Specialist Product Security, Cybersecurity Engineering

Job Description

We are a leading pharmaceutical company dedicated to advancing healthcare through innovative technologies and secure digital solutions. As we continue to expand our digital footprint, we are seeking a passionate and skilled Specialist Product Security, Cybersecurity Engineering to join our dynamic team and help us strengthen our security posture across cloud, container, and application environments.

Key Responsibilities:

• Collaborate with development, QA, and DevOps teams to integrate security best practices throughout the software development lifecycle.
• Conduct security assessments and testing of applications, APIs, and cloud/container environments.
• Identify, analyze, and remediate security vulnerabilities using automated tools and manual techniques.
• Implement and advocate for secure coding standards and application security frameworks.
• Support incident and vulnerability management processes.
• Drive continuous improvement in application security practices and tooling.
• Work cross-functionally with internal and external stakeholders to promote security awareness and compliance.

Required Experience And Skills:

• Hands-on experience with one or more cloud and container platforms such as AWS, Azure, Kubernetes, Tanzu, or Cloud Foundry.
• Background in secure software development (software engineer, QA, DevOps) or Information Security, with a strong desire to deepen expertise in Application Security.
• Solid understanding of web browsers, network and web protocols (TCP/IP, HTTP/HTTPS, SSL/TLS, DNS, SSH), web services, and APIs.
• Familiarity with application security tools including SAST, DAST, OSS scanning, mobile security testing, and API security testing.
• Knowledge of secure cloud and container concepts, associated security risks, and best practices.
• Strong experience with Infrastructure as Code (IaC) tools such as CloudFormation and Ansible.
• Understanding of various application models (client-server, desktop, mobile).
• Familiarity with the software development/delivery lifecycle and related technologies.
• Basic coding knowledge and ability to read code in languages such as Python, Java, JavaScript, .NET.
• Excellent interpersonal, networking, influencing, and relationship-building skills, with the ability to work effectively across cultures and diverse teams.
• Personal drive and passion for continuous learning and advancing Application Security best practices.

Preferred Experience And Skills:

• Understanding of OWASP web application security risks (e.g., XSS, SQL Injection) and mitigation strategies.
• Experience with Agile development processes and DevSecOps best practices.
• Industry certifications such as Certified Application Security Engineer (CASE), CISSP, CISM, AWS Security Specialty, or similar.
• Familiarity with Infrastructure as Code (IaC) security practices.
• Experience with CI/CD pipelines and securing automated deployment workflows.
• Knowledge of incident and vulnerability management.
• Experience with securely implementing and managing secrets and cryptography according to industry best practices.

Education:

• Bachelor’s Degree preferred, ideally in one of the following fields:
• Cyber Security
• Computer Science
• Engineering
• Management/Computer Information Systems

Why Join Us?

• Opportunity to work with cutting-edge cloud and container technologies in the pharmaceutical industry.
• Contribute to securing products that impact global health and patient safety.
• Collaborative and inclusive work environment.
• Commitment to professional growth and continuous learning.
• Competitive salary and benefits package.

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully 
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company.  No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. 

Employee Status:

Regular

Relocation:

No relocation

Visa Sponsorship:

No

Travel Requirements:

No Travel Required

Flexible Work Arrangements:

Hybrid

Shift:

Not Indicated

Valid Driving License:

No

Hazardous Material(S):

n/a

Required Skills:

Agile Application Development, Application Security, CI/CD, Computer Science, Continuous Integrations, Cybersecurity, Information Security, Infrastructure As Code (IaC), JavaScript, JScript, Python (Programming Language), Security Operations, Software Development, System Designs, Web Application Security

Preferred Skills:

Job Posting End Date:

09/22/2025

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.