Application & Platform Security Architect

🔥 6 minutes ago

🌽 Illinois – Remote

🌽 Illinois – Remote

💵 $141.5k - $268.5k / year

⏰ Full Time

🟠 Senior

🔴 Lead

🔙 Backend Engineer

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

AbbVie

WebsiteLinkedInAll Job Openings

10,000+ employees

Founded 2013

💊 Pharmaceuticals

🧬 Biotechnology

⚕️ Healthcare Insurance

Pharmaceuticals • Biotechnology • Healthcare Insurance

AbbVie is a global pharmaceutical company that discovers and delivers innovative medicines and solutions to enhance lives. With a focus on addressing the world's toughest health challenges, AbbVie operates in over 175 countries, providing a wide range of products across areas like immunology, oncology, neuroscience, and aesthetics. Committed to scientific innovation, AbbVie invests heavily in research and development, aiming to produce first-in-class medicines. The company also emphasizes workplace diversity, sustainability, and patient support initiatives, ensuring positive impact for both its patients and the broader community.

📋 Description

• Define reusable security architecture patterns and guardrails to enable consistent, secure implementation across high-risk business applications • Drive secure-by-design initiatives by integrating security considerations early in the software architecture lifecycle and influencing enterprise architecture direction • Represent security architecture in design authority boards and technical review councils, advocating for risk-based security controls • Work with in-business IT customers, including application architects and engineers to evaluate application software and infrastructure designs, for the purpose of defining/designing application controls aligned with enterprise standards • Define application-specific security control architectures and produce design artifacts to guide secure implementation of business-critical systems • Develop re-usable implementation guidance and design patterns based on previous engagements to scale the service • Work with information security leadership to develop strategies and plans to enforce security requirements and address identified risks in the infrastructure and applications • Act as a security architecture liaison to IT delivery and engineering teams, embedding security principles into technical delivery and architecture review forums • Support security aspects of business & IT initiatives by assisting in architecture, design, implementation, deployment, and operational transition of innovative & secure technology solutions • Research, evaluate, design, test, recommend and plan the implementation of new or updated information security technologies • Establish collaborative working relations with the Information Technology functions to ensure that solutions align with security architecture and business strategy • Play an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned • Complete remediation activities and initiate actions to ensure that compliance and security gaps are successfully addressed • Research and assess new information security threats and recommend remedial actions • Foster an information security culture through education, skill development, and implementation of effective information security processes and practices • Understand and adhere to corporate standards regarding applicable Corporate and Divisional Policies, including code of conduct, safety, GxP compliance, data security, and the software development lifecycle • Design the security architecture for applications, ensuring all components meet best practices and regulatory compliance • Work closely with software development, DevOps, and operations teams to integrate security into the software development lifecycle (SDLC) • Lead efforts in identifying potential threats through application threat modeling and propose design changes to mitigate risks

🎯 Requirements

• Bachelor’s degree and 9 years of experience OR Master’s Degree and 8 years of experience OR PhD and 4 years of experience in information security and/or related functions • Must have demonstrated exceptional ability to assess and communicate information security concepts and practices, with both business and IT stakeholders • Requires in-depth knowledge of the systems development life cycle, client area’s functions and systems, and systems applications programs development technological alternatives • Proven implementation of creative technology solutions that advance the business • Strong understanding of application security principles, including OWASP Top 10, SANS/CWE Top 25, and secure coding practices • Expertise in secure session management, token handling, and authentication mechanisms (OAuth, SAML, OpenID Connect) • Knowledge of cryptographic practices, encryption protocols, and PKI management • Experience with containerization (Docker, Kubernetes) and cloud platforms (AWS, Azure, GCP) • Familiarity with tools for code analysis (e.g., SonarQube, Veracode) and vulnerability scanning (e.g., Burp Suite, Nessus) • Understanding of DevSecOps practices, including securing CI/CD pipelines • Self-starter with the ability to work independently and manage multiple projects simultaneously • Strong problem-solving and analytical skills with the ability to identify security risks and propose effective solutions • Ability to work collaboratively in cross-functional teams and influence technical teams towards secure implementations • Understanding of cloud computing principles, including virtualization, containerization, microservices, and serverless computing; Risk Management, container security, Kubernetes security, IAM security, network security, auditing, encryption, secrets management and data protection, securing CI/CD • Advanced knowledge of Identity Security concepts, least-privilege, separation of duties, and Zero trust design principles • Understanding of federation technologies (WS-Fed, OAuth, OpenID connect, SAML …) and of encryption technologies (encryption types and protocols/standards) • Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project

🏖️ Benefits

• Comprehensive package of benefits including paid time off (vacation, holidays, sick) • Medical/dental/vision insurance • 401(k) to eligible employees • Participation in long-term incentive programs