Principal DevSecOps Engineer (Remote)

Join to apply for the Principal DevSecOps Engineer (Remote) role at BioSpace

6 days ago Be among the first 25 applicants

Get AI-powered advice on this job and more exclusive features.

Company Description
AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas: immunology, oncology, neuroscience, and eye care, including products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on X, Facebook, Instagram, YouTube, LinkedIn, and TikTok.

Job Description
Become a key player in our Information Security team as a Principal DevSecOps Engineer. You will leverage your expertise in application security, security engineering, and software development to support and enhance our inline code testing and reporting processes. This role involves implementing and administering application security tooling, integrating into CI/CD pipelines, and supporting development teams using these products and their findings.

This position can be virtual anywhere in the U.S.

1. Implement and maintain Application Security Testing (AST) tools (SAST, DAST, IAST, SCA, etc.) to identify vulnerabilities during the software development lifecycle.
2. Implement and maintain Application Security Posture Management (ASPM) tools to centralize findings and integrate into development processes.
3. Support users by resolving false positives, guiding on remediation, and evaluating security exceptions.
4. Integrate security tooling with CI/CD pipelines.
5. Develop reports on security findings and remediation efforts.
6. Demonstrate proficiency across technologies related to application security, software design, containerization, and cloud environments.

Required:

• Bachelor's Degree and 8 years experience OR Master's Degree and 7 years experience OR PhD and 3 years experience
• 5+ years in application security and software development
• 3+ years supporting application security tooling such as SAST/DAST/IAST/SCA
• Knowledge of secure coding practices, especially in Java and Node.js
• Experience with CI/CD security testing integration
• Understanding of vulnerabilities like OWASP Top 10, CWE, etc.
• Experience with DevSecOps practices in cloud environments (AWS, Azure)
• Developing Infrastructure as Code using TerraForm and/or CloudFormation
• Strong communication skills for technical and non-technical audiences
• Ability to innovate and support junior engineers

Preferred:

• Tooling for consolidating security findings
• Experience with Snyk and Endor Labs
• Cloud Security Posture Management integration
• Scripting in Python
• Pipeline logging and insights
• Collaboration with risk management teams

Details on pay, benefits, and legal disclosures are provided in the original description. The role is open to applicants in locations with pay disclosure laws, and the salary range is indicative, subject to change based on location and other factors.

AbbVie is an equal opportunity employer. For more info, visit here. Applicants seeking accommodations can find details here.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Engineering and Information Technology
• Industries: Internet News