Key Activities
- Provide security oversight and operational assurance for customer-facing software and hardware across development, deployment, and runtime.
- Define, assess, and validate security controls for commercial technology platforms to meet enterprise standards, regulatory needs, and customer expectations.
- Lead vulnerability research, analysis, and operational response across applications, platforms, infrastructure, and embedded technologies.
- Partner with product/engineering to integrate security using secure-by-design and shift-left.
- Support product security: threat modeling, secure design reviews, penetration testing coordination, and remediation validation.
- Provide security architecture guidance for virtualized, cloud-native, hybrid, and containerized environments.
- Oversee vulnerability management operations (scanning, prioritization, remediation tracking, risk acceptance).
- Collaborate with DevSecOps to automate security testing/validation and continuous monitoring; embed security requirements into CI/CD and release processes.
- Liaise with enterprise security, risk management, and compliance; support customer assurance (questionnaires, audits, attestations) and incident response/root cause analysis.
Education Requirements
- Bachelorβs in Computer Science/Engineering/Information Security or related field.
- Advanced degree or relevant certifications preferred.
Required Skills/Experience
- 10+ years in cybersecurity/product security/security engineering.
- Strong vulnerability research, vulnerability management operations, and remediation validation.
- Hands-on security engineering/product security for software and integrated hardware.
- Security architecture expertise across cloud/virtualized/containerized/hybrid.
- Experience securing APIs, web apps, SaaS, distributed systems; DevSecOps/CI-CD/security automation; cryptography, IAM, secure communications.
- Ability to assess operational risk and support audits/customer security reviews.
Application Instructions
- Apply via https://jobs.merck.com/us/en (or Workday Jobs Hub if a current employee). Apply by the posting deadline (effective until 11:59:59PM the day before 07/8/2026).