Associate Director, Cybersecurity Operations

Job Description

The ideal candidate for this role will be an experienced incident response analyst with extensive detection development experience across various enterprise technologies. This individual will be responsible for designing developing and enhancing threat detection capabilities across the organizations detection platforms while providing incident response experience during critical incidents and providing mentorship to junior analysts. The primary focus for this role will be the creation and optimization of threat detection use cases leveraging advanced tools and techniques to identify and mitigate cyber threats in real time through collaboration with cross-functional teams to ensure that the threat detection solutions align with the organizations security position will consider remote work approval for the right candidate.

Essential Responsibilities

• Design and implement advanced detection architectures across the organizations security landscape utilizing SIEM EDR XDR and cloud security platforms.

• Lead the development and refinement of complex high-fidelity detection use cases custom correlation rules and detection models tailored to the organizations unique risk profile and threat landscape.

• Continuously enhance and optimize detection techniques reducing alert fatigue and improving detection accuracy.

• Identify and develop improvement initiatives within the Detection and Response team implementing best practices and optimizing processes to enhance security capabilities.

• Lead investigations into critical incidents coordinate containment and eradication activities and ensure recovery aligns with NIST incident response framework principles.

• Leverage SOARplatforms to automate triage enrichment and response workflows for improved Incident Response efficiency.

• Utilize AI-based tools such as Agentic AI and Co-pilot to enhance investigation speed threat hunting and reporting accuracy.

• Leverage MDR capabilities to enhance detection and response workflows and streamline investigation prioritization.

• Use endpoint protection and diagnostic tools such as Microsoft Defender for Endpoint (MDE) and CrowdStrike to conduct forensic analysis and validate root causes.

• Partner with internal stakeholders leadership and external partners to provide situational awareness and actionable recommendations.

• Support junior analysts through coaching technical guidance and knowledge sharing to build overall Incident Response capability and mature the threat detection posture.

Core Competencies

• Expert understanding of attack lifecycles network telemetry endpoint data and adversarial tactics mapped to MITRE ATT&CK.

• Proven ability to lead the full incident lifecycle following NIST best practices from identification through post-incident recovery.

• Ability to design and optimize automated response workflows in SOAR tools to reduce response time and analyst fatigue.

• Comfortable integrating AI and machine learning tools into investigative processes to improve detection accuracy and reduce false positives.

• Understands the business impact of identified threats and aligns response actions to minimize operational risk.

• Proactively evaluates emerging technologies and integrates them into Incident Response operations.

Technical Knowledge & Skills

• Experience with SIEM platforms such as Microsoft Sentinel for event correlation and detection engineering.

• Strong knowledge of SOAR technologies for orchestration and response automation.

• Familiarity with endpoint detection and response (EDR) tools such as MDE CrowdStrike and Sysinternals.

• Working knowledge of AI-powered analysis and automation tools including Agentic AI and Co-pilot.

• Understanding of key cybersecurity frameworks and standards: NIST Incident Response Framework MITRE ATT&CK and ISO 27001.

• Experience with scripting languages including python and PowerShell.

• Strong knowledge of Windows Active Directory Environment and cloud computing architectures.

• Experience conducting forensic analysis log correlation and root cause investigations.

• Strong communication skills to convey findings to technical and non-technical audiences.

Minimum Qualifications

• Bachelors degree in Cybersecurity Computer Science Information Technology or related field (or equivalent experience).

• 5 years of experience in IR operations intrusion detection or incident response.

• Experience developing detection rules playbooks and automation workflows.

• Demonstrated experience leading complex investigations and coordinating cross-functional response efforts.

Preferred Qualifications

• Advanced certifications: GIAC (GCIH GCFA etc.).

• 5 years of experience in Detection Engineering roles for large organizations.

• Hands-on experience with cloud-native security tooling and hybrid SOC environments.

Leadership Expectations

• Ability to work collaboratively across teams; foster an environment where associates thrive and perform at their best.

• Model ethical conduct transparency and accountability in every action; ensure compliance with cybersecurity and data privacy standards.

• Demonstrate curiosity adaptability and a growth mindset. Encourage innovation learning and continuous improvement across IR operations.

Required Skills:

Preferred Skills:

Current Employees apply HERE

Current Contingent Workers apply HERE

US and Puerto Rico Residents Only:

Our company is committed to inclusion ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here if you need an accommodation during the application or hiring process.

As an Equal Employment Opportunity Employer we provide equal opportunities to all employees and applicants for employment and prohibit discrimination on the basis of race color age religion sex sexual orientation gender identity national origin protected veteran status disability status or other applicable legally protected a federal contractor we comply with all affirmative action requirements for protected veterans and individuals with disabilities. For more information about personal rights under the U.S. Equal Opportunity Employment laws visit:

EEOC Know Your Rights

EEOC GINA Supplement

We are proud to be a company that embraces the value of bringing together talented and committed people with diverse experiences perspectives skills and backgrounds. The fastest way to breakthrough innovation is when people with diverse ideas broad experiences backgrounds and skills come together in an inclusive environment. We encourage our colleagues to respectfully challenge one anothers thinking and approach problems collectively.

Learn more about your rights including under California Colorado and other US State Acts

U.S. Hybrid Work Model

Effective September 5 2023 employees in office-based positions in the U.S. will be working a Hybrid work consisting of three total days on-site per week Monday - Thursday although the specific days may vary by site or organization with Friday designated as a remote-working day unless business critical tasks require an on-site Hybrid work model does not apply to and daily in-person attendance is required for field-based positions; facility-based manufacturing-based or research-based positions where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note this Hybrid work model guidance also does not apply to roles that have been designated as remote.

The salary range for this role is

This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. An employees position within the salary range will be based on several factors including but not limited to relevant education qualifications certifications experience skills geographic location government requirements and business or organizational needs.

The successful candidate will be eligible for annual bonus and long-term incentive if applicable.

We offer a comprehensive package of benefits. Available benefits include medical dental vision healthcare and other insurance benefits (for employee and family) retirement benefits including 401(k) paid holidays vacation and compassionate and sick days. More information about benefits is available at can apply for this role through (or via the Workday Jobs Hub if you are a current employee). The application deadline for this position is stated on this posting.

San Francisco Residents Only:We will consider qualified applicants with arrest and conviction records for employment in compliance with the San Francisco Fair Chance Ordinance

Los Angeles Residents Only:We will consider for employment all qualified applicants including those with criminal histories in a manner consistent with the requirements of applicable state and local laws including the City of Los Angeles Fair Chance Initiative for Hiring Ordinance

Search Firm Representatives Please Read Carefully
Merck & Co. Inc. Rahway NJ USA also known as Merck Sharp & Dohme LLC Rahway NJ USA does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place introductions are position specific. Please no phone calls or emails.

Employee Status:

Relocation:

VISA Sponsorship:

Travel Requirements:

Flexible Work Arrangements:

Shift:

Valid Driving License:

Hazardous Material(s):

Job Posting End Date:

*A job posting is effective until 11:59:59PM on the day BEFOREthe listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.