The Senior Cybersecurity Engineer is responsible for identifying security risks, vulnerabilities, and threats, and leading mitigation and remediation efforts to ensure Abbott delivers secure, compliant products that meet industry cybersecurity regulations and customer and patient security expectations.
Drive end-to-end cybersecurity program execution across product lines, aligning security initiatives with business objectives, product roadmaps, and regulatory requirements.
Establish, maintain, and optimize a scalable vulnerability management program, including governance, prioritization frameworks, KPIs, and executive reporting.
Lead cross-functional program governance with engineering, product management, quality, and compliance teams to ensure alignment on security priorities, timelines, and risk acceptance decisions.
Serve as the primary liaison between cybersecurity, product teams, and executive stakeholders, providing regular updates on program status, risks, dependencies, and mitigation plans.
Develop and deliver cybersecurity artifacts for product software releases, including SBOMs, vulnerability remediation evidence, and release security documentation. Lead technical reviews with development teams to discuss vulnerabilities, security controls, remediation progress, and residual risk.
Prioritize vulnerability remediation and patching efforts based on business impact, proof of exploit, and policy requirements, partnering with engineering, PMs, and product owners to drive timely risk reduction.
Design and recommend systematic remediation strategies and preventive controls to reduce recurring vulnerabilities, including secure coding practices, dependency management, and configuration hardening across product and supporting applications.
Triage and analyze findings from application, network‑based, and agent‑based security scanning tools (SAST, DAST, SCA, infrastructure scanners) to determine true security impact, validate exploitability, and distinguish false positives.
Validate security fixes through hands-on testing, including web application testing using tools such as Burp Suite and Postman, and verification of remediation for iOS and Android mobile application vulnerabilities.
Clearly communicate complex technical security concepts to executive leadership and cross-functional stakeholders, translating vulnerability findings, security controls, and security metrics into business‑relevant risk insights and decision support.
Lead remediation efforts following security assessments that identify weaknesses. Support the advancement of the cyber threat and vulnerability management program to ensure consistent identification, analysis, response, and monitoring of cybersecurity threats, events, and vulnerabilities.
Leverage JIRA for security project and vulnerability management, building dashboards, reports, and automation workflows to track remediation progress, improve visibility of security metrics, and streamline coordination across cross-functional teams.
Participate in cross-functional team coordination to achieve defined security goals and meet technical requirements in support of detailed implementation plans for security projects. Provide technical guidance and training on security risks and prevention strategies.
Bachelor's degree in computer and information sciences or engineering, Security Systems, or related fields.
Minimum 3 years of IT management system, cybersecurity, or other relevant experience with a strong preference for product security (i.e. – consumer facing applications and services).
Minimum 5 years of Business experience.
Demonstrated hands‑on experience conducting web, mobile, and cloud infrastructure security testing using DAST, SAST, SCA, SBOM generation tooling, and network‑ and agent‑based vulnerability scanning tools.
Ability to prioritize multiple projects with strong organization skills. Demonstrated critical thinking, analytical skills, judgment, and logic for problem-solving and decision-making in an environment with changing priorities.
Ability to work effectively in a team environment, adapting to rapidly changing business and technological needs.
Excellent documentation, communication and interpersonal skills.