Skip Navigation

search jobs

Application Security Lead

St. Louis, Missouri, US Apply Later Job ID 01E3F
Monsanto’s mission is centered on finding agricultural solutions for a sustainable future.   Twenty years from now, the earth’s population will need 55% more food than it can produce now. Today, Monsanto is working with farmers around the world to do something about it.  As such, we approach agriculture holistically, looking across a broad range of solutions from customer enablement, supply chain optimization, to biotechnology research.  To make this possible, we build great, innovative software that accelerates our product pipeline and tools better enable farmers. 
Within IT, we are transforming the way we develop software.  As we shift to more agile processes and cloud based development, we must shift and adapt our approach to application security.  As the Application Security Lead in the Information Security Office, the successful candidate will be responsible for ensuring software is designed and developed securely while supporting the agility to rapidly develop products for our business and customers.  Through collaboration across IT, this role will create and foster a culture of secure application development.
Responsibilities
  • Establish a strong partnership with application development teams to understand business needs and develop appropriate application security controls.  This will involve working closely with scrum teams to understand current Application Security Practices and Maturity
  • Lead the effort to develop reusable application security patterns, frameworks, and best practices leveraging industry best practices (OWASP, BSIMM, ASVs)
  • Establish a culture of secure application development by assisting Scrum Teams in adopting secure coding best practices and frameworks and practices to ensure compliance
  • Establish validation and metrics that demonstrate application security maturity/compliance across organization
Must Have
  • Technical depth and expertise in application security technologies with a deep knowledge on application security threats
  • Experience with software security threat vectors, threat modeling, attack surface analysis, penetration testing, and vulnerability assessments
  • Passion for collaboration and partnership with application development teams working with agile development methodologies
  • Modern web development (e.g., HTML5, JavaScript, AngularJS, Backbone)
  • Experience with large-scale, custom distributed software systems in Java, Scala and/or C#
  • Background in system design with SOA/REST/Micro Services
  • Strong knowledge of relational database design and access (e.g., Oracle, MySQL, PostgreSQL)
  • Ability to think strategically and give practical advice by balancing business needs with risks
  • Strong written and verbal communication skills, as well as the ability to collaborate within a matrix organization
  • Ability to translate complex technical topics for non-technical personnel & senior leadership
Nice to have
  • Experience developing and deploying Secure Cloud Applications
  • Experience developing and deploying Secure Mobile Applications
  • Experience with NoSQL stores (e.g., MongoDB, Couchbase, Neo4J)
  • Experience with search/analytics tools (e.g. ElasticSearch, Solr)
Qualifications
  • BS in Computer Science or STEM related field, required
  • 8+ years of experience in Application Development, required
  • 3+ years of experience in Application Security, required
  • Certification (one or more): CISSP, CEH, CSSLP, desired
Apply Later