Senior DevSecOps Engineer (Remote)
Senior DevSecOps Engineer (Remote)
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Become a key player in our Information Security team as a Senior DevSecOps Engineer where you will leverage your expertise in application security security engineering and software development to support and enhance our inline code testing and reporting processes. This role involves the implementation and administration of application security tooling integration into CI/CD pipelines and providing support for development teams using these products and consuming their findings.
This position can be virtual anywhere in the U.S.
Responsibilities
- Implementing and maintaining Application Security Testing (AST) tools (SAST DAST IAST SCA etc.) to identify code and dependency vulnerabilities during the software development lifecycle.
- Implementing and maintaining Application Security Posture Management (ASPM) tools to centralize and deduplicate findings from multiple solutions and integrate into software development processes.
- Acting as the first line of support for users by helping resolve false positives providing guidance on finding remediation and evaluating security exception requests.
- Integrating security tooling with Continuous Integration/Continuous Deployment (CICD) pipelines.
- Developing detailed reports on security findings and remediation efforts.
- Demonstrate high proficiency across a wide range of technologies and platforms related to application security software design and development containerization and cloud environments.
Qualifications :
Required:
- Bachelors Degree and 7 years experience OR Masters Degree and 6 years experience OR PhD and 2 years experience
- 4 years of experience in application security and software development.
- 2 years of experience implementing administering and supporting application security tooling such as SAST/DAST/IAST/SCA
- Strong knowledge of secure coding practices across multiple programming languages (esp. Java )
- Experience integrating security testing into CICD pipelines via solutions such as GitHub Actions and Azure DevOps
- Strong knowledge of application security principles along with common vulnerabilities (e.g. OWASP Top 10 CWE etc.) and associated mitigations
- Experience supporting developers with assessing and mitigating application security test findings
- Experience implementing DevSecOps workflows in cloud environments such as AWS and Azure
- Experience developing Infrastructure As Code (IAC) via solutions such as TerraForm and/or CloudFormation
- Ability to effectively communicate technical findings to both technical and non-technical stakeholders
Preferred:
- Experience implementing tooling to consolidate application security test findings from multiple sources to facilitate developer engagement and integrate with development workflows and tracking systems.
- Experience administering Snyk and Endor Labs
- Experience integrating Cloud Security Posture Management (CSPM) tooling with application security pipelines
- Experience with Kubernetes security and best practices
- Experience automating workflows via programming languages such as Python
- Experience collaborating with vulnerability and risk management partners to interface with risk management and acceptance processes
- Experience developing and/or deploying training for software engineers around DevSecOps tooling secure development standards and application security fundamentals
- Experience developing DevSecOps policies and standards
Additional Information :
Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law:
The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location and we may ultimately pay more or less than the posted range. This range may be modified in the future.
We offer a comprehensive package of benefits including paid time off (vacation holidays sick) medical/dental/vision insurance and 401(k) to eligible employees.
This job is eligible to participate in our short-term incentive programs.
This job is eligible to participate in our long-term incentive programs
Note: No amount of pay is considered to be wages or compensation until such amount is earned vested and determinable. The amount and availability of any bonus commission incentive benefits or any other form of compensation and benefits that are allocable to a particular employee remains in the Companys sole and absolute discretion unless and until paid and may be modified at the Companys sole and absolute discretion consistent with applicable law.
AbbVie is an equal opportunity employer and is committed to operating with integrity driving innovation transforming lives and serving our community. Equal Opportunity Employer/Veterans/Disabled.
US & Puerto Rico only - to learn more visit & Puerto Rico applicants seeking a reasonable accommodation click here to learn more:
Yes
Employment Type :
Full-time
Employment Type
Remote
