Senior Penetration Tester - Red Team (Remote)

---

Job description

Company Description
AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas immunology, oncology, neuroscience, and eye care and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at . on Twitter , Facebook , Instagram , YouTube and LinkedIn .

Job Description
Come to work each day with an inclusive and collaborative business technology team. As aSenior Penetration Tester - Red Teamin AbbVie Business Technology Solutions (BTS), youll have opportunities to contribute to the digital transformation of a leading biopharma company, helping to create solutions that impact patients and their communities for the better.

This position can be remote anywhere in the U.S.

AbbVIe Information Security is looking for a highly motivated, experienced, and skilled specialist to join the Attack Surface Management (ASM) team. AbbVies Advanced Security Testing team protects AbbVies patients, data, and brand by identifying vulnerabilities and threats to our organization through the use of simulated cyber security attacks. Advanced Security Testing is a capability of ASM within the larger Cyber Security Operations (CSO) function. Join us asSenior Penetration Tester - Red Teamto support and improve our efforts to identify and reduce AbbVies attack surface and help our business continue to have remarkable impacts on peoples lives.

This is a key member of theAdvanced Security Testingteam, and will lead efforts in planning, developing, and executing adversarial exercises against our networks, systems, applications, and users. The Senior Tester will work with internal and external groups to lead communications around risks identified throughout AbbVies environment. This role will make a difference by working with AbbVies defenders to secure our organization against current and emerging threats.

The ideal candidate will have advanced experience performing penetration tests against systems, applications, and networks, and working with stakeholders to communicate the impact of identified vulnerabilities and recommending remediation plans.

Responsibilities

• Provide leadership on the latest critical information security vulnerabilities, threats, and exploits, as they apply within the AbbVie environment
• Develop and implement red team methodology to assess risk within AbbVies networks, systems, applications, and users
• Perform advanced technical penetration testing exercises (announced and covert) to identify weaknesses in AbbVies environment and monitoring/response programs
• Assist in the management and development of command and control (C2) infrastructure
• Develop and deliver high-quality reporting to communicate technical findings to stakeholders, including developers, architects, and managers
• Provide leadership on exploits, techniques, and countermeasures to members of the Information Security team, including AbbVies Cyber Security Incident Response Team (CSIRT) and junior red team staff members
• Identify enhancements to tools, standards and processes; provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Information Security program on a global basis

Perform web and mobile application security assessments, as needed and as directed by senior Attack Surface Management team members, including tasks such as:

• Performing security assessments for AbbVie applications across the enterprise
• Static & dynamic application security testing and/or penetration testing of applications
• Auditing results of security assessments with development and/or security teams and offering plans for remediation of vulnerabilities
• Training customer staff on application security concepts, remediation of code defects, and secure software development best practices

Qualifications

• Bachelors Degree and 7 years experience OR Masters Degree and 6 years experience OR PhD and 2 years experience with direct enterprise-level red team and/or penetration testing experience
• Hands-on experience with manual vulnerability testing, exploit development, and static code analysis, using commercial and open source tools
• Hands-on experience with command and control (C2) best practices, infrastructure, beacon deploymentand management, with tools such as Cobalt Strike, Sliver, Mythic, etc
• Candidate must have an understanding of security controls such as authentication, authorization, access control, cryptography, and network protocols along with security standards and frameworks including Mitre ATT&CK
• Written and verbal communication skills are critical
• Adept at communicating concepts to diverse audiences with varying skill sets
• Certifications such as OSCP, OSCE, OSWP or ECSA are strongly preferred

Strong knowledge of the following:

• Operating systems (including Windows, Linux, Unix, and MacOS)
• Networking fundamentals and technologies
• Cloud computing
• Application architectures and technologies
• Penetration testing techniques and tactics, including reconnaissance, initial access, persistence, lateral movement, collection, and exfiltration

Why Business Technology Solutions
For anyone who wants to use technology and data to make a difference in peoples lives, shape the digital transformation of a leading biopharmaceutical company, and secure sustainable career growth within a diverse, global team: were ready for you

Additional Information
Applicable only to applicants applying to a position in any location with pay disclosure requirements under state orlocal law:

• The compensation range described below is the range of possible base pay compensation that the Companybelieves ingood faith it will pay for this role at the timeof this posting based on the job grade for this position.Individualcompensation paid within this range will depend on many factors including geographic location, andwemay ultimatelypay more or less than the posted range. This range may be modified in thefuture.
• We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick),medical/dental/visioninsurance and 401(k) to eligibleemployees.
• This job is eligible to participate in our short-term incentiveprograms.
• This job is eligible to participate in our long-term incentiveprograms

Note: No amount of payis considered to bewages or compensation until such amount is earned, vested, anddeterminable.The amount and availability of any bonus,commission, incentive, benefits, or any other form ofcompensation and benefitsthat are allocable to a particular employee remains in the Company's sole andabsolutediscretion unless and until paid andmay be modified at the Companys sole and absolute discretion, consistent withapplicable law.

AbbVie is an equal opportunity employer and is committed to operating with integrity, driving innovation, transforming lives, serving our community and embracing diversity and inclusion. It is AbbVies policy to employ qualified persons of the greatest ability without discrimination against any employee or applicant for employment because of race, color, religion, national origin, age, sex (including pregnancy), physical or mental disability, medical condition, genetic information, gender identity or expression, sexual orientation, marital status, status as a protected veteran, or any other legally protected group status.

US & Puerto Rico only - to learn more, visit

US & Puerto Rico applicants seeking a reasonable accommodation, click here to learn more:

<!– job description page –>