Merck logo

Director, Cybersecurity Engineering

Merck
July 01, 2026
Remote friendly (Philadelphia, PA)
United States
IT
Key Activities:
- Provide security oversight and operational assurance for customer-facing software and hardware across development, deployment, and runtime.
- Define, assess, and validate security controls for commercial technology platforms aligned to enterprise standards, regulatory requirements, and customer expectations.
- Lead vulnerability research, analysis, and operational response across applications, platforms, infrastructure, and embedded technologies.
- Partner with engineering and product teams to integrate security via secure-by-design and shift-left.
- Support product security activities: threat modeling, secure design reviews, penetration testing coordination, and remediation validation.
- Provide security architecture guidance for virtualized, cloud-native, hybrid, and containerized environments.
- Oversee vulnerability management (scanning, prioritization, remediation tracking, and risk acceptance).
- Collaborate with DevSecOps to automate security testing, control validation, and continuous monitoring.
- Embed security requirements into CI/CD pipelines and product release processes.
- Liaise between commercial technology, enterprise security, risk management, and compliance.
- Support customer assurance (questionnaires, audits, attestations) and coordinate incident response.
- Contribute to incident response and root cause analysis for customer-impacting security events.
- Identify gaps, emerging risks, and improvement opportunities; promote security best practices and maturity.

Education:
- Bachelor’s in Computer Science, Engineering, Information Security, or related.
- Advanced degree or relevant security certifications preferred.

Required Skills/Experience:
- Strong experience in vulnerability research, vulnerability management operations, and remediation validation.
- Hands-on security engineering/product security for software and integrated hardware.
- Security architecture knowledge for cloud, virtualized, containerized, and hybrid environments.
- Experience securing APIs, web apps, SaaS platforms, and distributed systems.
- Familiarity with DevSecOps, CI/CD, and security automation.
- Working knowledge of cryptography, IAM, and secure communications.
- Experience supporting business-critical customer-facing security/availability/trust.
- Ability to assess operational risk and drive actionable remediation; support audits and regulatory expectations.
- 10+ years in cybersecurity/product security/security engineering or related; leadership via expertise.

Preferred Skills/Certifications:
- CISSP, CSSLP, GWAPT, OSCP (or equivalent).
- Familiarity with NIST, ISO 27001, OWASP, SDLC frameworks.
- Experience with AWS/Azure/GCP and infrastructure-as-code; automation to scale controls.

Application:
- Apply via https://jobs.merck.com/us/en (or Workday Jobs Hub if a current employee).