Senior Application Security Analyst
AbbVie's mission is to discover and deliver innovative medicines that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas: immunology, oncology, neuroscience, eye care, virology, women's health and gastroenterology, in addition to products and services across its Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com . Follow @abbvie on Twitter , Facebook , Instagram , YouTube and LinkedIn .
- This position is virtual and can work from any place within the United States
- The Application Security Analyst is a key member of the Application Security team and works with internal and external groups to identify and drive remediation of information security risks across all AbbVie application environments.
- The Application Security Analyst will maintain awareness of the latest critical information security vulnerabilities, threats, and exploits
- Provide guidance on existing and emerging threats in the web and mobile application space, as they apply within the AbbVie environment
- Perform application security reviews, as directed by senior team members, throughout the application development lifecycle, including tasks such as:
- Performing security assessments for AbbVie applications across the enterprise
- Static (SAST) & Dynamic (DAST) application security testing and/or penetration testing of applications and source code
- Auditing results of security assessments with development and/or security teams and offering plans for remediation of vulnerabilities
- Communicating technical application security concepts to customers, including developers, architects, and managers
- Participate in the management of AbbVie's bug bounty program, working to validate and triage reported vulnerabilities and work with application owners to ensure valid findings are remediated
- Training customer staff on application security and remediation of application security code defects
- Identifying and development of secure software development best practices
- Identify enhancements to tools, standards and processes; provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Application Risk program on a global basis
• Bachelors Degree
. 1-2 years of direct enterprise level software development experience in any of the following: • Java/JSP • .Net Framework (C#, VB, ASP) • Web Applications (N-Tier) • Mobile / Application Services
• 3-5 years of direct application security and/or security developer experience
• Demonstrate knowledge of web application vulnerabilities and web application business logic flaws and threats
• Demonstrate understanding of application architectures and technology; including web applications, mobile technology, data encryption, and identity and access management.
• Hands-on Experience with manual vulnerability testing and static code analysis is strongly desired.
• Experience with Tools such as HP Web Inspect, HP Fortify SCA, IBM AppScan and manual tools such as Burp Suite, ZAP Proxy, Dirbuster, Nikto, metasploit, SOAPUI and other open source security tools
• Candidate must have an understanding of security controls such as Authentication, Authorization, Access Control, Cryptography, and Network Protocols along with security standards: OWASP Top 10, SANS 25, NIST, and CVE
• Written and verbal communication skills are critical
• Adept at communicating concepts to diverse audiences with varying skill sets.
• Certification such as OSCP, OSWE or ECSA is a plus
Significant Work Activities
Job Level Code
Equal Employment Opportunity
At AbbVie, we value bringing together individuals from diverse backgrounds to develop new and innovative solutions for patients. As an equal opportunity employer we do not discriminate on the basis of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information gender identity or expression, sexual orientation, marital status, protected veteran status, or any other legally protected characteristic.