The Senior Threat Detection Engineer role will be responsible for the execution of the newly created Business Application Security Monitoring (BASM) service. This is a technical role focused on extending AbbVie’s Threat Detection and Monitoring (TDM) services to include business web applications. This role will serve as a technical subject matter expert on attacker tactics and techniques targeting web applications.  This role will also coach junior team members, engage in advanced data analysis, work closely with the Incident Response teams (customer) and application owners. 

This position can be located anywhere in the U.S. 

This role involves creating threat detection content by collaborating with application owners to gain a better understanding of the application's design and implementation details.  The detection rules will be implemented using application telemetry and logs available in the SIEM. 

Responsibilities  

• Onboarding new business application for security monitoring by following the application on-boarding process.  

• Ensuring application logs meet the minimum logging requirements to enable standard monitoring use-cases. 

• Collaborating with application SMEs to gain deeper understanding of application design and implementation, including identification of specific areas of security concern. 

• Performing data exploration and advanced data analysis to implement application-specific custom monitoring use-cases. 

• Executing the detection content lifecycle, including developing, analyzing, documenting, and maintaining detection content by following the TDM processes. 

• Fostering a collaborative relationship with business application SMEs during and following the application security monitoring enrollment. 

• Supporting and encouraging application teams to adopt enterprise SIEM to perform operational monitoring of their critical apps. 

• Lending technical expertise and helping coordinate defensive toolset engineering, including content creation, tuning, expansion of defensive platforms, and implementation of new controls. 

• Maintaining a solid command of various web application architectures and hosting platforms, including SaaS, IaaS, on-prem, dynamic and no-code/low-code workloads. 

• Collaborating with specialists and analysts to actively contribute to risk reduction efforts, including but not limited to assessments and in-depth research and analysis of threats. 

• Providing recommendations and influencing decisions made by leadership for improving program maturity.