Job Description

We are a leading pharmaceutical company dedicated to advancing healthcare through innovative technologies and secure digital solutions. As we continue to expand our digital footprint, we are seeking a passionate and skilled Specialist Product Security, Cybersecurity Engineering to join our dynamic team and help us strengthen our security posture across cloud, container, and application environments.

Key Responsibilities:

Collaborate with development, QA, and DevOps teams to integrate security best practices throughout the software development lifecycle.Conduct security assessments and testing of applications, APIs, and cloud/container environments.Identify, analyze, and remediate security vulnerabilities using automated tools and manual techniques.Implement and advocate for secure coding standards and application security frameworks.Support incident and vulnerability management processes.Drive continuous improvement in application security practices and tooling.Work cross-functionally with internal and external stakeholders to promote security awareness and compliance.

Required Experience and Skills:

Hands-on experience with one or more cloud and container platforms such as AWS, Azure, Kubernetes, Tanzu, or Cloud Foundry.Background in secure software development (software engineer, QA, DevOps) or Information Security, with a strong desire to deepen expertise in Application Security.Solid understanding of web browsers, network and web protocols (TCP/IP, HTTP/HTTPS, SSL/TLS, DNS, SSH), web services, and APIs.Familiarity with application security tools including SAST, DAST, OSS scanning, mobile security testing, and API security testing.Knowledge of secure cloud and container concepts, associated security risks, and best practices.Strong experience with Infrastructure as Code (IaC) tools such as CloudFormation and Ansible.Understanding of various application models (client-server, desktop, mobile).Familiarity with the software development/delivery lifecycle and related technologies.Basic coding knowledge and ability to read code in languages such as Python, Java, JavaScript, .NET.Excellent interpersonal, networking, influencing, and relationship-building skills, with the ability to work effectively across cultures and diverse teams.Personal drive and passion for continuous learning and advancing Application Security best practices.

Preferred Experience and Skills:

Understanding of OWASP web application security risks (e.g., XSS, SQL Injection) and mitigation strategies.Experience with Agile development processes and DevSecOps best practices.Industry certifications such as Certified Application Security Engineer (CASE), CISSP, CISM, AWS Security Specialty, or similar.Familiarity with Infrastructure as Code (IaC) security practices.Experience with CI/CD pipelines and securing automated deployment workflows.Knowledge of incident and vulnerability management.Experience with securely implementing and managing secrets and cryptography according to industry best practices.

Education:

Bachelor’s Degree preferred, ideally in one of the following fields:Cyber SecurityComputer ScienceEngineeringManagement/Computer Information Systems

Why Join Us?

Opportunity to work with cutting-edge cloud and container technologies in the pharmaceutical industry.Contribute to securing products that impact global health and patient safety.Collaborative and inclusive work environment.Commitment to professional growth and continuous learning.Competitive salary and benefits package.

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully 
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company.  No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. 

Employee Status:

Regular

Relocation:

No relocation

VISA Sponsorship:

No

Travel Requirements:

No Travel Required

Flexible Work Arrangements:

Hybrid

Shift:

Not Indicated

Valid Driving License:

No

Hazardous Material(s):

n/a

Required Skills:

Agile Application Development, Application Security, CI/CD, Computer Science, Continuous Integrations, Cybersecurity, Information Security, Infrastructure As Code (IaC), JavaScript, JScript, Python (Programming Language), Security Operations, Software Development, System Designs, Web Application Security

 Preferred Skills:

Job Posting End Date:

09/22/2025

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.

Requisition ID:R362641