Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medicines. Our 113,000 colleagues serve people in more than 160 countries.
Application Security Engineer
Kansas City, MO; Richmond, VA; Lake Forest, IL
Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medicines. Our 107,000 colleagues serve people in more than 160 countries
Diagnostic testing is a compass, providing information that helps in the prevention, diagnosis and treatment of a range of health conditions.
Abbott's life-changing tests and diagnostic tools give you accurate, timely information to better manage your health. We're empowering smarter medical and economic decision making to help transform the way people manage their health at all stages of life. Every day, more than 10 million tests are run on Abbott's diagnostics instruments, providing lab results for millions of people.
Our locations in Kansas City, MO, Richmond, VA, and Lake Forest, IL currently have an opportunity for a Application Security Engineer within our Toxicology business unit. The Application Security Engineer is the go-to subject matter expert for Application Security (AppSec) for all in-house applications. The AppSec Engineer supports the agile development teams and liaisons with the database team, networking team, DevOps team, and other information technology support teams to provide controls and solutions to security issues. They help define security standards, controls and architecture in conjunction with business and IT goals. Collaboration with corporate controls, processes, tools, and audits is required. They communicate openly and often with teams, leadership, and clients. This role sits in our Rapid Diagnostics Division, and Toxicology Business Unit.
WHAT YOU'LL DO
Learn and understand threat landscape and the specific attack surfaces presented by eScreen applications.
Prioritize applications and identified vulnerabilities for analysis and remediation work
Maintain effective processes and procedures for Static and Dynamic Application Vulnerability scans (SAST and DAST), intrusion detection, vulnerability scans, penetration testing, Web Application Firewall alerts, Software Bill of Material (SBOM) and other assessments. Assess outcomes of these and other security processes for prioritization and remediation.
Remediate vulnerabilities across an extensively broad and diverse code base.
Provide application security expertise in consultant fashion to development teams, product owners, and other areas of the company.
Architect and design secure solutions for authentication, access controls, and other security critical functions within the eScreen software suite.
Conduct security reviews of source code, technical designs, and policies. Advocate for secure practices and policies in development processes, source code, and technical design.
Able to support multiple business priorities and deadlines
Collaborate effectively with individuals and teams across the entire Software Development Life Cycle (SDLC).
Mentor team members on security best practices, design and architecture. Conducts periodic formal training in security topics for software teams.
Maintain currency in secure development methodologies and best practices
Minimal travel may be required for this position
Responsible for all areas of Application Security including source code, practices, secure technical design and policies relating to secure software development.
Supports other software teams such as business analysts and quality assurance teams
Provides training for entry-level programmers and evaluates/recommends changes in procedures
Mentors team members in software development best practices
As directed, may assume technical lead role on projects and may provide technical direction to a small group of application programmers
EDUCATION AND EXPERIENCE YOU'LL BRING
Bachelor's degree in Computer Science, Computer Engineering, Information Security/Cyber Security or Engineering related degree, or equivalent work experience
Background in enterprise web application programming
Two plus (2+) years of practical experience specifically in Application Security (AppSec)
Experience with Static Application Security Testing (SAST) tools (such as Checkmarx)
Experience with Dynamic Application Security Testing (DAST) tools (such as NetSparker or Rapid7)
Experience with Web Application Firewall(s) (WAF)
.NET (C#), extensive, proven work with ASP.NET and MVC required
Demonstrated ability to set and meet tight deadlines and function well under pressure
Ability to work in a dynamic and fast paced environment
Strong problem-solving skills
Working knowledge of Windows operating systems and Microsoft Office applications including Outlook, Work, Excel, Visio, PowerPoint, etc.
Subject matter expert in Application Security
Deep understanding of security issues such as SQLi, XSS, XSRF, and business logic flaws. Experience identifying, preventing, and remediating these issues.
Knowledge of security standards, principles, techniques and technologies (OWASP, ISO27001, NIST etc.)
Knowledge of browser security controls, web application security frameworks, and authentication infrastructures (SAML, OAUTH).
Four plus (4+) years of software development in a team environment
Four plus (4+) years enterprise software development with Microsoft stack
MCSD or other Microsoft certifications (preferred)
Agile/Scrum certification (preferred)
Industry recognized InfoSec or AppSec certifications such as CISSP or SANS certification (preferred)
WHAT WE OFFER
At Abbott, you can have a good job that can grow into a great career. We offer:
Training and career development, with onboarding programs for new employees and tuition assistance
Financial security through competitive compensation, incentives and retirement plans
Health care and well-being programs including medical, dental, vision, wellness and occupational health programs
Paid time off
401(k) retirement savings with a generous company match
The stability of a company with a record of strong financial performance and history of being actively involved in local communities
Follow your career aspirations to Abbott for diverse opportunities with a company that provides the growth and strength to build your future. Abbott is an Equal Opportunity Employer, committed to employee diversity.
Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medicines. Our 109,000 colleagues serve people in more than 160 countries.