Director - Application Security (Remote)

Company Description

AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas – immunology, oncology, neuroscience, and eye care – and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on X, Facebook, Instagram, YouTube, LinkedIn and Tik Tok.

Job Description

Provide strategic direction and leadership for the enterprise application security program, partnering with development teams across the organization to embed security throughout the software development lifecycle and lead the march to shift security further left within AbbVie. Drive maturation of existing application security capabilities while building and scaling new functions including product security, DevSecOps, API security, and software supply chain security, developer training. Lead multiple security teams to deliver a comprehensive application security program that enables secure, rapid development through automation, developer enablement, and security integration.

This position can be remote anywhere in the U.S.

Key Responsibilities:

• Accountability and ownership of the Application Security program including both strategy, execution, and ongoing operations.
• Build and maintain relationship with business and business-focused IT partners to gain support for and drive success to application security programs and processes.
• Build, develop, and execute on scalable and secure practices for the AbbVie App Sec program
• Oversee application security capabilities, following a “shift left” methodology to best integrate security throughout all phases of the SDLC
• Influence roadmaps and decisions of partner teams to promote application security
• Develop an application security framework, encompassing all aspects of application security, including vulnerability management, threat modeling, data protection, security logging/monitoring, secrets management, software supply chain security, DevSecOps integration, secure code training, security review & testing, and compliance.
• Lead and develop multiple application security teams focusing on:
  • Development standards & SDLC integration
  • DevSecOps Program
  • Application Security / DevSecOps operations & engineering
  • Product security
  • Software supply chain and secrets management
  • API & container security
• Build and scale developer-focused security programs including:
  • Developer certification and training programs
  • Secure code bootcamps
  • AppSec champions programs
  • Self-service security tooling
• Design and implement custom security tooling to ensure development teams have the best possible customer experience when interacting with Application Security.

Qualifications

• Bachelor’s Degree and 10 years of experience OR Masters Degree and 9 years experience OR PhD and 5 years of experience
• Understanding of software development, programming languages, the software development life cycle, and common security coding vulnerabilities (eg, OWASP Top 10).
• 10+ years of information security experience, including:
  • Minimum 5 years hands-on software development
  • Minimum 5 years leading application security or security architecture programs
  • Experience maintaining and implementing SDLC at the enterprise level
  • Experience developing enterprise level security policies and standards with focus on application security
  • Experience partnering with the business supporting IT teams to design and implement security applications
  • Direct experience building developer security training programs
  • Direct experience working with business partners to secure business product that are used by large customer bases (e.g. used by millions of customers). 
• Demonstrated experience leading teams within information technology
• Experience implementing and maintaining:
  • API security controls and gateways
  • Container security platforms
  • Secrets management solutions
  • Software composition analysis (SCA) tools
  • Security automation in CI/CD pipelines
  • Developer self-service security tools
  • Supply chain security controls
• Proven experience in managing 3rd party risks from both a strategic and operations perspective.
• Proven track record implementing:
  • Direct experience with code review, web application security assessments, and security architecture
  • Experience integrating security into Agile/DevOps practices
  • Strong interpersonal skills, ability to successfully adapt to changing requirements.
  • Proven ability to lead and develop an organization specifically through change and transformation.
  • Must be comfortable with ambiguity; strong writing and verbal communication skills, problem solving and creative thinking skills, and ability to work effectively with conceptual structures, outlines and models.
  • Ability to interact with and influence at all levels of management across divisions and functions.

Additional Information

Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law: ​

​

• The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location, and we may ultimately pay more or less than the posted range. This range may be modified in the future.​

• We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick), medical/dental/vision insurance and 401(k) to eligible employees.​

• This job is eligible to participate in our short-term incentive programs. ​

• This job is eligible to participate in our long-term incentive programs​

​

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, incentive, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole and absolute discretion unless and until paid and may be modified at the Company’s sole and absolute discretion, consistent with applicable law. ​

​

AbbVie is an equal opportunity employer and is committed to operating with integrity, driving innovation, transforming lives, serving our community and embracing diversity and inclusion.  It is AbbVie’s policy to employ qualified persons of the greatest ability without discrimination against any employee or applicant for employment because of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information, gender identity or expression, sexual orientation, marital status, status as a protected veteran, or any other legally protected group status.

US & Puerto Rico only - to learn more, visit https://www.abbvie.com/join-us/equal-employment-opportunity-employer.html 

US & Puerto Rico applicants seeking a reasonable accommodation, click here to learn more:

https://www.abbvie.com/join-us/reasonable-accommodations.html