AbbVie logo

Application & Platform Security Architect

AbbVie
June 26, 2026
Remote friendly (North Chicago, IL)
United States
$141,500 - $268,500 USD yearly
IT
Responsibilities:
- Define reusable application security architecture patterns and guardrails.
- Drive secure-by-design by integrating security early in the software architecture lifecycle.
- Advocate risk-based security controls in design authority and technical review forums.
- Partner with IT application architects/engineers to evaluate designs and define aligned application controls.
- Produce application-specific security control architectures and design artifacts for business-critical systems.
- Create reusable implementation guidance and design patterns.
- Develop strategies/plans to enforce security requirements and remediate infrastructure/application risks.
- Liaise with IT delivery/engineering to embed security principles into delivery and architecture reviews.
- Support security aspects of initiatives across architecture, design, implementation, deployment, and operational transition.
- Research/evaluate/test new or updated security technologies and plan implementations.
- Advise in application development/acquisition projects to ensure security requirements/controls are implemented; drive remediation.
- Assess new threats and recommend remedial actions.
- Foster security culture via education and effective security processes.
- Adhere to corporate policies impacting code of conduct, GxP compliance, data security, and SDLC.
- Design security architecture for applications and ensure best practices/regulatory compliance.
- Integrate security into SDLC with DevOps/operations teams.
- Lead application threat modeling and propose design changes to mitigate risks.

Qualifications (Required):
- Bachelorโ€™s (9 yrs) OR Masterโ€™s (8 yrs) OR PhD (4 yrs) in information security or related (IT Audit, Risk Management, Security Architecture).
- Strong ability to assess/communicate security concepts with business and IT stakeholders.
- In-depth SDLC knowledge and secure application development.
- Application security knowledge (OWASP Top 10, SANS/CWE Top 25) and secure coding practices.
- Secure session management, token handling, authentication (OAuth, SAML, OpenID Connect).
- Cryptography, encryption protocols, and PKI.
- Containerization and cloud platforms (Docker, Kubernetes; AWS/Azure/GCP).
- Code analysis and vulnerability scanning tools (e.g., SonarQube, Veracode; Burp Suite, Nessus).
- DevSecOps and securing CI/CD pipelines.
- Self-starter; strong problem-solving/analytics; cross-functional influence.
- Cloud security/risk management including IAM, network security, auditing, secrets/data protection.
- Identity Security (least privilege, separation of duties, Zero Trust).
- Federation and encryption technologies.
- Experience developing/documenting security architecture plans.
- Significant SOX/HIPAA experience with ITGC (audit/remediation/CSV).
- Strong security frameworks knowledge (e.g., ISO, NIST) and communications/influencing skills.

Qualifications (Preferred):
- CISSP or similar.
- Plus: identity management/federated identity services, incident management, access control, application vulnerability testing, PKI, Windows/Linux, public cloud services.

Benefits:
- Paid time off; medical/dental/vision insurance; 401(k); eligibility for long-term incentive programs.

Application instructions:
- No explicit application instructions provided.