Skip to main content

Search jobs

Search jobs

About AbbVie

AbbVie’s mission is to discover and deliver innovative medicines that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people’s lives across several key therapeutic areas: immunology, oncology, neuroscience, eye care, virology, women’s health and gastroenterology, in addition to products and services across its Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at Follow @abbvie on Twitter, Facebook, Instagram, YouTube and LinkedIn.

Senior Security Analyst, Incident Response

Lake County, Illinois Req ID 2202073 Category Information Technology Division AbbVie

AbbVie Information Security is looking for a highly motivated, diligent, and skillful defender to join the Cyber Security Incident Response Team (CSIRT). The CSIRT, working within the Cyber Security Operations (CSO) function, is responsible for responding, investigating, containing, eradicating, and remediating security incidents. 

Join us as a Senior Security Analyst, Incident Response to support and improve our efforts to defend against adversaries and help our business continue to have remarkable impacts on people’s lives.

This highly technical role will be primarily responsible for responding to cyber security incidents escalated by the Cyber Security Operations Center (CSOC); driving containment, eradication, and recovery efforts; assisting in improving AbbVie’s threat detection capabilities; investigating ad-hoc cases; conducting threat hunts; and being a major contributor during critical cyber security incidents.

The ideal candidate must have prior experience with performing cyber security investigations, including performing triage and analyzing large data sets, as well as in depth knowledge of the latest threats, tactics, and techniques used by adversaries – and how to identify them.


  • Act as a Tier 3 escalation point for cyber security incidents at AbbVie, executing response plans and coordinating activity as needed
  • Identify process improvement opportunities and develop subsequent plans of action to resolve gaps with minimal management intervention or direction
  • Interpret and summarize technical information for presentation to non-technical business contacts (i.e. executive incident summaries)
  • Develop, integrate, improve cyber security incident response “playbooks” and documentation for the team
  • Identify capability gaps and assist in developing those capabilities or implementing technology as needed
  • Examine log, system, and malware data to assess incident scope and impact
  • Prepare formal reports on incident findings
  • Drive improvements in cyber security incident detection
  • Drive improvements in cyber security incident response automation capabilities
  • Act as a first responder for cyber security incidents during normal business/off-hours and on-call
  • Participate and conduct threat hunts as needed
  • Act as Incident Commander for Priority 3 incidents, and Priority 2 incidents as required

Basic Qualifications

  • Bachelors Degree with 6 years of experience or Masters with 5 years or Phd or equivalent total experience
  • Demonstrated competency in log analysis or investigative activities in roles such as incident response, threat intelligence, security testing, or threat/vulnerability response.
  • Knowledgeable on multiple technologies and systems that support CSOC and CSIRT services (e.g. SOAR, SIEM, IPS/IDS, EDR, etc.)
  • Expert level understanding of incident response terminology and methodologies
  • Advanced level understanding of Windows OS artifacts, TCP/IP networking, malware behaviors
  • Familiarity with ITIL concepts and services
  • Ability to author clear and concise incident reports
  • Ability to successfully, professionally, and respectfully interact with non-technical in-business contacts
  • Ability to work independently without direction for day-to-day activities
  • Willingness to be available, as needed, for major and critical incident response activities during off-hours; and be on-call as required
  • Capable of learning new concepts and processes quickly, and adapting to a constantly changing environment

Desired Qualifications

  • Prior experience participating in major/critical or complicated cyber security incidents
  • Experience with incident response methodologies within enterprise cloud environments
  • Experience analyzing and pivoting on large sets of data, with the ability to identify patterns, anomalies, and outliers
  • Familiarity with digital forensics concepts and tools, malware reversal concepts and techniques, and data loss and data protection concepts and processes
  • Familiarity with various scripting languages (e.g. PowerShell, Python, JavaScript)
  • Certifications consisting of any of the following: GIAC Forensic Examiner (GCFE), GIAC Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), GIAC Network Forensic Analyst (GNFA), GIAC Advanced Smartphone Forensics (GASF)
Significant Work Activities: Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
Travel: Yes, 5 % of the Time
Job Type: Experienced
Schedule: Full-time

Most recent jobs

Sign up for job alerts

Join our talent network and receive AbbVie news and job alerts to your inbox.

Interested InPlease select a category or location option. Click “Add” to create your job alert.

  • Information Technology, Lake County, Illinois, United StatesRemove

Our Terms of Use, Cookie Policy and Privacy Policy explain how we collect and use information about you and the rights you have. By submitting your information, you acknowledge you have read those documents and consent to receive SMS communications and email jobs alerts from AbbVie.

Recently viewed jobs

You have not viewed any jobs recently.

Phishing scam alert

As an online job seeker, you could be a target of cyber (online) thieves seeking to secure personal information from you by sending you “phishing” messages.

Please be alert to and protect yourself from phishing scams. Find out how you can avoid being a victim of job phishing scams.

For Internal Candidates only - Notice of Filing of Labor Condition Application

Equal Employment Opportunity | Reasonable Accommodation