AbbVie logo

Application & Platform Security Architect

AbbVie
June 26, 2026
Remote friendly (Waco, TX)
United States
$141,500 - $268,500 USD yearly
IT
Responsibilities:
- Define reusable security architecture patterns and guardrails for high-risk applications.
- Drive secure-by-design initiatives early in the software architecture lifecycle.
- Advocate for risk-based security controls in design authority boards and technical review councils.
- Partner with IT customers to evaluate designs and define application controls aligned to enterprise standards.
- Produce application-specific security control architectures and design artifacts for business-critical systems.
- Create reusable implementation guidance and design patterns to scale.
- Develop strategies/plans with security leadership to enforce security requirements and address risks.
- Serve as security architecture liaison to IT delivery/engineering; embed security into delivery and architecture reviews.
- Support business & IT initiatives across architecture, design, implementation, deployment, and operational transition.
- Research, evaluate, design, test, and recommend new/updated security technologies.
- Advise on application development/acquisition to ensure security requirements and planned controls are implemented; drive remediation.
- Research and assess threats; recommend remedial actions.
- Foster security culture via education and effective security processes.
- Design application security architecture meeting best practices and regulatory compliance.
- Integrate security into SDLC with DevOps/operations; lead application threat modeling and propose mitigations.

Qualifications:
Required:
- Bachelorโ€™s + 9 yrs OR Masterโ€™s + 8 yrs OR PhD + 4 yrs in information security/security architecture, IT audit, or risk management.
- Strong ability to assess/communicate with business and IT stakeholders.
- Deep knowledge of SDLC and secure application development; OWASP Top 10, SANS/CWE Top 25, secure coding.
- Expertise in session management, token handling, and auth (OAuth, SAML, OpenID Connect).
- Knowledge of cryptography/encryption/PKI.
- Experience with Docker/Kubernetes and AWS/Azure/GCP.
- Familiarity with SonarQube/Veracode and Burp Suite/Nessus.
- DevSecOps and securing CI/CD pipelines.
- Self-starter; strong problem-solving/analytical skills.
- Cross-functional influence; strong communications.
- Cloud security/risk management, container/Kubernetes security, IAM, network security, auditing, secrets management, data protection, and CI/CD security.
- Identity security (least privilege, separation of duties, Zero Trust).
- Federation (WS-Fed, OAuth, OIDC, SAML) and encryption standards.
- Experience developing and documenting security architecture/strategies (strategic/tactical/project).
- Significant SOX & HIPAA experience with ITGC via audit/remediation/validation.
- Knowledge of ISO/NIST frameworks.

Preferred:
- CISSP.
- Plus: identity management/federated identity, incident management, access control, application vulnerability testing, PKI, Windows/Unix/Linux, public cloud infrastructure/services.

Benefits:
- Paid time off (vacation, holidays, sick), medical/dental/vision insurance, and 401(k) (eligible employees).

Application instructions:
- None provided.