Director - Application Security Remote
Director - Application Security Remote
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Provide strategic direction and leadership for the enterprise application security program partnering with development teams across the organization to embed security throughout the software development lifecycle and lead the march to shift security further left within AbbVie. Drive maturation of existing application security capabilities while building and scaling new functions including product security DevSecOps API security and software supply chain security developer training. Lead multiple security teams to deliver a comprehensive application security program that enables secure rapid development through automation developer enablement and security integration.
This position can be remote anywhere in the U.S.
Key Responsibilities:
- Accountability and ownership of the Application Security program including both strategy and ongoing operations.
- Build and maintain relationship with business and businessfocused IT partners to gain support for and drive success to application security programs and processes.
- Build develop and execute on scalable and secure practices for the AbbVie App Sec program
- Oversee application security capabilities following a shift left methodology to best integrate security throughout all phases of the SDLC
- Influence roadmaps and decisions of partner teams to promote application security
- Develop an application security framework encompassing all aspects of application security including vulnerability management threat modeling data protection security logging/monitoring secrets management software supply chain security DevSecOps integration secure code training security review & testing and compliance.
- Lead and develop multiple application security teams focusing on:
- Development standards & SDLC integration
- DevSecOps Program
- Application Security / DevSecOps operations & engineering
- Product security
- Software supply chain and secrets management
- API & container security
- Build and scale developerfocused security programs including:
- Developer certification and training programs
- Secure code bootcamps
- AppSec champions programs
- Selfservice security tooling
- Design and implement custom security tooling to ensure development teams have the best possible customer experience when interacting with Application Security.
Qualifications :
- Bachelors Degree and 10 years of experience OR Masters Degree and 9 years experience OR PhD and 5 years of experience
- Understanding of software development programming languages the software development life cycle and common security coding vulnerabilities (eg OWASP Top 10.
- 10 years of information security experience including:
- Minimum 5 years handson software development
- Minimum 5 years leading application security or security architecture programs
- Experience maintaining and implementing SDLC at the enterprise level
- Experience developing enterprise level security policies and standards with focus on application security
- Experience partnering with the business supporting IT teams to design and implement security applications
- Direct experience building developer security training programs
- Direct experience working with business partners to secure business product that are used by large customer bases (e.g. used by millions of customers).
- Demonstrated experience leading teams within information technology
- Experience implementing and maintaining:
- API security controls and gateways
- Container security platforms
- Secrets management solutions
- Software composition analysis (SCA) tools
- Security automation in CI/CD pipelines
- Developer selfservice security tools
- Supply chain security controls
- Proven experience in managing 3rd party risks from both a strategic and operations perspective.
- Proven track record implementing:
- Direct experience with code review web application security assessments and security architecture
- Experience integrating security into Agile/DevOps practices
- Strong interpersonal skills ability to successfully adapt to changing requirements.
- Proven ability to lead and develop an organization specifically through change and transformation.
- Must be comfortable with ambiguity; strong writing and verbal communication skills problem solving and creative thinking skills and ability to work effectively with conceptual structures outlines and models.
- Ability to interact with and influence at all levels of management across divisions and functions.
Additional Information :
Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law:
The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location and we may ultimately pay more or less than the posted range. This range may be modified in the future.
We offer a comprehensive package of benefits including paid time off (vacation holidays sick) medical/dental/vision insurance and 401(k) to eligible employees.
This job is eligible to participate in our shortterm incentive programs.
This job is eligible to participate in our longterm incentive programs
Note: No amount of pay is considered to be wages or compensation until such amount is earned vested and determinable. The amount and availability of any bonus commission incentive benefits or any other form of compensation and benefits that are allocable to a particular employee remains in the Companys sole and absolute discretion unless and until paid and may be modified at the Companys sole and absolute discretion consistent with applicable law.
AbbVie is an equal opportunity employer and is committed to operating with integrity driving innovation transforming lives and serving our community. Equal Opportunity Employer/Veterans/Disabled.
US & Puerto Rico only to learn more visit & Puerto Rico applicants seeking a reasonable accommodation click here to learn more:
Yes
Employment Type :
Fulltime
Employment Type
Remote
