Senior Security Engineer - Application Security

Meet Lingo, a new biosensing technology that provides users a window into their body. Lingo tracks key biomarkers – such as glucose, ketones, and lactate – to help people make better decisions about their health and nutrition. Biowearable technology will digitize, decentralize and democratize healthcare, enabling consumers to take control of their own health.

At Abbott, you can do work that matters, grow, and learn, care for yourself and family, be your true self and live a full life. You'll also have access to:

• Career development with an international company where you can grow the career you dream of.
• Free medical coverage for employees via the Health Investment Plan (HIP) PPO.
• An excellent retirement savings plan with high employer contribution.
• Tuition reimbursement, the Freedom 2 Save student debt program and FreeU education benefit – an affordable and convenient path to getting a bachelor's degree.
• A company recognized as a great place to work in dozens of countries around the world and named one of the most admired companies in the world by Fortune.
• A company that is recognized as one of the best big companies to work for as well as a best place to work for diversity, working mothers, female executives, and scientists.

The opportunity:

Personalized healthcare is the future. Working on Lingo, you will help build a next–generation technology that enables individuals to make decisions about how to improve energy, lose weight or enhance athletic performance. The Lingo team embodies a start–up culture and mindset with the backing of Abbott, a company with a rich history of healthcare innovation. Join us and grow your career as you help Abbott shape the future of healthcare.

This Senior Security Engineer – Application Security position works remotely for Lingo.

The Senior Security Engineer – Application Security works closely with the teams developing and maintaining the Lingo ecosystem to provide guidance on securing applications and infrastructure. The engineer provides security as a process alongside the agile teams building and maintaining Lingo products. The engineer is accountable for establishing and maintaining cyber risk identification, prevention, and remediation practices throughout the product lifecycle.

Primary Responsibilities:

• Provide security recommendations on service design and application development and coding.
• Perform threat modeling for the Lingo ecosystem.
• Perform manual code reviews of security–relevant features.
• Leverage SAST, DAST, and penetration testing to identify risks and appropriate mitigations.
• Track known vulnerabilities and their remediation statuses, along with performance data on vulnerability management.
• Advise teams regarding remediation of vulnerability, configuration, and other security deficiencies.
• Assist with implementing software supply chain security controls and the creation of product SBOMs.
• Present important product security concerns to leadership for decision making when necessary.
• Work closely with cross–functional teams (Engineering, DevOps, Product) while carrying out daily tasks.
• Stay abreast of emerging security threats, vulnerabilities, and controls.

Qualifications:

• 5+ years in a product security advisory role, penetration testing, or as an engineer on a product team with a security focus.
• Intermediate working knowledge of several of the following:
• Cloud computing architectures and associated security design challenges.
• Mobile application development and associated security design challenges.
• Common web and mobile application development technologies and tools.
• Common open–source libraries and technologies and how to effectively harden them.
• Common tools and processes to enable teams to develop secure products.
• SAST and DAST technologies.
• NFC and BLE wireless technologies.
• Strong understanding of information security fundamentals and defense–in–depth practices.
• Ability to build relationships, influence without authority, and drive positive outcomes across multiple stakeholder groups.
• Ability to provide clear oral and written communication to a variety of business and technical audiences.
• Proven problem–solving experience.
• Ability to prioritize work and adapt to changing needs in a dynamic work environment.
• University degree in Cybersecurity, Computer Science, Systems Engineering or similar technical disciplines preferred.
• OSCP, OSWP, OSWE, OSWA, CISSP, GWAPT or equivalent certifications preferred.

Apply Now

The base pay for this position is $95,000.00 – $190,000.00. In specific locations, the pay range may vary from the range posted.