Senior Threat Detection Engineer; Remote

Senior Threat Detection Engineer (Remote)

This range is provided by Abb Vie. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

$/yr - $/yr

Abb Vie's mission is to discover and deliver innovative medicines and solutions that solve serious health issues today and address the medical challenges of tomorrow. We strive to have a remarkable impact on people's lives across several key therapeutic areas – immunology, oncology, neuroscience, and eye care – and products and services in our Allergan Aesthetics portfolio. For more information about Abb Vie, please visit us at  Follow @abbvie on X, Facebook, Instagram, You Tube, Linked In and Tik Tok.

The Senior Threat Detection Engineer role will be responsible for the execution of the newly created Business Application Security Monitoring (BASM) service. This is a technical role focused on extending Abb Vie’s Threat Detection and Monitoring (TDM) services to include business web applications. The role will serve as a technical subject matter expert on attacker tactics and techniques targeting web applications, coach junior team members, engage in advanced data analysis, and work closely with Incident Response teams (customer) and application owners.

This position can be located anywhere in the U.S. The role involves creating threat detection content by collaborating with application owners to gain a better understanding of the application's design and implementation details. The detection rules will be implemented using application telemetry and logs available in the SIEM.

• Onboarding new business application for security monitoring by following the application onboarding process.
• Ensuring application logs meet the minimum logging requirements to enable standard monitoring use‑cases.
• Collaborating with application SMEs to gain deeper understanding of application design and implementation, including identification of specific areas of security concern.
• Performing data exploration and advanced data analysis to implement application‑specific custom monitoring use‑cases.
• Executing the detection content lifecycle, including developing, analyzing, documenting, and maintaining detection content by following the TDM processes.
• Fostering a collaborative relationship with business application SMEs during and following the application security monitoring enrollment.
• Supporting and encouraging application teams to adopt enterprise SIEM to perform operational monitoring of their critical apps.
• Lending technical expertise and helping coordinate defensive toolset engineering, including content creation, tuning, expansion of defensive platforms, and implementation of new controls.
• Maintaining a solid command of various web application architectures and hosting platforms, including SaaS, IaaS, on‑prem, dynamic and no‑code/low‑code workloads.
• Collaborating with specialists and analysts to actively contribute to risk reduction efforts, including but not limited to assessments and in‑depth research and analysis of threats.
• Providing recommendations and influencing decisions made by leadership for improving program maturity.

• Bachelor's Degree and 7 years experience OR Master's Degree and 6 years experience OR PhD and 2 years experience of specialized information security experience.
• Expertise in performing data analysis using a modern SIEM, including ability to interpret log data to infer application activity, user actions, and anomalies.
• Ability to successfully interact with non‑technical in‑business contacts.
• Strong business acumen and an ability to assess, understand, and articulate technical impact and risk to a diverse audience.
• Deep knowledge of cloud hosting solutions and its use in web application development.
• Strong knowledge of web application architectures, various hosting platforms, major operating systems, typical web application network protocols, systems administration, and web application security technologies.
• In‑depth knowledge of key web application related concepts such as SAML, SSO, OAuth, MFA, SSL/TLS, etc.
• Strong knowledge and application of…