"Alerted.org

At Bayer we’re visionaries, driven to solve the world’s toughest challenges and striving for a world where ,Health for all, Hunger for none’ is no longer a dream, but a real possibility. We’re doing it with energy, curiosity and sheer dedication, always learning from unique perspectives of those around us, expanding our thinking, growing our capabilities and redefining ‘impossible’. There are so many reasons to join us. If you’re hungry to build a varied and meaningful career in a community of brilliant and diverse minds to make a real difference, there’s only one choice.

Lead Cyber Security Architect AppSecSpec

Purpose:

This role contributes technically in defining and assessing Bayer’s application security strategy, technical architecture and practices. They translate business objectives and risk management strategies into specific security controls enabled by security technologies and services. Provide advanced technical security architectural design for complex applications and platforms.

YOUR TASKS AND RESPONSIBILITIES

The primary responsibilities of this role Lead Cyber Security Architect (App Sec Specialist):

+ Participate in tool selection, configuration optimization, and provide remediation guidance for various DevSecOps scanning tools (e.g., DAST, SAST, SCA, etc.);

+ Perform security architecture reviews and threat modelling exercises and assist DevOps teams with prioritizing remediation strategies based on risk profiles’

+ Author and deliver awareness and training material for secure coding techniques and CI/CD pipeline security strategies, including alignment with other departments;

+ Mentor others on application security tactics, patterns, and practices. • Collaborate with team members representing application development efforts to assess practice maturity and provide any needed guidance for improvement;

+ Perform code reviews focused on identifying security concerns in applications that utilize modern development stacks (e.g., Node.js, Python, Java, SQL, etc.);

+ Contribute to automation efforts utilizing scripting technologies and source code repository management;

+ Contribute to and utilise our robust Security Controls Framework to ensure the specification of Security Solutions across Bayer is done in a controlled and rational way over applicable technical domains, such as network, cloud, application, platform and AI security;

+ Design and develop tailored cybersecurity designs that address specific threats, oversee the selection and deployment of security technologies, ensuring proper integration into existing IT infrastructure. Anticipate and maintain compliance with applicable legal, regulatory, and best practice frameworks, including the CIISec

+ Strategic alignment of IT security requirements with business goals using industry standard architecture frameworks, such as TOGAF and SABSA; integrating security into each phase of the SDLC, while leading the design and review of complex security architectures to meet business needs;

+ Realise ‘Security by Default’ by creating and maintaining the relevant Security Standards and Security Architecture Patterns to ensure doing business securely is the easiest way to do business;

+ Providing advanced technical guidance and expertise to engineering and development teams on secure system design, configuration, and implementation.

+ Staying abreast of emerging cyber security threats, vulnerabilities, and technologies, and furnishing recommendations for proactive security measures and defensive strategies.

+ Work across Bayer to foster a unified cyber security approach, leading cybersecurity initiatives or teams with a focus on risk management and security architecture.

WHO YOU ARE

Bayer seeks an incumbent who possesses the following:

Required Qualifications:

+ A Bachelor’s or Master’s degree in Information technology, cybersecurity, computer science, or a related field is essential, though relevant working experience may be considered an equivalent

+ Experience applying application security patterns, frameworks, and best practices (e.g., OWASP ASVS/SAMM, NIST 800-218).

+ Demonstrated extensive experience in cybersecurity architecture, risk management, and the design of secure DevOps systems is crucial. Technical Proficiency: In-depth knowledge of cybersecurity principles, IT infrastructure, and data storage is required.

+ Proven expertise in conducting risk assessments and developing strategic mitigation plans to address identified vulnerabilities.

+ Exceptional verbal and written communication abilities to clearly articulate cybersecurity policies, strategies, and risks to stakeholders at all levels.

+ Creative and critical thinking is necessary to address complex cyber security challenges effectively.

+ Familiarity with relevant cybersecurity frameworks and standards, including the CIISec Skills Framework and guidelines provided by the NCSC, is essential

+ Build partnerships internally and externally. Leverages expertise and talents across functions and divisions.

Preferred Qualifications:

+ [6+] years of experience in application security, DevSecOps, or product security. Previous experience in a software engineering role highly desired

+ Holding professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or certifications recognized by the NCSC is highly regarded.

Employees can expect to be paid a salary of between $140,200.00 - $210,300.00 Additional compensation may include a bonus or commission (if relevant). Additional benefits include health care, vision, dental, retirement, PTO, sick leave, etc.. This salary range is merely an estimate and may vary based on an applicant’s location, market data/ranges, an applicant’s skills and prior relevant experience, certain degrees and certifications, and other

relevant factors.

\#LI

YOUR APPLICATION

If your background and personal experience fit this profile, please send us your complete application at www.career.bayer.cn If you have any recommendations, please kindly send mail to [email protected]

L** **ocation:

United States : Missouri : Residence Based || United States : Missouri : Creve Coeur

Division:

Enabling Functions

Reference Code:

844944

**Job Segment:** Cyber Security, Developer, Compliance, Cloud, Computer Science, Security, Technology, Legal