Skip to main content

Search jobs

Search jobs

About AbbVie

AbbVie’s mission is to discover and deliver innovative medicines that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people’s lives across several key therapeutic areas: immunology, oncology, neuroscience, eye care, virology, women’s health and gastroenterology, in addition to products and services across its Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at Follow @abbvie on Twitter, Facebook, Instagram, YouTube and LinkedIn.

Senior Principal Specialist, Threat Detection and Security Monitoring

Lake County, Illinois Req ID 2207884 Category Information Technology Division AbbVie


AbbVie Information Security is looking for a highly motivated, talented individual to join the Cyber Security Operations (CSO) team.  The Senior Principal Specialist, Threat Detection and Security Monitoring will be responsible for building and managing how opportunistic and advanced threats are detected and escalated to the incident response team for initial triage and response. You will work alongside the Cyber Security Engineering (CSE), Cyber Threat Intelligence (CTI) team, and the Cyber Security Incident Response Team (CSIRT) to understand existing tools, capabilities, and modern threats to facilitate building accurate, targeted detection content (rules, alerts, signatures).  You will assist in examining new data sources to assess the security value, and determine how best to leverage within the detection framework you will build. Threat detection improvements by the Specialist will be based on observed and reported attack techniques, case studies, and analysis of log data.

This is a highly technical role that will influence and drive the direction of this new capability.  Ideal candidates:

  • Must have a passion for data analysis
  • Be innovative with their understanding of attack methodologies, malware analysis, malicious toolkits, and how those may manifest within various security technologies
  • Be well versed in the cyber threat landscape; have an advanced understanding and knowledge of what tactics and techniques are being used by adversaries; have an advanced understand and knowledge of what security controls and/or telemetry data is available to detect these tactics and techniques; and be familiar with cyber security incident response terminology, processes, and techniques.


  • Lead, develop, and drive the strategic direction of AbbVie’s Threat Detection and Security Monitoring service
  • Develop and maintain a threat detection framework that is aligned and mapped to industry frameworks (such as MITRE ATT&CK) that measures, over time, AbbVie’s ability and coverage to detect threats against the latest and greatest tactics and techniques.
  • Collaborate with operational team to build and maintain basic security alerting from the various security technologies, including establishing decision making criteria on what is important to manually investigate, and what can be automatically investigated.
  • Analyze, develop, and maintain log ingestion requirements to support detection and response capabilities
  • Identify, test, and develop targeted attack detection capabilities – including correlating data across disparate sources to leverage machine and metadata to compensate for security technologies shortcomings.
  • Working with data scientists to leverage ML and advanced mathematical algorithms to detect cyber security anomalies and outliers is large data sets
  • Review new security product capabilities, available telemetry data, and collaborate with operational teams on developing and/or updating detection use cases.
  • Coordinate and provide expert technical leadership to engineering and response teams
  • Support the incident response process by providing advanced analysis services when requested

  • Expert level knowledge and understanding of the attack chain; adversary tactics, techniques, and procedures; and emerging threats and vulnerabilities
  • Expert level understanding of what telemetry and visibility exists from various security and network product (i.e. firewalls, network IPS, AV, EDR, host logs, netflow, secure email gateways, etc)
  • Expert level knowledge of host and network-based security products and how those products affect exploitation and reduce vulnerability
  • Expert level ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.
  • Expert level knowledge of SIEM’s, how they work, how their value can be maximized and leveraged to mature monitoring and detection processes
  • Expert level ability to bring multiple datasets together and apply analytical concepts in order to achieve data correlation for solving more complex problems
  • Demonstrated skills in identifying hidden patterns and relationships within data sets
  • Demonstrated skills in developing data models
  • Demonstrated skill in transformation analytics (aggregation, enrichment, processing) and data pre-processing (e.g. imputation, dimensionality reduction, normalization, transformation, extraction, filtering, smoothing).
  • Demonstrated ability to work well with customers and meet customer’s needs
  • Demonstrated ability to function in a collaborative environment, seeking continuous consultation with other analysts, experts, and teams to improve analytical and technical expertise.
  • Demonstrated skill in identifying cyber threats that may impact the organization and/or third parties, and being able to think like a threat actor
  • Demonstrated skills to create and maintain up-to-date planning documents, as well as tracking and measuring services/production.
  • Strong interpersonal skills required to establish and maintain positive relationships, as well as strong communication skills in the form of clear and concise reporting and delivering presentations to technical and non-technical customers. 
  • Minimum 9 years of experience in an information security discipline, (preferably inclusive of threat intelligence, incident response, and/or SOC)

Desired Qualifications:

  • SOC analyst and incident response experience or proven experience working alongside these teams
  • Supervisor/managerial experience, employee development, business, and process experience
  • Certifications consisting of any of the following: GIAC Forensic Examiner (GCFE), GIAC Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), GIAC Network Forensic Analyst (GNFA), GIAC Advanced Smartphone Forensics (GASF)
Significant Work Activities: Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
Travel: Yes, 5 % of the Time
Job Type: Experienced
Schedule: Full-time

Most recent jobs

Sign up for job alerts

Join our talent network and receive AbbVie news and job alerts to your inbox.

Interested InPlease select a category or location option. Click “Add” to create your job alert.

  • Information Technology, Lake County, Illinois, United StatesRemove

Our Terms of Use, Cookie Policy and Privacy Policy explain how we collect and use information about you and the rights you have. By submitting your information, you acknowledge you have read those documents and consent to receive SMS communications and email jobs alerts from AbbVie.

Recently viewed jobs

You have not viewed any jobs recently.

Phishing scam alert

As an online job seeker, you could be a target of cyber (online) thieves seeking to secure personal information from you by sending you “phishing” messages.

Please be alert to and protect yourself from phishing scams. Find out how you can avoid being a victim of job phishing scams.

For Internal Candidates only - Notice of Filing of Labor Condition Application

Equal Employment Opportunity | Reasonable Accommodation