Application Security Analyst

About AbbVie
AbbVie's mission is to discover and deliver innovative medicines that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas: immunology, oncology, neuroscience, eye care, virology, women's health and gastroenterology, in addition to products and services across its Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com . Follow @abbvie on Twitter , Facebook , Instagram , YouTube and LinkedIn .

Position Description

The Application Security Analyst is a key member of the Vulnerability Management team and works with internal and external groups to identify and drive remediation of information security risks across all AbbVie web application environments. The Application Security Analyst will

• Maintains awareness of the latest critical information security vulnerabilities, threats, and exploits
• Provide guidance on existing and emerging threats in the web and mobile application space, as they apply within the AbbVie environment
• Assist in conducting and facilitating security reviews, as directed by senior team members, throughout the application development lifecycle, including tasks such as:
• Performing, and improving security assessments for AbbVie applications across the enterprise
• Static (SAST) & Dynamic (DAST) Application Security Testing and/or penetration testing of applications and source code, auditing results with development and/or security teams and offering plans for remediation of vulnerabilities
• Communicating technical application security concepts to customers, including developers, architects, and managers
• Training customer staff on application security and remediation of application security code defects
• Identify enhancements to tools, standards and processes; provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Application Risk program on a global basis

Qualifications

• Bachelors Degree with 5 years of experience
• Atleast 2 years of direct enterprise level software development experience in any of the following:

• • Java/JSP
  • .Net Framework (C#, VB, ASP)
  • Web Applications (N-Tier)
  • Mobile / Application Services
  • 1-2 years of direct application security and/or security developer experience
  • Demonstrate knowledge of web application vulnerabilities and web application business logic flaws and threats
  • Demonstrate understanding of application architectures and technology; including web applications, mobile technology, data encryption, and identity and access management.
  • Hands-on Experience with manual vulnerability testing and static code analysis is strongly desired.
  • Experience with Tools such as Veracode, HP Fortify SCA, IBM AppScan and manual tools such as Burp Suite, ZAP Proxy, Dirbuster, Nikto, metasploit, SOAPUI and other open source security tools
  • Candidate must have an understanding of security controls such as Authentication, Authorization, Access Control, Cryptography, and Network Protocols along with security standards: OWASP Top 10, SANS 25, NIST, and CVE
  • Written and verbal communication skills are critical
  • Adept at communicating concepts to diverse audiences with varying skill sets
  • Certification such as OSCP, OSWE or ECSA is a plus

Significant Work Activities
Continuous sitting for prolonged periods (more than 2 consecutive hours in an 8 hour day)
Travel
No
Job Type
Experienced
Schedule
Full-time
Job Level Code
IC
Equal Employment Opportunity
At AbbVie, we value bringing together individuals from diverse backgrounds to develop new and innovative solutions for patients. As an equal opportunity employer we do not discriminate on the basis of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information gender identity or expression, sexual orientation, marital status, protected veteran status, or any other legally protected characteristic.