Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medicines. Our 113,000 colleagues serve people in more than 160 countries.

Application Security Engineer

Kansas City, MO; Richmond, VA; Lake Forest, IL

Abbott is a global healthcare leader that helps people live more fully at all stages of life. Our portfolio of life-changing technologies spans the spectrum of healthcare, with leading businesses and products in diagnostics, medical devices, nutritionals and branded generic medicines. Our 107,000 colleagues serve people in more than 160 countries

About Abbott

Diagnostic testing is a compass, providing information that helps in the prevention, diagnosis and treatment of a range of health conditions.

Abbott’s life-changing tests and diagnostic tools give you accurate, timely information to better manage your health. We’re empowering smarter medical and economic decision making to help transform the way people manage their health at all stages of life. Every day, more than 10 million tests are run on Abbott’s diagnostics instruments, providing lab results for millions of people.

Our locations in Kansas City, MO, Richmond, VA, and Lake Forest, IL currently have an opportunity for a Application Security Engineer within our Toxicology business unit. The Application Security Engineer is the go-to subject matter expert for Application Security (AppSec) for all in-house applications. The AppSec Engineer supports the agile development teams and liaisons with the database team, networking team, DevOps team, and other information technology support teams to provide controls and solutions to security issues.  They help define security standards, controls and architecture in conjunction with business and IT goals.  Collaboration with corporate controls, processes, tools, and audits is required.  They communicate openly and often with teams, leadership, and clients. This role sits in our Rapid Diagnostics Division, and Toxicology Business Unit.  

WHAT YOU’LL DO

• Learn and understand threat landscape and the specific attack surfaces presented by eScreen applications.
• Prioritize applications and identified vulnerabilities for analysis and remediation work
• Maintain effective processes and procedures for Static and Dynamic Application Vulnerability scans (SAST and DAST), intrusion detection, vulnerability scans, penetration testing, Web Application Firewall alerts, Software Bill of Material (SBOM) and other assessments. Assess outcomes of these and other security processes for prioritization and remediation.
• Remediate vulnerabilities across an extensively broad and diverse code base.
• Provide application security expertise in consultant fashion to development teams, product owners, and other areas of the company.
• Architect and design secure solutions for authentication, access controls, and other security critical functions within the eScreen software suite.
• Conduct security reviews of source code, technical designs, and policies. Advocate for secure practices and policies in development processes, source code, and technical design.
• Able to support multiple business priorities and deadlines
• Collaborate effectively with individuals and teams across the entire Software Development Life Cycle (SDLC).
• Mentor team members on security best practices, design and architecture. Conducts periodic formal training in security topics for software teams.
• Maintain currency in secure development methodologies and best practices
• Minimal travel may be required for this position
• Responsible for all areas of Application Security including source code, practices, secure technical design and policies relating to secure software development.
• Supports other software teams such as business analysts and quality assurance teams
• Provides training for entry-level programmers and evaluates/recommends changes in procedures
• Mentors team members in software development best practices
• As directed, may assume technical lead role on projects and may provide technical direction to a small group of application programmers

 EDUCATION AND EXPERIENCE YOU’LL BRING

Required

• Bachelor’s degree in Computer Science, Computer Engineering, Information Security/Cyber Security or Engineering related degree, or equivalent work experience
• Background in enterprise web application programming
• Two plus (2+) years of practical experience specifically in Application Security (AppSec)
• Experience with Static Application Security Testing (SAST) tools (such as Checkmarx)
• Experience with Dynamic Application Security Testing (DAST) tools (such as NetSparker or Rapid7)
• Experience with Web Application Firewall(s) (WAF)
• MS-SQL/T-SQL required
• .NET (C#), extensive, proven work with ASP.NET and MVC required
• Demonstrated ability to set and meet tight deadlines and function well under pressure
• Ability to work in a dynamic and fast paced environment
• Strong problem-solving skills
• Working knowledge of Windows operating systems and Microsoft Office applications including Outlook, Work, Excel, Visio, PowerPoint, etc.
• Subject matter expert in Application Security
• Deep understanding of security issues such as SQLi, XSS, XSRF, and business logic flaws. Experience identifying, preventing, and remediating these issues.
• Knowledge of security standards, principles, techniques and technologies (OWASP, ISO27001, NIST etc.)
• Knowledge of browser security controls, web application security frameworks, and authentication infrastructures (SAML, OAUTH).

Preferred

• Four plus (4+) years of software development in a team environment
• Four plus (4+) years enterprise software development with Microsoft stack
• JavaScript, JQuery preferred
• MCSD or other Microsoft certifications (preferred)
• Agile/Scrum certification (preferred)
• Industry recognized InfoSec or AppSec certifications such as CISSP or SANS certification (preferred)

WHAT WE OFFER

At Abbott, you can have a good job that can grow into a great career. We offer:

• Training and career development, with onboarding programs for new employees and tuition assistance
• Financial security through competitive compensation, incentives and retirement plans
• Health care and well-being programs including medical, dental, vision, wellness and occupational health programs
• Paid time off
• 401(k) retirement savings with a generous company match
• The stability of a company with a record of strong financial performance and history of being actively involved in local communities

Learn more about our benefits that add real value to your life to help you live fully:  http://www.abbottbenefits.com/pages/candidate.aspx

Follow your career aspirations to Abbott for diverse opportunities with a company that provides the growth and strength to build your future. Abbott is an Equal Opportunity Employer, committed to employee diversity.

Connect with us at www.abbott.com, on Facebook at www.facebook.com/Abbott and on Twitter @AbbottNews and @AbbottGlobal.