Senior Application Security Engineer
Company: AbbVie
Location: Houston
Posted on: January 27, 2026
|
|
|
Job Description:
Company Description AbbVie's mission is to discover and deliver
innovative medicines and solutions that solve serious health issues
today and address the medical challenges of tomorrow. We strive to
have a remarkable impact on people's lives across several key
therapeutic areas immunology, oncology, neuroscience, and eye care
and products and services in our Allergan Aesthetics portfolio. For
more information about AbbVie, please visit us at www.abbvie.com .
Follow @abbvie on X , Facebook , Instagram , YouTube , LinkedIn and
Tik Tok . Job Description Become a key player in our Information
Security team as a Senior Application Security Engineer, where you
will leverage your expertise in application security, security
engineering, and software development to support and enhance our
inline code testing and reporting processes. This role involves the
implementation and administration of application security tooling,
integration into CI/CD pipelines, and providing support for
development teams using these products and consuming their
findings. Responsibilities: Implementing and maintaining
Application Security Testing (AST) tools (SAST, DAST, IAST, SCA,
etc.) to identify code and dependency vulnerabilities during the
software development lifecycle. Implementing and maintaining
Application Security Posture Management (ASPM) tools to centralize
and deduplicate findings from multiple solutions and integrate into
software development processes. Acting as the first line of support
for users by helping resolve false positives, providing guidance on
finding remediation, and evaluating security exception requests.
Integrating security tooling with Continuous Integration/Continuous
Deployment (CICD) pipelines. Developing detailed reports on
security findings and remediation efforts. Demonstrate high
proficiency across a wide range of technologies and platforms
related to application security, software design and development,
containerization, and cloud environments. Communicate security
risks and evangelize secure development practices to development
teams and their management. Lean/understand vulnerabilities, triage
security risks at scale in disparate application development
environments and business units. Qualifications Bachelors Degree
and 7 years experience OR Masters Degree and 6 years experience OR
PhD and 2 years experience 5 years of experience in application
security and software development 3 years of experience
implementing, administering, and supporting application security
tooling such as SAST/DAST/IAST/SCA Extensive knowledge of secure
coding practices across multiple programming languages (esp. Java,
Node.js) Extensive experience integrating security testing into
CICD pipelines Strong knowledge of application security principles
along with common vulnerabilities (e.g., OWASP Top 10, CWE, etc.)
and associated mitigations Experience implementing and scaling
DevSecOps practices and tooling within large organizations
Experience implementing DevSecOps workflows in cloud environments
such as AWS and Azure Experience developing Infrastructure As Code
(IAC) via solutions such as Terraform and/or CloudFormation
Experience supporting developers with assessing and mitigating
application security test findings Ability to effectively
communicate technical findings to both technical and non-technical
stakeholders Demonstrated ability to function as a principal
engineer, generating original technical ideas and strategies.
Demonstrated creative 'out of the box' thinking to solve difficult
technical problems and champion new technologies to achieve program
goals. Excellent written and oral English communication skills, as
demonstrated by presenting at leading scientific or technical
conferences. Experience coaching and supporting the development of
junior engineers Preferred: Experience implementing tooling to
consolidate application security test findings from multiple
sources to facilitate developer engagement and integrate with
development workflows and tracking systems Experience administering
Snyk and Endor Labs Experience integrating Cloud Security Posture
Management (CSPM) tooling with application security pipelines
Experience automating workflows via programming and scripting
languages such as Python Experience building logging into DevSecOps
pipelines to gain insights into pipeline performance Experience
collaborating with vulnerability and risk management partners to
interface with risk management and acceptance processes Additional
Information Applicable only to applicants applying to a position in
any location with pay disclosure requirements under state orlocal
law: The compensation range described below is the range of
possible base pay compensation that the Companybelieves ingood
faith it will pay for this role at the timeof this posting based on
the job grade for this position.Individualcompensation paid within
this range will depend on many factors including geographic
location, andwemay ultimatelypay more or less than the posted
range. This range may be modified in thefuture. We offer a
comprehensive package of benefits including paid time off
(vacation, holidays, sick),medical/dental/visioninsurance and
401(k) to eligibleemployees. This job is eligible to participate in
our short-term incentiveprograms. This job is eligible to
participate in our long-term incentiveprograms Note: No amount of
payis considered to bewages or compensation until such amount is
earned, vested, anddeterminable.The amount and availability of any
bonus,commission, incentive, benefits, or any other form
ofcompensation and benefitsthat are allocable to a particular
employee remains in the Company's sole andabsolutediscretion unless
and until paid andmay be modified at the Companys sole and absolute
discretion, consistent withapplicable law. AbbVie is an equal
opportunity employer and is committed to operating with integrity,
driving innovation, transforming lives and serving our community.
Equal Opportunity Employer/Veterans/Disabled. US & Puerto Rico only
- to learn more, visit
https://www.abbvie.com/join-us/equal-employment-opportunity-employer.html
US & Puerto Rico applicants seeking a reasonable accommodation,
click here to learn more:
https://www.abbvie.com/join-us/reasonable-accommodations.html
Keywords: AbbVie, Baytown , Senior Application Security Engineer, IT / Software / Systems , Houston, Texas
