Senior DevSecOps Engineer - Platform and Tooling (Remote)
Role details
Job location
Tech stack
Job description
Become a key player in our Information Security team as a SeniorDevSecOpsEngineer, where you willleverageyourexpertisein application securityandsecurity engineering to support and enhance our codescanningandfinding managementprocesses. This role involves the implementation and administration of application security tooling, integrationof scanninginto CI/CD pipelines, and building or implementing automated finding management technologies tofacilitatedeveloper remediation activities., * Implementing andmaintainingApplication Security Testing (AST) tools(SAST,DAST,IAST,SCA, etc.)toidentifyvulnerabilitiesand configuration issuesduring the software development lifecycle.
Requirements
-
BachelorsDegree and 7years experienceORMastersDegree and 6years experienceOR PhD and2 years experience
-
4+ years of experience insecurity engineering and/orDevSecOpswith a focus on security process automation
-
2+ years of experience implementing, administering, and supporting application security tooling such as SAST/DAST/IAST/SCA
-
Demonstrated experience designing, building, andoptimizingCI/CD pipelines(such as GitHub Actions and Azure DevOps)for large-scale enterprise environments, including integrating security testing solutions,for both on-premises and cloud environments to ensure secure, efficient, and compliant software delivery throughout the development lifecycle
-
Ability to effectively communicateanddocumenttechnical findings to both technical and non-technical stakeholders
-
Experience automating workflows via programming languages such as Python
Preferred:
-
Experienceimplementingcustomor commercialsolutions(such as Application Security Posture Management (ASPM) tooling)toautomateDevSecOpsprocesses,manage scan findings,andintegrate withdeveloperworkflows
-
Experienceimplementing andmaintainingcontainer security in enterprise environments,utilizingindustry-leading tools and practices for vulnerability management, image scanning, access control, and runtime protection to safeguard applications throughout the container lifecycle.
-
Experience administeringSnykin large enterprise environments
-
Experienceintegrating securitytooling and processeswithJfrogArtifactoryorotherartifact repositories
-
Proven experience managing, storing, and distributing build artifacts at scale in enterprise environments, implementing best practices for artifact versioning, security, and traceability to support robust, efficient, and compliant software delivery pipelines
Benefits & conditions
Applicable only to applicants applying to a position in any location with pay disclosure requirements under state orlocal law:
- The compensation range described below is the range of possible base pay compensation that the Companybelieves ingood faith it will pay for this role at the timeof this posting based on the job grade for this position.Individualcompensation paid within this range will depend on many factors including geographic location, andwemay ultimatelypay more or less than the posted range. This range may be modified in thefuture.
- We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick),medical/dental/visioninsurance and 401(k) to eligibleemployees.
- This job is eligible to participate in our short-term incentiveprograms.
Note: No amount of payis considered to bewages or compensation until such amount is earned, vested, anddeterminable.The amount and availability of any bonus,commission, incentive, benefits, or any other form ofcompensation and benefitsthat are allocable to a particular employee remains in the Company's sole andabsolutediscretion unless and until paid andmay be modified at the Companys sole and absolute discretion, consistent withapplicable law.
AbbVie is an equal opportunity employer and is committed to operating with integrity, driving innovation, transforming lives and serving our community. Equal Opportunity Employer/Veterans/Disabled.
