Principal Red Team Operator, Penetration Tester

Summary

Join AbbVie's Information Security team as a Principal Red Team Operator! This virtual position, open anywhere in the U.S., involves leading adversarial exercises against AbbVie's networks and systems. You will plan, develop, and execute penetration tests, communicate risks to stakeholders, and recommend remediation plans. The ideal candidate possesses extensive experience in penetration testing within a large enterprise environment and strong communication skills. This role offers the opportunity to mentor junior team members and contribute to AbbVie's overall security strategy. AbbVie is committed to protecting its patients, data, and brand, and this role is crucial in achieving that goal.

Requirements

• Bachelors Degree and 8 years of experience OR Masters Degree and 7 years experience OR PhD and 3 years experience
• Ability to execute in an autonomous manner, contributing to decisions based on specialized knowledge
• Willingness to be available, as needed, for major and critical security issues
• Demonstrated critical thinking, problem solving, and analytical skills; investigates, defines, and resolves critical issues
• Advanced level knowledge of the following: Operating systems (including Windows, Linux, Unix, and MacOS)
• Networking fundamentals and technologies
• Cloud computing
• Application architectures and technologies
• Penetration testing techniques and tactics, including reconnaissance, initial access, persistence, lateral movement, collection, and exfiltration
• Expert-level experience in manual vulnerability identification and testing
• Significant experience in exploit identification and development
• Advanced-level experience in static code analysis, using commercial and open-source tools
• Candidate must have an advanced understanding of security controls such as authentication, authorization, access control, cryptography, and network protocols along with security standards and frameworks including Mitre ATT&CK, OWASP Top 10, SANS 25, NIST, and CVE
• Written and verbal communication skills are critical
• Adept at communicating concepts to diverse audiences with varying skill sets

Responsibilities

• Assist in the development and delivery of overall strategy for the organization’s Advanced Security Testing (red team) strategy
• Propose, design, plan, and execute advanced technical penetration testing exercises (announced and covert) to identify weaknesses in AbbVie’s environment and monitoring/response programs
• Execute, maintain, and improve the Advanced Security Testing team’s stakeholder-defined tactical red team campaign service
• Develop, implement, and maintain a comprehensive red team maturity model to identify and track key milestones in red team program maturity
• Development, maintenance, and delivery of key program metrics
• Mentoring and development of junior members of the Advanced Security Testing team
• Perform testing of web and mobile applications to determine the existence or extent of suspected vulnerabilities, in support of AbbVie’s Emerging Threat process
• Develop and deliver high-quality reporting and presentations to communicate technical findings to relevant stakeholders
• Identify and recommend strategic and tactical remediation or mitigation strategies to provide an effective approach to risk management for identified issues
• Provide leadership on exploits, techniques, and countermeasures to members of the Information Security team, including AbbVie’s Cyber Security Incident Response Team (CSIRT) and junior red team staff members
• Act as a red team operator, when needed, to support the execution of purple team exercises
• Collaborate with AbbVie’s Threat Detection team to design purple team exercises and measurement
• Identify and implement enhancements to tools, standards and processes; provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Information Security program on a global basis

Preferred Qualifications

Certifications such as OSCP, OSCE, OSWP or ECSA are strongly preferred

Benefits

• Paid time off (vacation, holidays, sick)
• Medical/dental/vision insurance
• 401(k)
• Short-term incentive programs
• Long-term incentive programs