Senior Application Security Penetration Tester - Remote

Overview

AbbVie Information Security is looking for a highly motivated, diligent, and skillful analyst to join the Attack Surface Management (ASM) team. AbbVie’s Application Security team protects AbbVie’s patients, data, and brand by identifying vulnerabilities and threats to our organization and working to drive remediation of identified security risks. Application Security is a capability of ASM within the larger Cyber Security Operations (CSO) function. Join us as Senior Security Specialist, Application Security to support and improve our efforts to identify and reduce AbbVie’s attack surface and help our business continue to have remarkable impacts on people’s lives.

In Short

• Maintain awareness of the latest critical information security vulnerabilities, threats, and exploits.
• Support the enterprise-wide initiative to secure AbbVie’s most critical assets by performing thorough assessments of web and mobile applications.
• Provide guidance on existing and emerging threats in the web and mobile application space.
• Perform application security reviews throughout the application development lifecycle.
• Review deliverables from third-party service providers and other Application Security Analysts.
• Communicate technical application security concepts to customers.
• Participate in the management of AbbVie’s bug bounty program.
• Train customer staff on application security and remediation of application security code defects.
• Identify enhancements to tools, standards and processes.
• Contribute to the implementation and refinement of the strategy for the Application Risk program.

Requirements

• Bachelors Degree and 6 years experience OR Masters Degree and 5 years experience OR PhD and 0 years experience.
• Advanced knowledge of web application vulnerabilities and business logic flaws.
• Advanced understanding of application architectures and technologies.
• Advanced, hands-on experience with manual vulnerability testing and static code analysis.
• Experience with tools including Kali Linux and Burp Suite.
• Understanding of security controls and security standards.
• Strong written and verbal communication skills.
• Ability to communicate concepts to diverse audiences.
• Certifications such as OSCP, OSWE or ECSA are a plus.

Benefits

• Comprehensive package of benefits including paid time off.
• Medical/dental/vision insurance.
• 401(k) participation for eligible employees.
• Opportunity to participate in short-term incentive programs.