Security Application Solution Architect (Remote)
Location: Dallas
Posted on: June 23, 2025
|
|
|
Job Description:
Company Description AbbVie's mission is to discover and deliver
innovative medicines and solutions that solve serious health issues
today and address the medical challenges of tomorrow. We strive to
have a remarkable impact on people's lives across several key
therapeutic areas immunology, oncology, neuroscience, and eye care
and products and services in our Allergan Aesthetics portfolio. For
more information about AbbVie, please visit us at www.abbvie.com .
Follow @abbvie on Twitter , Facebook , Instagram , YouTube and
LinkedIn . Job Description The Security Application Solution
Architect is a member of the Information Security team and works
closely with other members of the team to develop and implement a
comprehensive information security program. This includes defining
security policies, processes, and standards. We are seeking a
highly skilled architect to collaborate with application
development teams, ensuring secure design, coding, configuration,
and deployment of technology solutions. The architect will not only
focus on common security mechanisms like encryption and
authentication but will also dive into application-level risks,
session management, securing configuration files, secrets
management, and risk identification in system configurations. This
role requires a deep understanding of secure application
development practices, including the security of API interactions
and cloud application environments. This position can be virtually
from anywhere in the U.S. Major Duties and Responsibilities: Design
and architect enterprise-grade secrets management solutions
leveraging technologies such as HashiCorp Vault, AWS KMS, Azure Key
Vault, or BeyondTrust. Provide strategic direction and technical
leadership to ensure secure storage, access, rotation, and auditing
of secrets across hybrid environments. Define reusable security
architecture patterns and guardrails to enable consistent, secure
implementation across high-risk business applications. Drive
secure-by-design initiatives by integrating security considerations
early in the software architecture lifecycle and influencing
enterprise architecture direction. Represent security architecture
in design authority boards and technical review councils,
advocating for risk-based security controls. Work with in-business
IT customers, including application architects and engineers to
evaluate application software and infrastructure designs, for the
purpose of defining/designing application controls aligned with
enterprise standards. Deep understanding of cloud computing
principles, including virtualization, containerization,
microservices, and serverless computing; Risk Management, container
security, Kubernetes security, IAM security, network security,
auditing, encryption, secrets management and data protection,
securing CI/CD Advanced knowledge of Identity Security concepts,
least-privilege, separation of duties, and Zero trust design
principles Understanding of federation technologies (WS-Fed, OAuth,
OpenID connect, SAML ) and of encryption technologies (encryption
types and protocols/standards) Define and drive the architecture
and roadmap for enterprise-grade secrets management capabilities,
including reference architectures, integration blueprints, and
scalable deployment models. Define application-specific security
control architectures and produce design artifacts to guide secure
implementation of business-critical systems. Develop re-usable
implementation guidance and design patterns based on previous
engagements to scale the service Work with information security
leadership to develop strategies and plans to enforce security
requirements and address identified risks in the infrastructure and
applications. Act as a security architecture liaison to IT delivery
and engineering teams, embedding security principles into technical
delivery and architecture review forums. Support security aspects
of business & IT initiatives by assisting in architecture, design,
implementation, deployment, and operational transition of
innovative & secure technology solutions. Work with information
security leadership to develop strategies and plans to enforce
security requirements and address identified risks in the
infrastructure. Research, evaluate, design, test, recommend and
plan the implementation of new or updated information security
technologies. Establish collaborative working relations with the
Information Technology functions to ensure that solutions align
with security architecture and business strategy. Play an advisory
role in application development or acquisition projects to assess
security requirements and controls and to ensure that security
controls are implemented as planned. Complete remediation
activities and initiate actions to ensure that compliance and
security gaps are successfully addressed. Research and assess new
information security threats and recommend remedial actions. Foster
an information security culture through education, skill
development, and implementation of effective information security
processes and practices. Understand and adhere to corporate
standards regarding applicable Corporate and Divisional Policies,
including code of conduct, safety, GxP compliance, data security,
and the software development lifecycle Matures and leverages
relationships with affiliates, subsidiaries, vendors, and industry
peers in accordance with Abbvie Values, Vendor Management Office,
and Purchasing to further the mission, vision and goals of the
organization. Specifically, were looking for experience: Design the
security architecture for applications, ensuring all components
meet best practices and regulatory compliance. Work closely with
software development, DevOps, and operations teams to integrate
security into the software development lifecycle (SDLC). Lead
efforts in identifying potential threats through application threat
modeling and propose design changes to mitigate risks.
Understanding the following concepts is a plus; identity
management, federated identity services, incident management,
access control, , application vulnerability testing, public key
infrastructure, Windows, and Unix/Linux, public cloud
infrastructure and services Knowledge of and experience in
developing and documenting security architecture and plans,
including strategic, tactical and project. Significant SOX and
HIPAA experience in dealing with IT general controls (ITGC),
demonstrated through hands-on audit, remediation, and/or computer
system validation. Excellent understanding of current Information
Security & Architecture trends and their impact on business
strategies including: key Information Security vendors and
solutions, audit organizations and influential market research
firms. Excellent communications and influencing skills with strong
ability to balance differing stakeholder interests through sound
analysis and persuasion. Strong people skills, collaborative
ability to work with IT stakeholders inside and outside of the
organization, able to mentor team members with diverse backgrounds.
Ability to formulate network security architecture vision and
translate vision into execution. Thorough understanding of
Information Security frameworks and good practices (e.g. ISO,
NIST), and proven ability to strike a balance between an academic
and pragmatic approach. Qualifications Bachelors degree and 9 years
of experience OR Masters Degree and 8 years of experience OR PhD
and 4 years of experience in information security and/or related
functions (IT Audit, Risk Management or Security Architecture).
Must have experience with Secrets Management in a corporate
environment, large enterprise strongly preferred. Knowledge of
Secrets Management tools such as HashiCorp Vault, AWS KMS, Azure
Key Vault, Beyond Trust . Demonstrated experience architecting and
guiding the deployment of enterprise-scale secrets management
solutions, with hands-on familiarity a plus. During recent history,
candidate must have demonstrated exceptional ability to assess and
communicate information security concepts and practices, with both
business and IT stakeholders. Requires in-depth knowledge of the
systems development life cycle, client areas functions and systems,
and systems applications programs development technological
alternatives. Proven implementation of creative technology
solutions that advance the business. Relevant work experience is
important for successful performance of this role due to the
complexity of our global IT Security environment. Information
security qualification such as CISSP is preferred but not required.
Strong understanding of application security principles, including
OWASP Top 10, SANS/CWE Top 25, and secure coding practices.
Expertise in secure session management, token handling, and
authentication mechanisms (OAuth, SAML, OpenID Connect). Knowledge
of cryptographic practices, encryption protocols, and PKI
management. Experience with containerization (Docker, Kubernetes)
and cloud platforms (AWS, Azure, GCP). Familiarity with tools for
code analysis (e.g., SonarQube, Veracode) and vulnerability
scanning (e.g., Burp Suite, Nessus). Understanding of DevSecOps
practices, including securing CI/CD pipelines Self-starter with the
ability to work independently and manage multiple projects
simultaneously. Strong problem-solving and analytical skills with
the ability to identify security risks and propose effective
solutions. Ability to work collaboratively in cross-functional
teams and influence technical teams towards secure implementations.
Additional Information Applicable only to applicants applying to a
position in any location with pay disclosure requirements under
state orlocal law: The compensation range described below is the
range of possible base pay compensation that the Companybelieves
ingood faith it will pay for this role at the timeof this posting
based on the job grade for this position.Individualcompensation
paid within this range will depend on many factors including
geographic location, andwemay ultimatelypay more or less than the
posted range. This range may be modified in thefuture.Salary:
$137,500 - $261,000 We offer a comprehensive package of benefits
including paid time off (vacation, holidays,
sick),medical/dental/visioninsurance and 401(k) to
eligibleemployees. This job is eligible to participate in our
short-term incentiveprograms. This job is eligible to participate
in our long-term incentiveprograms Note: No amount of payis
considered to bewages or compensation until such amount is earned,
vested, anddeterminable.The amount and availability of any
bonus,commission, incentive, benefits, or any other form
ofcompensation and benefitsthat are allocable to a particular
employee remains in the Company's sole andabsolutediscretion unless
and until paid andmay be modified at the Companys sole and absolute
discretion, consistent withapplicable law. AbbVie is an equal
opportunity employer and is committed to operating with integrity,
driving innovation, transforming lives and serving our community.
Equal Opportunity Employer/Veterans/Disabled. US & Puerto Rico only
- to learn more, visit
https://www.abbvie.com/join-us/equal-employment-opportunity-employer.html
US & Puerto Rico applicants seeking a reasonable accommodation,
click here to learn more:
https://www.abbvie.com/join-us/reasonable-accommodations.html
Keywords: , Mesquite , Security Application Solution Architect (Remote), IT / Software / Systems , Dallas, Texas
