Director, Cybersecurity Engineering

MSD


Job Location:

Rahway, NJ - USA

Monthly Salary: $ 156900 - 247000
Posted on: 16 hours ago
Vacancies: 1 Vacancy

Job Summary

Job Description

The Commercial Technologies Operational Security Lead is a Director role responsible for ensuring the security resilience and operational integrity of customerfacing technology solutions including software platforms and integrated hardware offerings. This role provides handson leadership and subject matter expertise across vulnerability research security engineering product security and operational assurance for technologies delivered to external customers.

The individual will partner closely with product engineering cloud and commercial technology teams to ensure security controls are designed implemented validated and continuously improved throughout the product lifecycle. This role plays a critical part in enabling secure innovation protecting customer trust and ensuring solutions meet regulatory contractual and risk expectations in a highly regulated environment.

Key Activities

  • Provide security oversight and operational assurance for customerfacing software and hardware technology solutions across development deployment and runtime operations.

  • Define assess and validate security controls for commercial technology platforms ensuring alignment with enterprise security standards regulatory requirements and customer expectations.

  • Lead vulnerability research analysis and operational response across applications platforms infrastructure and embedded technologies.

  • Partner with engineering and product teams to integrate security into architecture design and development processes using securebydesign and shiftleft principles.

  • Support product security activities including threat modeling secure design reviews penetration testing coordination and remediation validation.

  • Provide security architecture guidance for virtualized cloudnative hybrid and containerized environments supporting customer solutions.

  • Oversee vulnerability management operations for commercial technologies including scanning prioritization remediation tracking and risk acceptance.

  • Collaborate with DevSecOps teams to drive automation of security testing control validation and continuous monitoring.

  • Ensure security requirements are embedded into CI/CD pipelines and product release processes.

  • Act as a key liaison between commercial technology teams enterprise security risk management and compliance functions.

  • Support customer assurance activities including security questionnaires audits attestations and incident response coordination.

  • Contribute to incident response and root cause analysis for security events impacting customerfacing technologies.

  • Identify gaps emerging risks and improvement opportunities across product and operational security capabilities.

  • Promote security best practices standards and operational maturity across commercial technology portfolios.

Education Requirements

  • Bachelors degree in Computer Science Engineering Information Security or a related field.

  • Advanced degree or relevant security certifications preferred.

Required Skills and Experience

Technical Expertise

  • Strong experience in vulnerability research vulnerability management operations and remediation validation.

  • Handson experience with security engineering and product security for softwarebased and integrated hardware solutions.

  • Solid understanding of security architecture principles for cloud virtualized containerized and hybrid environments.

  • Experience securing APIs web applications SaaS platforms and distributed systems.

  • Familiarity with DevSecOps practices CI/CD pipelines and security automation tooling.

  • Working knowledge of cryptography identity and access management and secure communications.

Operational Security & Product Assurance

  • Experience supporting customerfacing technologies where security availability and trust are businesscritical.

  • Ability to assess operational risk and translate findings into actionable remediation plans.

  • Experience supporting audits customer security reviews and regulatory expectations.

Experience & Leadership

  • 10 years of experience in cybersecurity product security security engineering or related technical disciplines.

  • Demonstrated ability to operate as a leader influencing outcomes through expertise rather than formal authority.

  • Proven ability to work effectively across engineering product cloud and business teams.

Communication & Collaboration

  • Strong communication skills with the ability to explain complex security concepts to technical and nontechnical stakeholders.

  • Ability to balance security rigor with business enablement and product delivery timelines.

Preferred Skills and Experience

Certifications

  • CISSP CSSLP GWAPT OSCP or equivalent security certifications.

Frameworks and Standards

  • Familiarity with NIST ISO 27001 OWASP and secure development lifecycle (SDLC) frameworks.

Cloud & Automation

  • Experience with major cloud platforms (AWS Azure GCP) and infrastructureascode tooling.

  • Experience leveraging automation to scale security controls and operational assurance.

Required Skills:

Application Security Application Security Business Enablement Certificate Services Change Catalyst Communication Cross-Cultural Awareness Cybersecurity Cybersecurity Analytics Cybersecurity Operations Delivery of Security Applications Design Applications Information Security ISO 27000 ISO 27001 Implementation ISO 27002 Network Segmentation Operational Technology (OT) Security Organizational Security Regulatory Requirements Security Architecture Design Security Automation Security Engineering SLA Management System Designs 3 more

Preferred Skills:

Current Employees apply HERE

Current Contingent Workers apply HERE

US and Puerto Rico Residents Only:

Our company is committed to inclusion ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here if you need an accommodation during the application or hiring process.

As an Equal Employment Opportunity Employer we provide equal opportunities to all employees and applicants for employment and prohibit discrimination on the basis of race color age religion sex sexual orientation gender identity national origin protected veteran status disability status or other applicable legally protected a federal contractor we comply with all affirmative action requirements for protected veterans and individuals with disabilities. For more information about personal rights under the U.S. Equal Opportunity Employment laws visit:

EEOC Know Your Rights

EEOC GINA Supplement

We are proud to be a company that embraces the value of bringing together talented and committed people with diverse experiences perspectives skills and backgrounds. The fastest way to breakthrough innovation is when people with diverse ideas broad experiences backgrounds and skills come together in an inclusive environment. We encourage our colleagues to respectfully challenge one anothers thinking and approach problems collectively.

Learn more about your rights including under California Colorado and other US State Acts

The salary range for this role is

$156900.00 - $247000.00

This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. An employees position within the salary range will be based on several factors including but not limited to relevant education qualifications certifications experience skills geographic location government requirements and business or organizational needs.

The successful candidate will be eligible for annual bonus and long-term incentive if applicable.

We offer a comprehensive package of benefits. Available benefits include medical dental vision healthcare and other insurance benefits (for employee and family) retirement benefits including 401(k) paid holidays vacation and compassionate and sick days. More information about benefits is available at can apply for this role through (or via the Workday Jobs Hub if you are a current employee). The application deadline for this position is stated on this posting.

San Francisco Residents Only:We will consider qualified applicants with arrest and conviction records for employment in compliance with the San Francisco Fair Chance Ordinance

Los Angeles Residents Only:We will consider for employment all qualified applicants including those with criminal histories in a manner consistent with the requirements of applicable state and local laws including the City of Los Angeles Fair Chance Initiative for Hiring Ordinance

Search Firm Representatives Please Read Carefully
Merck & Co. Inc. Rahway NJ USA also known as Merck Sharp & Dohme LLC Rahway NJ USA does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place introductions are position specific. Please no phone calls or emails.

Employee Status:

Regular

Relocation:

No relocation

VISA Sponsorship:

No

Travel Requirements:

10%

Flexible Work Arrangements:

Hybrid

Shift:

1st - Day

Valid Driving License:

No

Hazardous Material(s):

N/A

Job Posting End Date:

07/8/2026

*A job posting is effective until 11:59:59PM on the day BEFOREthe listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.


Required Experience:

Director

Job DescriptionThe Commercial Technologies Operational Security Lead is a Director role responsible for ensuring the security resilience and operational integrity of customerfacing technology solutions including software platforms and integrated hardware offerings. This role provides handson leaders...

About Company

Company Logo

Merck & Co., Inc., Kenilworth, New Jersey, USA is known as “Merck” in the United States, Canada & Puerto Rico. We are known as “MSD” in Europe, Middle East, Africa, Latin America & Asia Pacific. We are a global biopharmaceutical leader with a diverse portfolio of prescription medicine ... View more

View Profile View Profile