Senior Application Security Penetration Tester Remote

AbbVie Information Security is looking for a highly motivated diligent and skillful analyst to join the Attack Surface Management (ASM) team. AbbVies Application Security team protects AbbVies patients data and brand by identifying vulnerabilities and threats to our organization and working to drive remediation of identified security risks. Application Security is a capability of ASM within the larger Cyber Security Operations (CSO) function. Join us as Senior Security Specialist Application Security to support and improve our efforts to identify and reduce AbbVies attack surface and help our business continue to have remarkable impacts on peoples lives.

This position can be based virtually anywhere in the U.S.

The Senior Security Specialist is a key member of the Application Security team and works with internal and external groups to identify and drive remediation of information security risks across all AbbVie application environments.

The ideal candidate must have prior experience leading manual web and mobile application security penetration tests within an enterprise environment and working with application stakeholders to discuss vulnerabilities and remediation options.

Responsibilities

• Maintaining awareness of the latest critical information security vulnerabilities threats and exploits
• Support the enterprisewide initiative to secure AbbVies most critical assets by performing thorough assessments of web and mobile applications and working with key stakeholders to drive remediation of identified risks.
• Providing guidance on existing and emerging threats in the web and mobile application space as they apply within the AbbVie environment
• Performing application security reviews throughout the application development lifecycle including tasks such as:
  • Performing security assessments for AbbVie web and mobile applications across the enterprise
  • Dynamic (DAST) application security testing and/or penetration testing of applications and source code
  • Auditing results of security assessments with development and/or security teams and offering plans for remediation of vulnerabilities
  • Retesting remediation of identified vulnerabilities to confirm the efficacy of fixes
• Reviewing deliverables from thirdparty service providers and other Application Security Analysts to ensure completeness and accuracy
• Communicating technical application security concepts to customers including developers architects and managers
• Participating in the management of AbbVies bug bounty program working to validate and triage reported vulnerabilities and working with application owners to ensure valid findings are remediated
• Training customer staff on application security and remediation of application security code defects
• Identifying and developing secure software development best practices
• Identifying enhancements to tools standards and processes; provide input into policies and procedures and contribute to the implementation and refinement of the strategy for the Application Risk program on a global basis

Qualifications :

• Bachelors Degree and 6 years experience OR Masters Degree and 5 years experience OR PhD and 0 years experience
• Advanced knowledge of web application vulnerabilities and web application business logic flaws and threats
• Advanced understanding of application architectures and technologies including web applications mobile technology data encryption and identity and access management
• Advanced handson experience with manual vulnerability testing and static code analysis
• Advanced experience with tools including but not limited to the Kali Linux platform and its builtin tools
• Advanced experience performing manual testing with Burp Suite OWASP ZAP or similar tools
• Advanced understanding of security controls such as Authentication Authorization Access Control Cryptography and Network Protocols along with security standards: OWASP Top 10 SANS 25 NIST and CVE
•  Written and verbal communication skills are critical
• Communicating concepts to diverse audiences with varying skill sets.
• Certifications such as OSCP OSWE or ECSA are a plus

Additional Information :

Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law: 

• The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location and we may ultimately pay more or less than the posted range. This range may be modified in the future.

• We offer a comprehensive package of benefits including paid time off (vacation holidays sick) medical/dental/vision insurance and 401(k) to eligible employees.

• This job is eligible to participate in our shortterm incentive programs. 

Note: No amount of pay is considered to be wages or compensation until such amount is earned vested and determinable. The amount and availability of any bonus commission incentive benefits or any other form of compensation and benefits that are allocable to a particular employee remains in the Companys sole and absolute discretion unless and until paid and may be modified at the Companys sole and absolute discretion consistent with applicable law. 

AbbVie is an equal opportunity employer and is committed to operating with integrity driving innovation transforming lives and serving our community. Equal Opportunity Employer/Veterans/Disabled. 

US & Puerto Rico only to learn more visit  & Puerto Rico applicants seeking a reasonable accommodation click here to learn more:

Work :

Yes