hero

Find Your Dream Job Today

Our mission is to help high-achieving LGBTQ+ undergraduates reach their full potential.

Senior Penetration Tester - Red Team

AbbVie

AbbVie

Mettawa, IL, USA
Posted on Thursday, July 4, 2024

Company Description

AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas – immunology, oncology, neuroscience, and eye care – and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on Twitter, Facebook, Instagram, YouTube and LinkedIn.

Job Description

Come to work each day with an inclusive and collaborative business technology team. As a Senior Penetration Tester - Red Team in AbbVie Business Technology Solutions (BTS), you’ll have opportunities to contribute to the digital transformation of a leading biopharma company, helping to create solutions that impact patients and their communities for the better.

This position can be remote anywhere in the U.S.

AbbVIe Information Security is looking for a highly motivated, experienced, and skilled specialist to join the Attack Surface Management (ASM) team. AbbVie’s Advanced Security Testing team protects AbbVie’s patients, data, and brand by identifying vulnerabilities and threats to our organization through the use of simulated cyber security attacks. Advanced Security Testing is a capability of ASM within the larger Cyber Security Operations (CSO) function. Join us as Senior Penetration Tester - Red Team to support and improve our efforts to identify and reduce AbbVie’s attack surface and help our business continue to have remarkable impacts on people’s lives.

This is a key member of the Advanced Security Testing team, and will lead efforts in planning, developing, and executing adversarial exercises against our networks, systems, applications, and users. The Senior Tester will work with internal and external groups to lead communications around risks identified throughout AbbVie’s environment. This role will make a difference by working with AbbVie’s defenders to secure our organization against current and emerging threats.

The ideal candidate will have advanced experience performing penetration tests against systems, applications, and networks, and working with stakeholders to communicate the impact of identified vulnerabilities and recommending remediation plans.

Responsibilities

  • Provide leadership on the latest critical information security vulnerabilities, threats, and exploits, as they apply within the AbbVie environment
  • Develop and implement red team methodology to assess risk within AbbVie’s networks, systems, applications, and users
  • Perform advanced technical penetration testing exercises (announced and covert) to identify weaknesses in AbbVie’s environment and monitoring/response programs
  • Develop and deliver high-quality reporting to communicate technical findings to stakeholders, including developers, architects, and managers
  • Provide leadership on exploits, techniques, and countermeasures to members of the Information Security team, including AbbVie’s Cyber Security Incident Response Team (CSIRT) and junior red team staff members
  • Identify enhancements to tools, standards and processes; provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Information Security program on a global basis

Perform web and mobile application security assessments, as needed and as directed by senior Attack Surface Management team members, including tasks such as:

  • Performing security assessments for AbbVie applications across the enterprise
  • Static & dynamic application security testing and/or penetration testing of applications
  • Auditing results of security assessments with development and/or security teams and offering plans for remediation of vulnerabilities
  • Training customer staff on application security concepts, remediation of code defects, and secure software development best practices

Qualifications

Qualifications:

  • Bachelors Degree and 7 years experience OR Masters Degree and 6 years experience OR PhD and 2 years experience with direct enterprise-level red team and/or penetration testing experience
  • Hands-on experience with manual vulnerability testing, exploit development, and static code analysis, using commercial and open source tools
  • Candidate must have an understanding of security controls such as authentication, authorization, access control, cryptography, and network protocols along with security standards and frameworks including Mitre ATT&CK
  • Written and verbal communication skills are critical
  • Adept at communicating concepts to diverse audiences with varying skill sets
  • Certifications such as OSCP, OSCE, OSWP or ECSA are strongly preferred

Strong knowledge of the following:

  • Operating systems (including Windows, Linux, Unix, and MacOS)
  • Networking fundamentals and technologies
  • Cloud computing
  • Application architectures and technologies
  • Penetration testing techniques and tactics, including reconnaissance, initial access, persistence, lateral movement, collection, and exfiltration

Why Business Technology Solutions
For anyone who wants to use technology and data to make a difference in people’s lives, shape the digital transformation of a leading biopharmaceutical company, and secure sustainable career growth within a diverse, global team: we’re ready for you

Additional Information

Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law: ​

  • The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location, and we may ultimately pay more or less than the posted range. This range may be modified in the future.​

  • We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick), medical/dental/vision insurance and 401(k) to eligible employees.​

  • This job is eligible to participate in our short-term incentive programs. ​

  • This job is eligible to participate in our long-term incentive programs​

Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, incentive, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole and absolute discretion unless and until paid and may be modified at the Company’s sole and absolute discretion, consistent with applicable law. ​

AbbVie is committed to operating with integrity, driving innovation, transforming lives, serving our community and embracing diversity and inclusion. It is AbbVie’s policy to employ qualified persons of the greatest ability without discrimination against any employee or applicant for employment because of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information, gender identity or expression, sexual orientation, marital status, status as a protected veteran, or any other legally protected group status.