Senior Application Security Engineer

Company Description

About AbbVie

AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas including immunology, oncology and neuroscience - and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us atwww.abbvie.com. Follow @abbvie onLinkedIn,Facebook,Instagram,XandYouTube.

Job Description

Become a key player in our Information Security team as a Senior Application Security Engineer, where you will leverage your expertise in application security, security engineering, and software development to support and enhance our inline code testing and reporting processes. This role involves the implementation and administration of application security tooling, integration into CI/CD pipelines, and providing support for development teams using these products and consuming their findings.

This position can be remote anywhere in the U.S.

Responsibilities

• Implementing and maintaining Application Security Testing (AST) tools (SAST, DAST, IAST, SCA, etc.) to identify code and dependency vulnerabilities during the software development lifecycle.
• Implementing and maintaining Application Security Posture Management (ASPM) tools to centralize and deduplicate findings from multiple solutions and integrate into software development processes.
• Acting as the first line of support for users by helping resolve false positives, providing guidance on finding remediation, and evaluating security exception requests.
• Integrating security tooling with Continuous Integration/Continuous Deployment (CICD) pipelines.
• Developing detailed reports on security findings and remediation efforts.
• Demonstrate high proficiency across a wide range of technologies and platforms related to application security, software design and development, containerization, and cloud environments.
• Communicate security risks and evangelize secure development practices to development teams and their management.
• Lean/understand vulnerabilities, triage security risks at scale in disparate application development environments and business units.
  
  

  Interested in remote work opportunities in Cyber Security? Discover Cyber Security Remote Jobs featuring exclusive positions from top companies that offer flexible work arrangements.

  
  

Qualifications

• Bachelors Degree and 7 years experience OR Masters Degree and 6 years experience OR PhD and 2 years experience
• 5+ years of experience in application security and software development
• 3+ years of experience implementing, administering, and supporting application security tooling such as SAST/DAST/IAST/SCA
• Extensive knowledge of secure coding practices across multiple programming languages (esp. Java, Node.js)
• Extensive experience integrating security testing into CICD pipelines
• Strong knowledge of application security principles along with common vulnerabilities (e.g., OWASP Top 10, CWE, etc.) and associated mitigations
• Experience implementing and scaling DevSecOps practices and tooling within large organizations
• Experience implementing DevSecOps workflows in cloud environments such as AWS and Azure
• Experience developing Infrastructure As Code (IAC) via solutions such as Terraform and/or CloudFormation
• Experience supporting developers with assessing and mitigating application security test findings
• Ability to effectively communicate technical findings to both technical and non-technical stakeholders
• Demonstrated ability to function as a principal engineer, generating original technical ideas and strategies. Demonstrated creative 'out of the box' thinking to solve difficult technical problems and champion new technologies to achieve program goals.

Browse our curated collection of remote jobs across all categories and industries, featuring positions from top companies worldwide.

• Excellent written and oral English communication skills, as demonstrated by presenting at leading scientific or technical conferences.
• Experience coaching and supporting the development of junior engineers
  
  
  

Additional Information

Applicable only to applicants applying to a position in any location with pay disclosure requirements under state orlocal law:

• The compensation range described below is the range of possible base pay compensation that the Companybelieves ingood faith it will pay for this role at the timeof this posting based on the job grade for this position.Individualcompensation paid within this range will depend on many factors including geographic location, andwemayultimatelypaymore or less than the posted range. This range may bemodifiedin thefuture.
• We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick),medical/dental/visioninsurance and 401(k) to eligibleemployees.
• This job is eligible toparticipatein our long-term incentiveprograms.
  
  
  

Note: No amount of payis considered to bewages or compensation until such amount is earned, vested, anddeterminable.The amount and availability of any bonus,commission, incentive, benefits, or any other form ofcompensation and benefitsthat are allocable to a particular employeeremainsin the Company's sole andabsolutediscretion unless and until paid andmay bemodifiedat the Companys sole and absolute discretion, consistent withapplicable law.

AbbVie is an equal opportunity employer and is committed to operating with integrity, driving innovation, transforming lives and serving our community. Equal Opportunity Employer/Veterans/Disabled.

US & Puerto Rico only - to learn more, visithttps://www.abbvie.com/join-us/equal-employment-opportunity-employer.html

US & Puerto Rico applicants seeking a reasonable accommodation, click here to learn more:

https://www.abbvie.com/join-us/reasonable-accommodations.html