Remote Senior DevSecOps Engineer (Remote)

Description:

• Become a key player in AbbVie's Information Security team as a Senior DevSecOps Engineer.
• Leverage expertise in application security, security engineering, and software development to support and enhance inline code testing and reporting processes.
• Implement and administer application security tooling, integrating it into CI/CD pipelines.
• Provide support for development teams using these products and consuming their findings.
• This position can be virtual anywhere in the U.S.
• Responsibilities include implementing and maintaining Application Security Testing (AST) tools to identify code and dependency vulnerabilities during the software development lifecycle.
• Implement and maintain Application Security Posture Management (ASPM) tools to centralize and deduplicate findings from multiple solutions and integrate into software development processes.
• Act as the first line of support for users by helping resolve false positives, providing guidance on finding remediation, and evaluating security exception requests.
• Integrate security tooling with Continuous Integration/Continuous Deployment (CICD) pipelines.
• Develop detailed reports on security findings and remediation efforts.
• Demonstrate high proficiency across a wide range of technologies and platforms related to application security, software design and development, containerization, and cloud environments.

Requirements:

• A Bachelor’s Degree and 7 years’ experience OR a Master’s Degree and 6 years’ experience OR a PhD and 2 years’ experience is required.
• A minimum of 4 years of experience in application security and software development is required.
• At least 2 years of experience implementing, administering, and supporting application security tooling such as SAST/DAST/IAST/SCA is required.
• Strong knowledge of secure coding practices across multiple programming languages, especially Java and Node.js, is required.
• Experience integrating security testing into CICD pipelines via solutions such as GitHub Actions and Azure DevOps is required.
• Strong knowledge of application security principles along with common vulnerabilities (e.g., OWASP Top 10, CWE, etc.) and associated mitigations is required.
• Experience supporting developers with assessing and mitigating application security test findings is required.
• Experience implementing DevSecOps workflows in cloud environments such as AWS and Azure is required.
• Experience developing Infrastructure As Code (IAC) via solutions such as TerraForm and/or CloudFormation is required.
• Ability to effectively communicate technical findings to both technical and non-technical stakeholders is required.
• Preferred qualifications include experience implementing tooling to consolidate application security test findings from multiple sources, administering Snyk and Endor Labs, integrating Cloud Security Posture Management (CSPM) tooling, and experience with Kubernetes security and best practices.

Benefits:

• AbbVie offers a comprehensive package of benefits including paid time off (vacation, holidays, sick), medical/dental/vision insurance, and 401(k) to eligible employees.
• This job is eligible to participate in short-term incentive programs.
• This job is also eligible to participate in long-term incentive programs.
• The compensation range for this role is $106,500 - $202,500, depending on various factors including geographic location.