Application & Platform Security Architect

AbbVie

Application & Platform Security Architect developing and implementing information security programs at AbbVie. Collaborating closely with development teams to ensure security in technology solutions.

Posted 6/27/2026full-timeRemote • Illinois • 🇺🇸 United StatesSeniorLead💰 $141,500 - $268,500 per yearWebsite

Tech Stack

Tools & technologies

AWSAzureCloudDockerGoogle Cloud PlatformKubernetesMicroservicesSDLC

About the role

Key responsibilities & impact

Define reusable security architecture patterns and guardrails to enable consistent, secure implementation across high-risk business applications
Drive secure-by-design initiatives by integrating security considerations early in the software architecture lifecycle and influencing enterprise architecture direction
Represent security architecture in design authority boards and technical review councils, advocating for risk-based security controls
Work with in-business IT customers, including application architects and engineers to evaluate application software and infrastructure designs, for the purpose of defining/designing application controls aligned with enterprise standards
Define application-specific security control architectures and produce design artifacts to guide secure implementation of business-critical systems
Develop re-usable implementation guidance and design patterns based on previous engagements to scale the service
Work with information security leadership to develop strategies and plans to enforce security requirements and address identified risks in the infrastructure and applications
Act as a security architecture liaison to IT delivery and engineering teams, embedding security principles into technical delivery and architecture review forums
Support security aspects of business & IT initiatives by assisting in architecture, design, implementation, deployment, and operational transition of innovative & secure technology solutions
Research, evaluate, design, test, recommend and plan the implementation of new or updated information security technologies
Establish collaborative working relations with the Information Technology functions to ensure that solutions align with security architecture and business strategy
Play an advisory role in application development or acquisition projects to assess security requirements and controls and to ensure that security controls are implemented as planned
Complete remediation activities and initiate actions to ensure that compliance and security gaps are successfully addressed
Research and assess new information security threats and recommend remedial actions
Foster an information security culture through education, skill development, and implementation of effective information security processes and practices
Understand and adhere to corporate standards regarding applicable Corporate and Divisional Policies, including code of conduct, safety, GxP compliance, data security, and the software development lifecycle
Design the security architecture for applications, ensuring all components meet best practices and regulatory compliance
Work closely with software development, DevOps, and operations teams to integrate security into the software development lifecycle (SDLC)
Lead efforts in identifying potential threats through application threat modeling and propose design changes to mitigate risks

Requirements

What you’ll need

Bachelor’s degree and 9 years of experience OR Master’s Degree and 8 years of experience OR PhD and 4 years of experience in information security and/or related functions
Must have demonstrated exceptional ability to assess and communicate information security concepts and practices, with both business and IT stakeholders
Requires in-depth knowledge of the systems development life cycle, client area’s functions and systems, and systems applications programs development technological alternatives
Proven implementation of creative technology solutions that advance the business
Strong understanding of application security principles, including OWASP Top 10, SANS/CWE Top 25, and secure coding practices
Expertise in secure session management, token handling, and authentication mechanisms (OAuth, SAML, OpenID Connect)
Knowledge of cryptographic practices, encryption protocols, and PKI management
Experience with containerization (Docker, Kubernetes) and cloud platforms (AWS, Azure, GCP)
Familiarity with tools for code analysis (e.g., SonarQube, Veracode) and vulnerability scanning (e.g., Burp Suite, Nessus)
Understanding of DevSecOps practices, including securing CI/CD pipelines
Self-starter with the ability to work independently and manage multiple projects simultaneously
Strong problem-solving and analytical skills with the ability to identify security risks and propose effective solutions
Ability to work collaboratively in cross-functional teams and influence technical teams towards secure implementations
Understanding of cloud computing principles, including virtualization, containerization, microservices, and serverless computing; Risk Management, container security, Kubernetes security, IAM security, network security, auditing, encryption, secrets management and data protection, securing CI/CD
Advanced knowledge of Identity Security concepts, least-privilege, separation of duties, and Zero trust design principles
Understanding of federation technologies (WS-Fed, OAuth, OpenID connect, SAML …) and of encryption technologies (encryption types and protocols/standards)
Knowledge of and experience in developing and documenting security architecture and plans, including strategic, tactical and project

Benefits

Comp & perks

Comprehensive package of benefits including paid time off (vacation, holidays, sick)
Medical/dental/vision insurance
401(k) to eligible employees
Participation in long-term incentive programs

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information securityapplication security principlessecure coding practicessecure session managementtoken handlingauthentication mechanismscryptographic practicesencryption protocolsPKI managementDevSecOps practices

Soft Skills

problem-solvinganalytical skillscollaborative workinfluencing technical teamscommunication skillsself-starterproject managementeducation and skill developmentadvisory rolerelationship building