Senior Security Engineer Cybersecurity Posture, Hygiene & AI
About the role
Join a dynamic team dedicated to enhancing cybersecurity posture, hygiene, and AI enablement at AbbVie. This role is part of the Information Security Risk Management (ISRM) Architecture team, focusing on creating and implementing strategies to protect the organization's digital assets.
Responsibilities
- Provide technical leadership, mentoring, and consultation to less experienced team members to improve the overall cybersecurity posture and hygiene program
- Prioritize remediation efforts by ensuring a risk-based approach is followed when addressing discovered configuration drift
- Create scripts to leverage in-scope application APIs to extract cybersecurity hygiene and posture data to verify configuration settings
- Develop dashboards and alerts to inform key stakeholders of configuration drift and required remediation activities
- Partner with engineers and key stakeholders to document CIS baselines based on internal requirements
- Collaborate with internal cybersecurity teams to identify opportunities for incorporating systems into the cybersecurity posture and hygiene program
- Drive platform compliance to ensure on-premises and hosted assets are continuously monitored for configuration drift
- Apply a strong working understanding of artificial intelligence (AI) and machine learning concepts, including how models are trained, where they are effective, and where human validation is required, particularly in cybersecurity use cases
- Ensure AI is used appropriately and responsibly within posture and hygiene workflows, including validating AI-generated insights, preventing overreliance on automation, and confirming outputs align with established security baselines and risk tolerance
Qualifications
- Bachelor’s Degree with 6 years of experience; Master’s Degree with 5 years of experience; or PhD with 0 years of experience in information security and/or related functions (IT Audit, Risk Management, or Security Architecture)
- Strong understanding of current cybersecurity tool capabilities as they pertain to continuous monitoring for configuration drift, including tools such as Tenable, CrowdStrike, and Windows Defender
- Proficiency in using Splunk to perform data analysis and security monitoring effectively
- Expert knowledge of operating systems, networking protocols, system administration, XaaS, Service models, applications, and security technologies
- Proven ability to leverage scripting languages such as Python, Bash, and PowerShell to interface with in-scope applications using available APIs
- Expert knowledge of cybersecurity frameworks, including the CIS Critical Security Controls (CIS 18), NIST CSF, and NIST 800-53
- Excellent written and oral communication skills
- Strong problem-solving and analytical skills with the ability to identify security risks and propose effective solutions
- Professional cybersecurity and relevant industry certifications (CISSP, CEH, CompTIA Security+, CCSP, GSEC) are highly desirable
- Highly autonomous and productive, capable of performing responsibilities with minimal direction or oversight
Additional Information
Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law:
- The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location, and we may ultimately pay more or less than the posted range. This range may be modified in the future.
- We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick), medical/dental/vision insurance, and 401(k) to eligible employees.
- This job is eligible to participate in our short-term incentive programs.
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, incentive, benefits, or any other form of compensation and benefits allocable to a particular employee remains in the Company's sole and absolute discretion unless and until paid and may be modified at the Company's sole and absolute discretion, consistent with applicable law.
AbbVie is an equal opportunity employer and is committed to operating with integrity, driving innovation, transforming lives, and serving our community. Equal Opportunity Employer/Veterans/Disabled.