Skip to main content

Search jobs

Search jobs

About AbbVie

AbbVie’s mission is to discover and deliver innovative medicines that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people’s lives across several key therapeutic areas: immunology, oncology, neuroscience, eye care, virology, women’s health and gastroenterology, in addition to products and services across its Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on Twitter, Facebook, Instagram, YouTube and LinkedIn.

Senior Security Analyst, Application Security

Lake County, Illinois Req ID 2208565 Category Information Technology Division AbbVie

AbbVie Information Security is looking for a highly motivated, diligent, and skillful analyst to join the Attack Surface Management (ASM) team. AbbVie’s Application Security team protects AbbVie’s patients, data, and brand by identifying vulnerabilities and threats to our organization and working to drive remediation of identified security risks. Application Security is a capability of ASM within the larger Cyber Security Operations (CSO) function. Join us as Senior Security Analyst, Application Security, to support and improve our efforts to identify and reduce AbbVie’s attack surface and help our business continue to have remarkable impacts on people’s lives.

The Senior Security Analyst is a key member of the Application Security team and works with internal and external groups to identify and drive remediation of information security risks across all AbbVie application environments. The ideal candidate must have prior experience leading manual web and mobile application security penetration tests within an enterprise environment and working with application stakeholders to discuss vulnerabilities and remediation options.

Responsibilities:

  • Maintain awareness of the latest critical information security vulnerabilities, threats, and exploits
  • Provide guidance on existing and emerging threats in the web and mobile application space as they apply within the AbbVie environment
  • Perform application security reviews throughout the application development lifecycle, including tasks such as:
    • Performing security assessments for AbbVie web and mobile applications across the enterprise
    • Static (SAST) & Dynamic (DAST) application security testing and/or penetration testing of applications and source code
    • Auditing results of security assessments with development and/or security teams and offering plans for remediation of vulnerabilities
  • Communicate technical application security concepts to customers, including developers, architects, and managers
  • Participate in the management of AbbVie’s bug bounty program, working to validate and triage reported vulnerabilities and work with application owners to ensure valid findings are remediated
  • Train customer staff on application security and remediation of application security code defects
  • Identify and develop secure software development best practices
  • Identify enhancements to tools, standards, and processes; provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Application Risk program on a global basis
  • Guide and mentor other members of the application security team, which involves troubleshooting testing related issues, knowledge sharing, and help with testing related activities
  • Experience with testing and exploitation of applications using cloud technologies such as AWS, Azure, GCP
Qualifications:

 

  • Demonstrated advanced knowledge of web application vulnerabilities and web application business logic flaws and threats
  • Demonstrated advanced understanding of application architectures and technologies, including web applications, mobile technology, data encryption, and identity and access management.
  • Advanced hands-on experience with manual vulnerability testing and static code analysis
  • Advanced experience with tools including, but not limited to, Kali Linux platform and built-in tools, Burp Suite, and OWASP ZAP
  • Strong Hands-On experience with testing and exploitation of iOS and Android applications, which includes static, dynamic analysis and reversing of the apps.
  • Experience with at least one of the Scripting languages (python, PowerShell, bash, etc.) and automation
  • In-depth understanding, testing and exploitation of Web APIs and related components
  • Candidate must have an advanced understanding of security controls such as Authentication, Authorization, Access Control, Cryptography, and Network Protocols along with security standards: OWASP Top 10, SANS 25, NIST, and CVE
  • Written and verbal communication skills are critical
  • Adept at communicating concepts to diverse audiences with varying skill sets.
  • Certification such as OSCP, OSWE, GWAPT, or GPEN is a plus
  • in a specialized information security role
Significant Work Activities: Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
Travel: No
Job Type: Experienced
Schedule: Full-time
ABBVIE

Most recent jobs

Sign up for job alerts

Join our talent network and receive AbbVie news and job alerts to your inbox.

Interested InPlease select a category or location option. Click “Add” to create your job alert.

  • Information Technology, Lake County, Illinois, United StatesRemove

Our Terms of Use, Cookie Policy and Privacy Policy explain how we collect and use information about you and the rights you have. By submitting your information, you acknowledge you have read those documents and consent to receive SMS communications and email jobs alerts from AbbVie.

Recently viewed jobs

You have not viewed any jobs recently.

Phishing scam alert

As an online job seeker, you could be a target of cyber (online) thieves seeking to secure personal information from you by sending you “phishing” messages.

Please be alert to and protect yourself from phishing scams. Find out how you can avoid being a victim of job phishing scams.

For Internal Candidates only - Notice of Filing of Labor Condition Application

Equal Employment Opportunity | Reasonable Accommodation