Senior Security Engineer (Remote)

Role Summary

Senior Security Engineer (Remote) responsible for shaping and guiding AbbVie's security strategy, architecture, and practices with a focus on cyber posture and hygiene. Contributes to the digital transformation of a leading Biopharma company and collaborates with cross-functional teams to improve security controls and monitoring. Position can be based virtually anywhere in the U.S.

Responsibilities

• Provide technical leadership, mentoring, and consultation with less experienced team members to improve overall cyber posture and hygiene program
• Prioritize remediation efforts by ensuring a risk-based approach is followed when addressing discovered configuration drift
• Develop scripts to leverage in-scope application APIs to extract cyber hygiene and posture to verify configuration settings
• Create dashboards and alerts to inform key stakeholders of configuration drift and required remediation activities
• Partner with engineers and key stakeholders to document CIS baselines based on internal requirements
• Collaborate with internal cybersecurity teams to identify opportunities for incorporating systems in the cyber posture and hygiene program
• Drive platform compliance to ensure on-prem and hosted assets are continuously monitored for configuration drift
• Provide technical leadership, mentoring, and consultation with less experienced team members to improve overall cyber posture and hygiene program
• Understand and adhere to corporate standards regarding applicable Corporate and Divisional Policies, including code of conduct, safety, GxP compliance, data security, and the software development cycle

Qualifications

• Bachelor’s Degree with 6 years’ experience; master’s degree with 5 years’ experience; PhD with 0 years’ experience in information security and/or related functions (IT Audit, Risk Management, or Security Architecture).
• Strong understanding of current cybersecurity tool capabilities as it pertains to continuous monitoring for configuration drift, including tools such as Tenable, CrowdStrike, and Windows Defender.
• Proficiency in using Splunk to effectively perform duties related to data analysis and security monitoring
• Proven ability to leverage scripting languages, such as Python, Bash, and PowerShell, to interface with in-scope applications using available APIs.
• Expert knowledge of operating systems, networking protocols, system administration, X as a service, applications, and security technologies.
• Proficient understanding of cybersecurity frameworks, including the CIS Critical Security Controls (CIS 18), NIST CSF, and NIST 800-53.
• Excellent written and oral communication skills
• Strong problem-solving and analytical skills with the ability to identify security risks and propose effective solutions
• Professional cybersecurity and relevant industry certifications (CISSP, CEH, CompTIA Security+, CCSP, GSEC) are highly desirable
• Highly autonomous and productive in performing activities, requiring only minimal direction from or interaction with manager

Skills

• Cybersecurity leadership and mentoring
• Configuration drift monitoring and remediation
• Scripting and API utilization
• Security analytics and dashboards
• Risk-based decision making
• Policy and compliance understanding (GxP, data security)
• Communication and collaboration across teams

Education

• As listed in Qualifications (Bachelor’s/Master’s/PhD in information security or related fields)