Merck Sr. Application Security Engineer in Branchburg, New Jersey

Merck & Co., Inc. Kenilworth, N.J., U.S.A. known as Merck in the United States and Canada, is a global health care leader with a diversified portfolio of prescription medicines, vaccines and animal health products. The difference between potential and achievement lies in the spark that fuels innovation and inventiveness; this is the space where Merck has codified its legacy for over a century. Merck’s success is backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare.

As a Senior Application Security Engineer at Merck’s Branchburg IT HUB, you will be part of inventing tomorrow. Our Innovative centers are where great people come together and deliver solutions that save and improve lives.

We are seeking motivated talent interested in solving problems to improve tomorrow by joining a new team focused on Application Security and Software Assurance.

You will:

  • Contribute to the success of firmwide application security program by leading the engineering and introduction of new security services for application development. This position is responsible for integration and automation of application security testing into firm’s standard SDLC.

  • Design, analyze, develop and/or deliver, application security products and services to secure SDLC

  • Ensure stability and resiliency of application security products and services

  • Driving the testing and deployment of scanning tools across various CI environments

  • L1/L2 support to developers and coordination with tool vendors to file bugs, enhancement requests, etc.

  • Implement custom rules for scan engines such as Appscan, Fortify or Checkmarx.

  • Contribute on technical inputs to management during proof of concept reviews to new security products

  • Develop a familiarity with new tools and best practices and assist with the integration of these toolsets with the enterprise.

  • Define and capture metrics from multiple sources across varying technology environment to support security in the software development lifecycle

  • Recommends & Implement security solutions in mitigating/closing the application vulnerabilities.

You will work and learn more about:

  • Integration of leading edge cybersecurity initiatives with application development

  • Working globally across our market and hub network

  • How to define meaningful metrics that lead to a reduction in security flaws

  • Acquire deep understanding and knowledge of business processes working with development team

Position in Branchburg, NJ

Your role at Merck is integral to helping the world meet new breakthroughs that affect generations to come, and we’re counting on your skills and inventiveness to help make meaningful contributions to global medical advancement. At Merck, we’re inventing for life.

If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to staffingaadar@merck.com .

Education Minimum Requirement:

A Bachelor's Degree is required. Concentration in one of the following fields preferred.

Computer Science

Cybersecurity

Management/Computer Information Systems

Information Assurance

Required Experience and Skills:

  • 3 years of Information Security Experience

  • 3 to 5 years of operational implementation and use of Application security assessment tools e.g. Appscan, Fortify, Black duck or similar scanning tools

  • Experience with hands on security testing of applications to proactively discover risk and track to resolution

  • Solid foundation in application security practices and methodologies to include Continuous Integration/Delivery

  • Scripting knowledge (e.g. python, shell scripting, Java script)

  • Ability to scale security within the SDLC by automating using tools sets such as source code analyzers, vulnerability scanners, configuration validation and similar techniques.

  • Passion for learning about new technologies and emerging security threats.

  • Familiarity with common programming languages (Java, .NET, C/C , etc.)

  • Familiarity with build tools and processes (Jenkins, Bamboo, Ant, TFS/VSTS, Source Control, etc.)

  • Familiarity with bug trackers such as JIRA and Bugzilla

  • Familiarity with IDEs such as VS and Eclipse

  • Familiarity with application security fundamentals (common vulnerabilities, business risk from app vulnerabilities, static vs dynamic testing, etc.)

Preferred Experience and Skills:

  • Demonstrated understanding of Common Vulnerabilities (OWASP Top 10), DAST, SAST, application Security Architecture and Threat Modeling

  • Experience building security within DevOps to ensure applications are secure, while ensuring the needs of the CI/CD are met

  • Have a strong understanding of the Ethical Hacker processes and procedures

  • Able to explain application vulnerabilities to programmers and application owners

  • Proficiency in cloud and mobile security concepts

  • Familiarity with cloud-based tools and platforms (Docker, Azure, AWS, etc.)

  • Ongoing operations of software composition analysis and pen testing capabilities

  • Experience with access management, cyber incidents, security products, and industry standards (e.g. NIST, ISO) preferred

Search Firm Representatives Please Read Carefully:

Merck & Co., Inc. is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at Merck via email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Merck. No fee will be paid in the event the candidate is hired by Merck as a result of the referral or through other means.

Visa sponsorship is not available for this position.

For more information about personal rights under Equal Employment Opportunity, visit:

EEOC Poster at http://www1.eeoc.gov/employers/upload/eeocselfprint_poster.pdf

EEOC GINA Supplement​ at http://www1.eeoc.gov/employers/upload/eeocginasupplement.pdf

Merck is an equal opportunity employer, Minority/Female/Disability/Veteran – proudly embracing diversity in all of its manifestations.

Job Compliance & Risk Management

Merck is an equal opportunity employer, Minority/Female/Disability/Veteran – proudly embracing diversity in all of its manifestations.

Title: Sr. Application Security Engineer

Primary Location: NA-US-NJ-Branchburg

Requisition ID: COM000659