Job Description
AbbVie Information Security is looking for a highly motivated, diligent, and skillful analyst to join the Attack Surface Management (ASM) team. AbbVie’s Application Security team protects AbbVie’s patients, data, and brand by identifying vulnerabilities and threats to our organization and working to drive remediation of identified security risks. Application Security is a capability of ASM within the larger Cyber Security Operations (CSO) function. Join us as Senior Security Specialist, Application Security to support and improve our efforts to identify and reduce AbbVie’s attack surface and help our business continue to have remarkable impacts on people’s lives.
The Senior Security Specialist is a key member of the Application Security team and works with internal and external groups to identify and drive remediation of information security risks across all AbbVie application environments.
The ideal candidate must have prior experience conducting manual web and mobile application security penetration tests within an enterprise environment and working with application stakeholders to discuss vulnerabilities and remediation options.
This position can be anywhere in the U.S.
In this role, you’ll be responsible for:
Maintaining awareness of the latest critical information security vulnerabilities, threats, and exploits
Providing guidance on existing and emerging threats in the web and mobile application space, as they apply within the AbbVie environment
Performing application security reviews throughout the application development lifecycle, including tasks such as:Performing security assessments for AbbVie web and mobile applications across the enterprise
Dynamic (DAST) application security testing and/or penetration testing of applications and source code
Auditing results of security assessments with development and/or security teams and offering plans for remediation of vulnerabilities
Retesting remediation to confirm the efficacy of fixes
Reviewing deliverables from third-party service providers and other Application Security Analysts to ensure completeness and accuracy
Communicating technical application security concepts to customers, including developers, architects, and managers
Participating in the management of AbbVie’s bug bounty program, working to validate and triage reported vulnerabilities, and working with application owners to ensure valid findings are remediated
Training customer staff on application security and remediation of application security code defects
Identifying and developing secure software development best practices
Identifying enhancements to tools, standards, and processes; providing input into policies and procedures, and contributing to the implementation and refinement of the strategy for the Application Risk program on a global basis
Candidates in this role are able to work remote within the United States
Significant Work Activities -Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
application-security mobile-applications Security penetration-testing web-applications Information security