Senior DevSecOps Engineer

Summary

Join AbbVie's Information Security team as a Senior DevSecOps Engineer. You will leverage your expertise in application security, security engineering, and software development to support and enhance inline code testing and reporting processes. This role involves implementing and administering application security tooling, integrating it into CI/CD pipelines, and providing support to development teams. The position is virtual and can be located anywhere in the U.S. You will be responsible for implementing and maintaining application security testing tools, acting as first-line support for users, integrating security tooling with CI/CD pipelines, and developing detailed reports. This role requires a Bachelor's degree and 7 years of experience (or equivalent) and strong knowledge of application security principles and secure coding practices.

Requirements

• Bachelor’s Degree and 7 years’ experience OR Master’s Degree and 6 years’ experience OR PhD and 2 years’ experience
• 4+ years of experience in application security and software development
• 2+ years of experience implementing, administering, and supporting application security tooling such as SAST/DAST/IAST/SCA
• Strong knowledge of secure coding practices across multiple programming languages (esp. Java, Node.js)
• Experience integrating security testing into CICD pipelines via solutions such as GitHub Actions and Azure DevOps
• Strong knowledge of application security principles along with common vulnerabilities (e.g., OWASP Top 10, CWE, etc.) and associated mitigations
• Experience supporting developers with assessing and mitigating application security test findings
• Experience implementing DevSecOps workflows in cloud environments such as AWS and Azure
• Experience developing Infrastructure As Code (IAC) via solutions such as TerraForm and/or CloudFormation
• Ability to effectively communicate technical findings to both technical and non-technical stakeholders

Responsibilities

• Implementing and maintaining Application Security Testing (AST) tools (SAST, DAST, IAST, SCA, etc.) to identify code and dependency vulnerabilities during the software development lifecycle
• Implementing and maintaining Application Security Posture Management (ASPM) tools to centralize and deduplicate findings from multiple solutions and integrate into software development processes
• Acting as the first line of support for users by helping resolve false positives, providing guidance on finding remediation, and evaluating security exception requests
• Integrating security tooling with Continuous Integration/Continuous Deployment (CICD) pipelines
• Developing detailed reports on security findings and remediation efforts
• Demonstrate high proficiency across a wide range of technologies and platforms related to application security, software design and development, containerization, and cloud environments

Preferred Qualifications

• Experience implementing tooling to consolidate application security test findings from multiple sources to facilitate developer engagement and integrate with development workflows and tracking systems
• Experience administering Snyk and Endor Labs
• Experience integrating Cloud Security Posture Management (CSPM) tooling with application security pipelines
• Experience with Kubernetes security and best practices
• Experience automating workflows via programming languages such as Python
• Experience collaborating with vulnerability and risk management partners to interface with risk management and acceptance processes
• Experience developing and/or deploying training for software engineers around DevSecOps tooling, secure development standards, and application security fundamentals
• Experience developing DevSecOps policies and standards

Benefits

• Paid time off (vacation, holidays, sick)
• Medical/dental/vision insurance
• 401(k)
• Short-term incentive programs
• Long-term incentive programs