What AbbVie Has to Offer: Our work can—and does—have a tangible, lasting impact on millions of people. But it’s not just the results that matter. How we achieve them matters, too. Leading with purpose, we work to build a more sustainable future for generations to come. We do that by putting our expertise, resources and talent to work to make a real difference for patients, communities and our world.
AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas – immunology, oncology, neuroscience, and eye care – and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on X, Facebook, Instagram, YouTube, LinkedIn and Tik Tok.
Become a key player in our Information Security team as a Senior DevSecOps Engineer, where you will leverage your expertise in application security and security engineering to support and enhance our code scanning and finding management processes. This role involves the implementation and administration of application security tooling, integration of scanning into CI/CD pipelines, and building or implementing automated finding management technologies to facilitate developer remediation activities.
This position can be virtually anywhere in the U.S.
Responsibilities:
Implementing and maintaining Application Security Testing (AST) tools (SAST, DAST, IAST, SCA, etc.) to identify vulnerabilities and configuration issues during the software development lifecycle.
Implementing and maintaining tools (such as Application Security Posture Management / ASPM) to centralize and deduplicate findings from multiple solutions and integrate reporting into software development workflows.
Integrating security tooling with large-scale enterprise CI/CD pipelines.
Building and managing tooling and processes to drive efficient DevSecOps operations.
Required:
Bachelors Degree and 7 years experience OR Masters Degree and 6 years experience OR PhD and 2 years experience
4+ years of experience in security engineering and/or DevSecOps with a focus on security process automation
2+ years of experience implementing, administering, and supporting application security tooling such as SAST/DAST/IAST/SCA
Demonstrated experience designing, building, and optimizing CI/CD pipelines (such as GitHub Actions and Azure DevOps) for large-scale enterprise environments, including integrating security testing solutions, for both on-premises and cloud environments to ensure secure, efficient, and compliant software delivery throughout the development lifecycle
Ability to effectively communicate and document technical findings to both technical and non-technical stakeholders
Experience automating workflows via programming languages such as Python
Preferred:
Experience implementing custom or commercial solutions (such as Application Security Posture Management (ASPM) tooling) to automate DevSecOps processes, manage scan findings, and integrate with developer workflows
Experience implementing and maintaining container security in enterprise environments, utilizing industry-leading tools and practices for vulnerability management, image scanning, access control, and runtime protection to safeguard applications throughout the container lifecycle.
Experience administering Snyk in large enterprise environments
Experience integrating security tooling and processes with Jfrog Artifactory or other artifact repositories
Proven experience managing, storing, and distributing build artifacts at scale in enterprise environments, implementing best practices for artifact versioning, security, and traceability to support robust, efficient, and compliant software delivery pipelines
Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law:
The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location, and we may ultimately pay more or less than the posted range. This range may be modified in the future.
We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick), medical/dental/vision insurance and 401(k) to eligible employees.
This job is eligible to participate in our short-term incentive programs.
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, incentive, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole and absolute discretion unless and until paid and may be modified at the Company’s sole and absolute discretion, consistent with applicable law.
AbbVie is an equal opportunity employer and is committed to operating with integrity, driving innovation, transforming lives and serving our community. Equal Opportunity Employer/Veterans/Disabled.
US & Puerto Rico only - to learn more, visit https://www.abbvie.com/join-us/equal-employment-opportunity-employer.html
US & Puerto Rico applicants seeking a reasonable accommodation, click here to learn more:
https://www.abbvie.com/join-us/reasonable-accommodations.html
