Senior Application Security Penetration Tester (Remote)

Join to apply for the Senior Application Security Penetration Tester (Remote) role at AbbVie.

AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas – immunology, oncology, neuroscience, and eye care – and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on X, Facebook, Instagram, YouTube, LinkedIn, and TikTok.

Job Description

AbbVie Information Security is looking for a highly motivated, diligent, and skilled analyst to join the Attack Surface Management (ASM) team. The Application Security team protects AbbVie's patients, data, and brand by identifying vulnerabilities and threats, and working to remediate security risks. As a Senior Security Specialist in Application Security, you will support efforts to identify and reduce AbbVie's attack surface and help our business continue to make a remarkable impact.

This position can be based virtually anywhere in the U.S.

The Senior Security Specialist works with internal and external groups to identify and drive remediation of information security risks across all application environments.

The ideal candidate must have experience leading manual web and mobile application security penetration tests within an enterprise environment and collaborating with stakeholders on vulnerabilities and remediation strategies.

Responsibilities

1. Maintain awareness of the latest critical information security vulnerabilities, threats, and exploits.
2. Support enterprise-wide initiatives to secure critical assets by performing assessments of web and mobile applications and collaborating with stakeholders for risk remediation.
3. Provide guidance on emerging threats in web and mobile application security.
4. Conduct application security reviews throughout the development lifecycle, including:

• Security assessments for web and mobile apps
• Dynamic (DAST) testing and source code penetration testing
• Auditing assessment results and planning remediations
• Retesting vulnerabilities post-remediation

Qualifications

• Bachelor's Degree with 6 years of experience, or Master's Degree with 5 years, or PhD with no experience required.
• Deep knowledge of web application vulnerabilities, business logic flaws, and threats.
• Strong understanding of application architectures and technologies, including web, mobile, encryption, and identity management.
• Extensive hands-on experience with manual vulnerability testing and static code analysis.
• Proficiency with tools like Kali Linux, Burp Suite, OWASP ZAP, or similar.
• Understanding of security controls and standards such as OWASP Top 10, SANS 25, NIST, CVE.
• Excellent written and verbal communication skills.
• Certifications such as OSCP, OSWE, or ECSA are advantageous.

Additional Information

Details about pay ranges, benefits, and equal opportunity employment policies are included, emphasizing AbbVie's commitment to diversity and inclusion.