Senior Application Security Expert

Employer
Merck
Location
Austin, TX, US
Posted
March 21 2018
Discipline
Other
Organization Type
Pharma
Requisition ID: BUS002645

Merck & Co., Inc. Kenilworth, N.J., U.S.A. known as Merck in the United States and Canada, is a global health care leader with a diversified portfolio of prescription medicines, vaccines and animal health products. The difference between potential and achievement lies in the spark that fuels innovation and inventiveness; this is the space where Merck has codified its 125-year legacy. Merck’s success is backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare.

Merck’s Information Technology organization partners with colleagues across the business to help serve our patients and customers around the world. Ours is a high energy team of dynamic, innovative individuals dedicated to advancing Merck’s contribution to global medical innovation by leveraging information and technology to efficiently advance the business by driving revenue and productivity.

How will you invent the future?


As a Senior Application Security Expert at Merck’s Austin IT HUB, you will be part of inventing tomorrow. Our Innovative centers are where great people come together and deliver solutions that save and improve lives.

 

We are seeking motivated talent interested in solving problems to improve tomorrow by joining a new team focused on Application Security and Software Assurance.

 

You will:

  • Contribute to the success of firmwide application security program by working with application development stakeholders and cybersecurity engineers to implement software security controls effectively.
  • Perform detail analysis of results found by application security tools in pre-prod and prod environments, help eliminate false positives, prioritize vulnerabilities, research and propose remediation steps.
  • Act as subject matter expert for application security and manage vulnerability remediation.
  • Work with developers and security engineers to continuously improve AppDev security services.
  • Assist with security and compliance projects on an ad-hoc basis.
  • Define and capture metrics to support security in the software development lifecycle.
  • Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.
  • Develop secure code guidelines and provide remediation strategies.
  • Create custom rules for scan engines such as Appscan, Fortify or Checkmarx.
  • Advocate for security requirements during all phases of the SDLC
 

You will work and learn more about:

  • Integration of leading edge cybersecurity initiatives with application development.
  • Working globally across our market and hub network.
  • How to define meaningful metrics that lead to a reduction in security flaws.
  • Understanding of our business in healthcare sector.
 

 

Position is in Austin, Texas.

Qualifications

Education:

  • Bachelor's Degree is required.
  • Concentration in one of the following fields preferred.
    • Computer Science
    • Cybersecurity
    • Management/Computer Information Systems
    • Information Assurance
 

Required:

  • Minimum of five years of experience in software security and software security vulnerabilities.
  • Minimum of three years of hands on software development experience with Java/.NET.
  • Expert level understanding of OWASP Top 10, SANS Top 25, SAFECode and other software security taxonomy, guidelines and best practices.
  • Experience documenting and providing fixes to identified vulnerabilities at the code level (developer friendly).
  • Understanding of secure software development lifecycle process and accompanying technologies.
  • Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected.
  • Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management.
  • Ability to work both independently and perform as a leader in team environment.
 

Preferred:

  • Experience with penetration testing tools and technologies, application layer assessment tools, such as local proxies and fuzzers.
  • Experience with threat modeling and security design review methodologies.
  • Ability to perform targeted vulnerability research.
  • Proficiency in cloud and mobile security concepts.
  • Ongoing operations of software composition analysis and pen testing capabilities.
  • Experience with tools such as AppScan Source, Fortify, Veracode, Sonatype or Blackduck.
  • Experience with access management, cyber incidents, security products, and industry standards (e.g. NIST, ISO).
  • Relevant professional certification (e.g. CISSP, CCSLP).
 

Your role at Merck is integral to helping the world meet new breakthroughs that affect generations to come, and we’re counting on your skills and inventiveness to help make meaningful contributions to global medical advancement. At Merck, we’re inventing for life. 

 

If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to staffingaadar@merck.com.

  

Search Firm Representatives Please Read Carefully: 

Merck & Co., Inc. is not accepting unsolicited assistance from search firms for this employment opportunity.  Please, no phone calls or emails.  All resumes submitted by search firms to any employee at Merck via email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Merck.  No fee will be paid in the event the candidate is hired by Merck as a result of the referral or through other means.

 

Visa sponsorship is not available for this position.

 

For more information about personal rights under Equal Employment Opportunity, visit:

 

            EEOC Poster

            EEOC GINA Supplement 



Job: Business/Technical Analysis
Other Locations:
Employee Status: Regular
Travel: Yes, 5 % of the Time
Number of Openings:
Shift (if applicable):
Hazardous Materials:
Company Trade Name: Merck

Similar jobs

More searches like this

Similar jobs