background is preferred
Morningstar is an equal opportunity employer.
Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
I10_MstarIndiaPvtLtd Morningstar India Private Ltd. (Delhi) Legal Entity
The Role: The Lead Security Analyst will assist in supporting Morningstar's application security automation program. This individual will help integrate static and dynamic security analysis tools into Morningstar's continuous integration processes, assist with security remediation activities, ensure that vulnerabilities are being remediated in a timely manner and support development and technical personnel as required. This position is based in our Mumbai location.
Responsibilities
+ Create, manage and maintain Jenkins continuous integration jobs to support application security automation
+ Administer common static and dynamic security assessment tools
+ Verify automated application security findings that result from automated static and dynamic assessments
+ Work directly with internal business units to communicate risks and to help ensure open vulnerabilities are resolved in a timely manner
+ Collect and analyze application security metrics
+ Provide security remediation advice and training to technical personnel
+ Assist with documenting secure coding guidelines and running training programs to assist internal development personnel
+ Provide software security support and remediation guidance to development personnel
Requirements
+ A bachelor's degree and 7+ years' experience in a development or software security / penetration testing role
+ We're looking for someone who enjoys breaking code, solving puzzles, and diagnosing problems
+ Excellent communication skills and a strong understanding of software development and application security fundamentals
+ Candidates should be interested in keeping up with the latest security trends, as well as enjoy performing code / architecture reviews and penetration test activities
+ Experience with common static and dynamic analysis tools (Semgrep, Brightsec, WAF etc.)
+ A strong understanding of security best practices in Java, JavaScript, .NET, PHP and Ruby programming languages
+ Strong understanding of common authentication models (SAML, OAuth, OpenID, etc.) is preferred
+ A software development and application security background is preferred
Morningstar is an equal opportunity employer.
Morningstar's hybrid work environment gives you the opportunity to collaborate in-person each week as we've found that we're at our best when we're purposely together on a regular basis. In most of our locations, our hybrid work model is four days in-office each week. A range of other benefits are also available to enhance flexibility as needs change. No matter where you are, you'll have tools and resources to engage meaningfully with your global colleagues.
I10_MstarIndiaPvtLtd Morningstar India Private Ltd. (Delhi) Legal Entity
Top Skills
.Net
Brightsec
Java
JavaScript
Jenkins
PHP
Ruby
Semgrep
Waf
Morningstar Navi Mumbai, Maharashtra, IND Office
14th Floor, Platinum Techno Park, Pranavanandji Marg, Sector 30, Vashi, Navi Mumbai, Maharashtra, India, 400703
Similar Jobs at Morningstar
Enterprise Web • Fintech • Financial Services
The Engineering Manager leads the Marketing Platform team, overseeing engineers and ensuring the development of robust automation solutions that meet business objectives, while fostering a culture of collaboration and innovation.
Top Skills:
AirflowAWSDockerGCPHelmJavaKafkaKubernetesMarketoOpenapiPostgresPythonRedisRestSQLWorkato
Enterprise Web • Fintech • Financial Services
The Senior Infrastructure Engineer designs, deploys, and manages enterprise file server solutions, ensuring compliance in a financial services environment.
Top Skills:
Active DirectoryAmazon Fsx For Netapp OntapGpoNtfsPowershell
Enterprise Web • Fintech • Financial Services
Responsible for architecting, deploying, and managing secure VDI infrastructure in Azure, ensuring optimal user experience and operational efficiency. Involves troubleshooting, performance optimization, and compliance adherence.
Top Skills:
Azure Virtual DesktopAzure Vmware SolutionPowershellVmware Horizon
What you need to know about the Mumbai Tech Scene
From haggling for the best price at Chor Bazaar to the bustle of Crawford Market, the energy of Mumbai's traditional markets is a key part of the city's charm. And while these markets will always have their place, the city also boasts a thriving e-commerce scene, ranking among the largest in the region. Driven by online sales in everything from snacks to licensed sports merchandise to children's apparel, the local industry is worth billions, with companies actively recruiting to meet the demands of continued growth.
