Senior Penetration Tester - Red Team (Remote)

AbbVie - Atlanta, GA

posted 3 months ago

Full-time - Senior
Remote - Atlanta, GA
Chemical Manufacturing

About the position

As a Senior Penetration Tester - Red Team at AbbVie, you will be an integral part of the Business Technology Solutions (BTS) team, contributing to the digital transformation of a leading biopharma company. Your role will focus on protecting AbbVie's patients, data, and brand by identifying vulnerabilities and threats through simulated cyber security attacks. This position allows for remote work from anywhere in the U.S., providing flexibility while you engage in critical security initiatives. In this role, you will lead efforts in planning, developing, and executing adversarial exercises against AbbVie's networks, systems, applications, and users. You will collaborate with both internal and external groups to communicate risks identified throughout AbbVie's environment. Your work will directly impact AbbVie's ability to secure its organization against current and emerging threats, making a significant difference in the lives of patients and their communities. The ideal candidate will possess advanced experience in penetration testing and will be adept at communicating the impact of identified vulnerabilities to stakeholders. You will be responsible for developing and implementing red team methodologies, performing advanced technical penetration testing exercises, and delivering high-quality reports that communicate technical findings to various stakeholders, including developers, architects, and managers. Additionally, you will provide leadership on exploits, techniques, and countermeasures to the Information Security team, including the Cyber Security Incident Response Team (CSIRT) and junior red team members.

Responsibilities

  • Provide leadership on the latest critical information security vulnerabilities, threats, and exploits as they apply within the AbbVie environment.
  • Develop and implement red team methodology to assess risk within AbbVie's networks, systems, applications, and users.
  • Perform advanced technical penetration testing exercises (announced and covert) to identify weaknesses in AbbVie's environment and monitoring/response programs.
  • Develop and deliver high-quality reporting to communicate technical findings to stakeholders, including developers, architects, and managers.
  • Provide leadership on exploits, techniques, and countermeasures to members of the Information Security team, including AbbVie's Cyber Security Incident Response Team (CSIRT) and junior red team staff members.
  • Identify enhancements to tools, standards, and processes; provide input into policies and procedures, and contribute to the implementation and refinement of the strategy for the Information Security program on a global basis.
  • Perform web and mobile application security assessments, as needed and as directed by senior Attack Surface Management team members, including tasks such as performing security assessments for AbbVie applications across the enterprise.
  • Conduct static & dynamic application security testing and/or penetration testing of applications.
  • Audit results of security assessments with development and/or security teams and offer plans for remediation of vulnerabilities.
  • Train customer staff on application security concepts, remediation of code defects, and secure software development best practices.

Requirements

  • Bachelor's Degree and 7 years experience OR Master's Degree and 6 years experience OR PhD and 2 years experience with direct enterprise-level red team and/or penetration testing experience.
  • Hands-on experience with manual vulnerability testing, exploit development, and static code analysis, using commercial and open source tools.
  • Understanding of security controls such as authentication, authorization, access control, cryptography, and network protocols along with security standards and frameworks including Mitre ATT&CK.
  • Strong written and verbal communication skills, adept at communicating concepts to diverse audiences with varying skill sets.
  • Certifications such as OSCP, OSCE, OSWP or ECSA are strongly preferred.
  • Strong knowledge of operating systems (including Windows, Linux, Unix, and MacOS), networking fundamentals and technologies, cloud computing, and application architectures and technologies.
  • Proficiency in penetration testing techniques and tactics, including reconnaissance, initial access, persistence, lateral movement, collection, and exfiltration.

Nice-to-haves

  • Experience with cloud security practices and tools.
  • Familiarity with regulatory compliance frameworks relevant to the biopharmaceutical industry.

Benefits

  • Flexible work arrangements including remote work options.
  • Opportunities for professional development and career growth within a diverse, global team.
  • Participation in a collaborative and inclusive work environment.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service