Hispanic Alliance for Career Enhancement
Principal Application Security Engineer (Remote)
Hispanic Alliance for Career Enhancement, Phoenix, Arizona, United States, 85003
AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow.
Become a key player in our Information Security team as a Principal Application Security Engineer, where you will leverage your expertise in application security, security engineering, and software development to support and enhance our inline code testing and reporting processes.
This position can be virtual anywhere in the U.S.
Responsibilities:
Implementing and maintaining Application Security Testing (AST) tools (SAST, DAST, IAST, SCA, etc.) to identify code and dependency vulnerabilities during the software development lifecycle. Implementing and maintaining Application Security Posture Management (ASPM) tools to centralize and deduplicate findings from multiple solutions and integrate into software development processes. Acting as the first line of support for users by helping resolve false positives, providing guidance on finding remediation, and evaluating security exception requests. Integrating security tooling with Continuous Integration/Continuous Deployment (CICD) pipelines. Developing detailed reports on security findings and remediation efforts. Demonstrate high proficiency across a wide range of technologies and platforms related to application security, software design and development, containerization, and cloud environments. Communicate security risks and evangelize secure development practices to development teams and their management. Lean/understand vulnerabilities, triage security risks at scale in disparate application development environments and business units. Qualifications:
Bachelor's Degree and 8 years' experience OR Master's Degree and 7 years' experience OR PhD and 3 years' experience 5+ years of experience in application security and software development 3+ years of experience implementing, administering, and supporting application security tooling such as SAST/DAST/IAST/SCA Extensive knowledge of secure coding practices across multiple programming languages (esp. Java, Node.js) Extensive experience integrating security testing into CICD pipelines Strong knowledge of application security principles along with common vulnerabilities (e.g., OWASP Top 10, CWE, etc.) and associated mitigations Experience implementing and scaling DevSecOps practices and tooling within large organizations Experience implementing DevSecOps workflows in cloud environments such as AWS and Azure Experience developing Infrastructure As Code (IAC) via solutions such as Terraform and/or CloudFormation Experience supporting developers with assessing and mitigating application security test findings Ability to effectively communicate technical findings to both technical and non-technical stakeholders Demonstrated ability to function as a principal engineer, generating original technical ideas and strategies. Excellent written and oral English communication skills. Experience coaching and supporting the development of junior engineers Preferred:
Experience implementing tooling to consolidate application security test findings from multiple sources to facilitate developer engagement and integrate with development workflows and tracking systems Experience administering Snyk and Endor Labs Experience integrating Cloud Security Posture Management (CSPM) tooling with application security pipelines Experience automating workflows via programming and scripting languages such as Python Experience building logging into DevSecOps pipelines to gain insights into pipeline performance Experience collaborating with vulnerability and risk management partners to interface with risk management and acceptance processes AbbVie is an equal opportunity employer and is committed to operating with integrity, driving innovation, transforming lives and serving our community. Equal Opportunity Employer/Veterans/Disabled.
#J-18808-Ljbffr
Implementing and maintaining Application Security Testing (AST) tools (SAST, DAST, IAST, SCA, etc.) to identify code and dependency vulnerabilities during the software development lifecycle. Implementing and maintaining Application Security Posture Management (ASPM) tools to centralize and deduplicate findings from multiple solutions and integrate into software development processes. Acting as the first line of support for users by helping resolve false positives, providing guidance on finding remediation, and evaluating security exception requests. Integrating security tooling with Continuous Integration/Continuous Deployment (CICD) pipelines. Developing detailed reports on security findings and remediation efforts. Demonstrate high proficiency across a wide range of technologies and platforms related to application security, software design and development, containerization, and cloud environments. Communicate security risks and evangelize secure development practices to development teams and their management. Lean/understand vulnerabilities, triage security risks at scale in disparate application development environments and business units. Qualifications:
Bachelor's Degree and 8 years' experience OR Master's Degree and 7 years' experience OR PhD and 3 years' experience 5+ years of experience in application security and software development 3+ years of experience implementing, administering, and supporting application security tooling such as SAST/DAST/IAST/SCA Extensive knowledge of secure coding practices across multiple programming languages (esp. Java, Node.js) Extensive experience integrating security testing into CICD pipelines Strong knowledge of application security principles along with common vulnerabilities (e.g., OWASP Top 10, CWE, etc.) and associated mitigations Experience implementing and scaling DevSecOps practices and tooling within large organizations Experience implementing DevSecOps workflows in cloud environments such as AWS and Azure Experience developing Infrastructure As Code (IAC) via solutions such as Terraform and/or CloudFormation Experience supporting developers with assessing and mitigating application security test findings Ability to effectively communicate technical findings to both technical and non-technical stakeholders Demonstrated ability to function as a principal engineer, generating original technical ideas and strategies. Excellent written and oral English communication skills. Experience coaching and supporting the development of junior engineers Preferred:
Experience implementing tooling to consolidate application security test findings from multiple sources to facilitate developer engagement and integrate with development workflows and tracking systems Experience administering Snyk and Endor Labs Experience integrating Cloud Security Posture Management (CSPM) tooling with application security pipelines Experience automating workflows via programming and scripting languages such as Python Experience building logging into DevSecOps pipelines to gain insights into pipeline performance Experience collaborating with vulnerability and risk management partners to interface with risk management and acceptance processes AbbVie is an equal opportunity employer and is committed to operating with integrity, driving innovation, transforming lives and serving our community. Equal Opportunity Employer/Veterans/Disabled.
#J-18808-Ljbffr