Senior Application Security Penetration Tester (Remote)

AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas: immunology, oncology, neuroscience, and eye care, along with products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at our website and follow us on X, Facebook, Instagram, YouTube, LinkedIn, and TikTok.

AbbVie Information Security is seeking a highly motivated, diligent, and skilled analyst to join the Attack Surface Management (ASM) team. Our Application Security team protects AbbVie's patients, data, and brand by identifying vulnerabilities and threats, and working to remediate identified security risks. Application Security is a part of ASM within the broader Cyber Security Operations (CSO) function. Join us as a Senior Security Specialist, Application Security, to support and enhance our efforts to identify and reduce AbbVie's attack surface, enabling our business to continue making a remarkable impact on people's lives.

This position can be based virtually anywhere in the U.S.

The Senior Security Specialist is a key member of the Application Security team, working with internal and external groups to identify and remediate information security risks across all AbbVie application environments.

The ideal candidate must have prior experience leading manual web and mobile application security penetration tests within an enterprise environment, and collaborating with application stakeholders to discuss vulnerabilities and remediation strategies.

• Stay informed about the latest critical security vulnerabilities, threats, and exploits.
• Support enterprise-wide initiatives to secure AbbVie's critical assets by performing comprehensive assessments of web and mobile applications, and collaborating with key stakeholders for remediation.
• Provide guidance on emerging threats in web and mobile application security, tailored to the AbbVie environment.
• Conduct security reviews throughout the application development lifecycle, including:
• Security assessments for web and mobile applications
• Dynamic (DAST) testing and source code penetration testing
• Auditing assessment results and proposing remediation plans
• Retesting to verify vulnerability fixes
• Review deliverables from third-party providers and application security analysts for accuracy and completeness.
• Communicate complex security concepts to diverse audiences, including developers, architects, and managers.
• Participate in managing AbbVie's bug bounty program, validating and triaging vulnerabilities, and working with application owners for remediation.
• Train staff on application security best practices and remediation techniques.
• Identify and promote secure software development practices.
• Suggest improvements to tools, standards, and processes; contribute to policy development and the global application risk strategy.

• Bachelor's Degree with 6 years of experience, or Master's Degree with 5 years, or PhD with no experience required.
• Deep understanding of web application vulnerabilities, business logic flaws, and associated threats.
• Strong knowledge of application architectures, including web and mobile technologies, data encryption, and identity/access management.
• Proven experience with manual vulnerability testing and static code analysis.
• Experience with tools like Kali Linux and its utilities.
• Hands-on experience with manual testing tools such as Burp Suite, OWASP ZAP, or similar.
• Understanding of security controls like Authentication, Authorization, Cryptography, and Network Protocols, and familiarity with standards like OWASP Top 10, SANS 25, NIST, and CVE.
• Excellent written and verbal communication skills, capable of explaining technical concepts to varied audiences.
• Certifications such as OSCP, OSWE, or ECSA are advantageous.

This section details pay ranges, benefits, and legal notices related to employment in specific states or regions, emphasizing the company's commitment to equal opportunity and inclusive hiring practices.