Senior Application Security Penetration Tester

Summary

Join AbbVie's Information Security team as a Senior Security Specialist, Application Security! This role is crucial in protecting AbbVie's patients, data, and brand by identifying and mitigating security risks across all application environments. Based virtually anywhere in the U.S., you will lead manual web and mobile application security penetration tests, collaborate with stakeholders, and drive remediation efforts. You will also provide guidance on emerging threats, perform application security reviews throughout the development lifecycle, and participate in AbbVie's bug bounty program. This position requires advanced knowledge of web application vulnerabilities and application architectures, along with hands-on experience with various security testing tools. AbbVie offers a comprehensive benefits package.

Requirements

• Bachelors Degree and 6 years experience OR Masters Degree and 5 years experience OR PhD and 0 years experience
• Advanced knowledge of web application vulnerabilities and web application business logic flaws and threats
• Advanced understanding of application architectures and technologies, including web applications, mobile technology, data encryption, and identity and access management
• Advanced, hands-on experience with manual vulnerability testing and static code analysis
• Advanced experience with tools including, but not limited to, the Kali Linux platform and its built-in tools
• Advanced experience performing manual testing with Burp Suite, OWASP ZAP, or similar tools
• Advanced understanding of security controls such as Authentication, Authorization, Access Control, Cryptography, and Network Protocols along with security standards: OWASP Top 10, SANS 25, NIST, and CVE
• Written and verbal communication skills are critical
• Communicating concepts to diverse audiences with varying skill sets

Responsibilities

• Maintaining awareness of the latest critical information security vulnerabilities, threats, and exploits
• Support the enterprise-wide initiative to secure AbbVie’s most critical assets by performing thorough assessments of web and mobile applications and working with key stakeholders to drive remediation of identified risks
• Providing guidance on existing and emerging threats in the web and mobile application space, as they apply within the AbbVie environment
• Performing application security reviews throughout the application development lifecycle, including tasks such as: Performing security assessments for AbbVie web and mobile applications across the enterprise
• Dynamic (DAST) application security testing and/or penetration testing of applications and source code
• Auditing results of security assessments with development and/or security teams and offering plans for remediation of vulnerabilities
• Retesting remediation of identified vulnerabilities to confirm the efficacy of fixes
• Reviewing deliverables from third-party service providers and other Application Security Analysts to ensure completeness and accuracy
• Communicating technical application security concepts to customers, including developers, architects, and managers
• Participating in the management of AbbVie’s bug bounty program, working to validate and triage reported vulnerabilities and working with application owners to ensure valid findings are remediated
• Training customer staff on application security and remediation of application security code defects
• Identifying and developing secure software development best practices
• Identifying enhancements to tools, standards and processes; provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Application Risk program on a global basis

Preferred Qualifications

Certifications such as OSCP, OSWE or ECSA are a plus

Benefits

• Paid time off (vacation, holidays, sick)
• Medical/dental/vision insurance
• 401(k)