Senior Detection Engineer - Threat Detection & Monitoring
Company Description
AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas – immunology, oncology, neuroscience, and eye care – and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on X, Facebook, Instagram, YouTube, LinkedIn and Tik Tok.
Job Description
The Senior Detection Engineer role will be responsible for the execution of the newly created, Business Application Security Monitoring (BASM) service. This is a technical role focused on extending AbbVie’s Threat Detection and Monitoring (TDM) services to include business web applications. This role will serve as a technical subject matter expert on attacker tactics and techniques targeting web applications. This role will also coach junior team members, engage in advanced data analysis, work closely with the Incident Response teams (customer) and application owners.
This position can be located anywhere in the U.S.
This role involves creating threat detection content by collaborating with application owners to gain a better understanding of the application's design and implementation details. The detection rules will be implemented using application telemetry and logs available in the SIEM.
Responsibilities
Onboarding new business application for security monitoring by following the application on-boarding process.
Ensuring application logs meet the minimum logging requirements to enable standard monitoring use-cases.
Collaborating with application SMEs to gain deeper understanding of application design and implementation, including identification of specific areas of security concern.
Performing data exploration and advanced data analysis to implement application-specific custom monitoring use-cases.
Executing the detection content lifecycle, including developing, analyzing, documenting, and maintaining detection content by following the TDM processes.
Fostering a collaborative relationship with business application SMEs during and following the application security monitoring enrollment.
Supporting and encouraging application teams to adopt enterprise SIEM to perform operational monitoring of their critical apps.
Lending technical expertise and helping coordinate defensive toolset engineering, including content creation, tuning, expansion of defensive platforms, and implementation of new controls.
Maintaining a solid command of various web application architectures and hosting platforms, including SaaS, IaaS, on-prem, dynamic and no-code/low-code workloads.
Collaborating with specialists and analysts to actively contribute to risk reduction efforts, including but not limited to assessments and in-depth research and analysis of threats.
Providing recommendations and influencing decisions made by leadership for improving program maturity.
Qualifications
Bachelors Degree and 7 years experience OR Masters Degree and 6 years experience OR PhD and 2 years experience of specialized information security experience
Expertise in performing data analysis using a modern SIEM, including ability to interpret log data to infer application activity, user actions, and anomalies.
Ability to successfully interact with non-technical in-business contacts.
Strong business acumen and an ability to assess, understand, and articulate technical impact and risk to a diverse audience.
Deep knowledge of cloud hosting solutions and its use in web application development.
Strong knowledge of web application architectures, various hosting platforms, major operating systems, typical web application network protocols, systems administration, and web application security technologies.
In depth knowledge of key web application related concepts such as SAML, SSO, OAuth, MFA, SSL/TLS, etc.
Strong knowledge and application of cyber security terminology and concepts, and general understanding of the cyber threat landscape and attack vectors
Thorough understanding of the MITRE ATT&CK framework and its practical applications.
Willingness to be available, as needed, for critical and major security issues.
Ability to author technical documentation and perform quality assurance reviews of documents created by peers.
Demonstrate critical thinking, problem-solving, and analytical skills; investigates, defines, and resolves critical issues.
Regularly collaborate with peers as well as business and IT stakeholders in support of daily activities.
Strong organization skills with attention to details.
Strong written and verbal communication skills with a high level of professionalism.
Ability to work independently and effectively as part of a team. Ability to execute with limited guidance and contribute to decisions based on specialized knowledge.
Additional Information
Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law:
The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location, and we may ultimately pay more or less than the posted range. This range may be modified in the future.
We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick), medical/dental/vision insurance and 401(k) to eligible employees.
This job is eligible to participate in our short-term incentive programs.
This job is eligible to participate in our long-term incentive programs
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, incentive, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole and absolute discretion unless and until paid and may be modified at the Company’s sole and absolute discretion, consistent with applicable law.
AbbVie is an equal opportunity employer and is committed to operating with integrity, driving innovation, transforming lives and serving our community. Equal Opportunity Employer/Veterans/Disabled.
US & Puerto Rico only - to learn more, visit https://www.abbvie.com/join-us/equal-employment-opportunity-employer.html
US & Puerto Rico applicants seeking a reasonable accommodation, click here to learn more:
https://www.abbvie.com/join-us/reasonable-accommodations.html
About the job
Apply for this position
Senior Detection Engineer - Threat Detection & Monitoring
Company Description
AbbVie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas – immunology, oncology, neuroscience, and eye care – and products and services in our Allergan Aesthetics portfolio. For more information about AbbVie, please visit us at www.abbvie.com. Follow @abbvie on X, Facebook, Instagram, YouTube, LinkedIn and Tik Tok.
Job Description
The Senior Detection Engineer role will be responsible for the execution of the newly created, Business Application Security Monitoring (BASM) service. This is a technical role focused on extending AbbVie’s Threat Detection and Monitoring (TDM) services to include business web applications. This role will serve as a technical subject matter expert on attacker tactics and techniques targeting web applications. This role will also coach junior team members, engage in advanced data analysis, work closely with the Incident Response teams (customer) and application owners.
This position can be located anywhere in the U.S.
This role involves creating threat detection content by collaborating with application owners to gain a better understanding of the application's design and implementation details. The detection rules will be implemented using application telemetry and logs available in the SIEM.
Responsibilities
Onboarding new business application for security monitoring by following the application on-boarding process.
Ensuring application logs meet the minimum logging requirements to enable standard monitoring use-cases.
Collaborating with application SMEs to gain deeper understanding of application design and implementation, including identification of specific areas of security concern.
Performing data exploration and advanced data analysis to implement application-specific custom monitoring use-cases.
Executing the detection content lifecycle, including developing, analyzing, documenting, and maintaining detection content by following the TDM processes.
Fostering a collaborative relationship with business application SMEs during and following the application security monitoring enrollment.
Supporting and encouraging application teams to adopt enterprise SIEM to perform operational monitoring of their critical apps.
Lending technical expertise and helping coordinate defensive toolset engineering, including content creation, tuning, expansion of defensive platforms, and implementation of new controls.
Maintaining a solid command of various web application architectures and hosting platforms, including SaaS, IaaS, on-prem, dynamic and no-code/low-code workloads.
Collaborating with specialists and analysts to actively contribute to risk reduction efforts, including but not limited to assessments and in-depth research and analysis of threats.
Providing recommendations and influencing decisions made by leadership for improving program maturity.
Qualifications
Bachelors Degree and 7 years experience OR Masters Degree and 6 years experience OR PhD and 2 years experience of specialized information security experience
Expertise in performing data analysis using a modern SIEM, including ability to interpret log data to infer application activity, user actions, and anomalies.
Ability to successfully interact with non-technical in-business contacts.
Strong business acumen and an ability to assess, understand, and articulate technical impact and risk to a diverse audience.
Deep knowledge of cloud hosting solutions and its use in web application development.
Strong knowledge of web application architectures, various hosting platforms, major operating systems, typical web application network protocols, systems administration, and web application security technologies.
In depth knowledge of key web application related concepts such as SAML, SSO, OAuth, MFA, SSL/TLS, etc.
Strong knowledge and application of cyber security terminology and concepts, and general understanding of the cyber threat landscape and attack vectors
Thorough understanding of the MITRE ATT&CK framework and its practical applications.
Willingness to be available, as needed, for critical and major security issues.
Ability to author technical documentation and perform quality assurance reviews of documents created by peers.
Demonstrate critical thinking, problem-solving, and analytical skills; investigates, defines, and resolves critical issues.
Regularly collaborate with peers as well as business and IT stakeholders in support of daily activities.
Strong organization skills with attention to details.
Strong written and verbal communication skills with a high level of professionalism.
Ability to work independently and effectively as part of a team. Ability to execute with limited guidance and contribute to decisions based on specialized knowledge.
Additional Information
Applicable only to applicants applying to a position in any location with pay disclosure requirements under state or local law:
The compensation range described below is the range of possible base pay compensation that the Company believes in good faith it will pay for this role at the time of this posting based on the job grade for this position. Individual compensation paid within this range will depend on many factors including geographic location, and we may ultimately pay more or less than the posted range. This range may be modified in the future.
We offer a comprehensive package of benefits including paid time off (vacation, holidays, sick), medical/dental/vision insurance and 401(k) to eligible employees.
This job is eligible to participate in our short-term incentive programs.
This job is eligible to participate in our long-term incentive programs
Note: No amount of pay is considered to be wages or compensation until such amount is earned, vested, and determinable. The amount and availability of any bonus, commission, incentive, benefits, or any other form of compensation and benefits that are allocable to a particular employee remains in the Company's sole and absolute discretion unless and until paid and may be modified at the Company’s sole and absolute discretion, consistent with applicable law.
AbbVie is an equal opportunity employer and is committed to operating with integrity, driving innovation, transforming lives and serving our community. Equal Opportunity Employer/Veterans/Disabled.
US & Puerto Rico only - to learn more, visit https://www.abbvie.com/join-us/equal-employment-opportunity-employer.html
US & Puerto Rico applicants seeking a reasonable accommodation, click here to learn more:
https://www.abbvie.com/join-us/reasonable-accommodations.html