Merck logo

Director, Cybersecurity Engineering

Merck
July 01, 2026
Remote friendly (West Point, PA)
United States
IT
The Commercial Technologies Operational Security Lead (Director) ensures security, resilience, and operational integrity of customer-facing technology solutions (software, platforms, and integrated hardware), providing hands-on leadership across vulnerability research, security engineering, product security, and operational assurance.

Key Activities:
- Provide security oversight and operational assurance across development, deployment, and runtime for customer-facing software and hardware.
- Define, assess, and validate security controls aligned to enterprise standards, regulatory needs, and customer expectations.
- Lead vulnerability research, analysis, and operational response across applications, platforms, infrastructure, and embedded technologies.
- Partner with engineering and product teams to embed security via secure-by-design and shift-left.
- Support product security: threat modeling, secure design reviews, penetration test coordination, and remediation validation.
- Provide security architecture guidance for virtualized, cloud-native, hybrid, and containerized environments.
- Oversee vulnerability management (scanning, prioritization, remediation tracking, risk acceptance).
- Collaborate with DevSecOps to automate security testing, control validation, and continuous monitoring.
- Embed security requirements into CI/CD and product release processes.
- Liaison with security, risk, and compliance; support customer assurance (questionnaires, audits, attestations, incident response).
- Contribute to incident response and root cause analysis.
- Identify gaps, emerging risks, and improvement opportunities; promote security best practices and maturity.

Education:
- Bachelor’s in CS/Engineering/InfoSec or related.
- Advanced degree or relevant certifications preferred.

Required Skills/Experience:
- Strong experience in vulnerability research, vulnerability management operations, and remediation validation.
- Hands-on security engineering/product security for software and integrated hardware.
- Security architecture knowledge for cloud, virtualized, containerized, and hybrid environments.
- Experience securing APIs, web apps, SaaS platforms, and distributed systems.
- Familiarity with DevSecOps, CI/CD, and security automation tooling.
- Working knowledge of cryptography, IAM, and secure communications.
- Experience supporting business-critical customer-facing technologies.
- Ability to assess operational risk and drive actionable remediation.
- Experience supporting audits, customer security reviews, and regulatory expectations.
- 10+ years cybersecurity/product security/security engineering or related; leadership by expertise; cross-functional collaboration; strong communication.

Preferred:
- CISSP, CSSLP, GWAPT, OSCP (or equivalent).
- NIST, ISO 27001, OWASP, SDLC frameworks.
- AWS/Azure/GCP and infrastructure-as-code; scaling controls via automation.

Application:
- Apply via https://jobs.merck.com/us/en (or Workday Jobs Hub if a current employee).