Senior Security Analyst - Vulnerability Management - Remote

AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas – immunology, oncology, neuroscience, and eye care – and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on Twitter, Facebook, Instagram, YouTube and LinkedIn.

AbbVie Information Security is looking for a highly motivated, diligent, and skilled analyst to join the Attack Surface Management (ASM) team.  AbbVie’s Vulnerability Management team protects AbbVie’s patients, data, and brand by identifying vulnerabilities and threats to our organization and working to drive remediation of identified security risks. Vulnerability Management is a capability of ASM within the larger Cyber Security Operations (CSO) function. Join us as Senior Security Analyst, Vulnerability Management to support and improve our efforts to identify and reduce AbbVie’s attack surface and help our business continue to have remarkable impacts on people’s lives.

The Senior Security Analyst is a key member of the Vulnerability Management team and works with internal and external groups to identify and drive remediation of information security risks. The ideal candidate will have prior experience analyzing vulnerabilities to determine applicability and impact, reporting vulnerability and risk information to senior leadership, and leading prioritization and remediation strategies in an enterprise environment.

In this role, you’ll be responsible for:

• Maintaining awareness of critical vulnerabilities or emerging threats that may impact AbbVie
• Leading efforts to drive vulnerability remediation, reducing the time it takes to remediate, especially for critical risks
• Contribute to triaging external exposures using a risk-based approach
• Analyzing large data sets to understand risks and trends and improve processes related to communication of vulnerabilities and actionable results to key stakeholders
• Providing leadership and direction to other members of the Vulnerability Management team
• Communicating technical security concepts to customers, including engineers, architects, and managers to help our business units understand risk and remediation strategies
• Creating, modifying, and maturing vulnerability management reports and metrics to drive remediation of vulnerabilities throughout the AbbVie environment
• Identify enhancements to tools, standards and processes; provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Attack Surface Management program on a global basis

Tools and skills you will use in this role:

• Vulnerability management solutions (Rapid 7, Qualys, Tenable, etc.)
• Cloud security posture management (CSPM) tools (Prisma, Wiz, Orca, etc.)
• Security information & event management (SIEM) tools (Chronicle, Splunk, ELK, etc.)
• Attack surface management solutions (Falcon, Tenable, Shodan, Censys, etc.)

Experiences that make you a strong candidate for this role:

• Minimum of 8 year's Information Security experience or equivalent experience in Information Risk Management.
• Candidate is able to work remotely from any location in the United States.
• A proven track record of at least 3 years in an operational role, demonstrating the ability to translate technical insights into actionable strategies.
• Demonstrated experience in leading vulnerability remediation efforts, showcasing the ability to drive initiatives that significantly reduce the time to remediate, especially for critical risks
• Advanced understanding of vulnerability management strategies, standards, procedures, and technologies across infrastructure- and application-level vulnerabilities
• Ability to work both independently without direction and within a group for day-to-day activities
• A sincere desire to learn, grow, and go beyond personal capabilities, staying abreast of the latest developments in the cybersecurity landscape
• Solid understanding of cloud-based hosting platforms, with background on security threats deriving from Azure and AWS and GCP hosted services being preferred
• Experience with data analytics with large datasets
• Experience in reporting metrics and key performance indicators to senior leadership
• Excellent written and verbal communication and listening skills, with the ability to effectively convey technical insights to technical and non-technical stakeholders

If you believe you’re a great fit for this job but don’t have all of the experiences listed above, we encourage you to apply anyway!

Why Business Technology Solutions

For anyone who wants to use technology and data to make a difference in people’s lives, shape the digital transformation of a leading biopharmaceutical company, and secure sustainable career growth within a diverse, global team: we’re ready for you.

Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law: 

• The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location, and we may ultimately pay more or less than the posted range. This range may be modified in the future.
  • Pay Range: $83,000 - $157,000
• We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick), medical/dental/vision insurance and 401(k) to eligible employees.
• This job is eligible to participate in our short-term incentive programs. 

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, incentive, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole and absolute discretion unless and until paid and may be modified at the Company’s sole and absolute discretion, consistent with applicable law. 

AbbVie is committed to operating with integrity, driving innovation, transforming lives, serving our community and embracing diversity and inclusion.  It is AbbVie’s policy to employ qualified persons of the greatest ability without discrimination against any employee or applicant for employment because of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information, gender identity or expression, sexual orientation, marital status, status as a protected veteran, or any other legally protected group status.