Senior Application Security Penetration Tester (Remote)

Company Description

AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas: immunology, oncology, neuroscience, and eye care, as well as products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at [website]. Connect with us on X, Facebook, Instagram, YouTube, LinkedIn, and TikTok.

Job Description

AbbVie Information Security is seeking a highly motivated, diligent, and skilled analyst to join the Attack Surface Management (ASM) team. Our Application Security team protects our patients, data, and brand by identifying vulnerabilities and threats, and working to remediate security risks. Application Security is part of the ASM within the Cyber Security Operations (CSO) function. Join us as a Senior Security Specialist, Application Security, to support efforts in reducing AbbVie's attack surface and enabling our business to make a significant impact on lives.

This position can be based virtually anywhere in the U.S.

The Senior Security Specialist is a key member of the Application Security team, collaborating with internal and external groups to identify and remediate information security risks across all application environments.

The ideal candidate will have experience leading manual web and mobile application security penetration tests within an enterprise environment and working with stakeholders to discuss vulnerabilities and remediation strategies.

Responsibilities

1. Stay informed on the latest critical vulnerabilities, threats, and exploits.
2. Support enterprise-wide initiatives to secure critical assets by assessing web and mobile applications and collaborating with stakeholders on remediation.
3. Provide guidance on emerging threats in web and mobile application security relevant to AbbVie.
4. Conduct security reviews throughout the development lifecycle, including:

• Security assessments for web and mobile applications
• Dynamic Application Security Testing (DAST) and penetration testing
• Auditing assessment results and planning remediation
• Retesting to verify fixes

Qualifications

1. Bachelor's Degree with 6+ years of experience, or Master’s with 5+ years, or PhD with no experience required.
2. Deep understanding of web application vulnerabilities and business logic flaws.
3. Knowledge of application architectures, including web and mobile technologies, encryption, and identity management.
4. Hands-on experience with manual vulnerability testing and static code analysis.
5. Experience with tools like Kali Linux, Burp Suite, OWASP ZAP, or similar.
6. Understanding of security controls and standards such as OWASP Top 10, SANS 25, NIST, CVE.
7. Excellent written and verbal communication skills.
8. Certifications like OSCP, OSWE, or ECSA are advantageous.

Additional Information

• The compensation range is based on geographic location, experience, and other factors. The company may pay more or less than the posted range.
• Comprehensive benefits include paid time off, health insurance, and 401(k).
• This role may participate in incentive programs.
• All pay amounts are considered earned only when vested and payable.
• AbbVie is an equal opportunity employer, committed to diversity and inclusion.
• For US & Puerto Rico applicants, additional details are available regarding accommodations and legal notices.