Senior Application Security Engineer

Employer
Merck
Location
Austin, TX, US
Posted
March 21 2018
Organization Type
Pharma
Requisition ID: ENG003762

Merck & Co., Inc. Kenilworth, N.J., U.S.A. known as Merck in the United States and Canada, is a global health care leader with a diversified portfolio of prescription medicines, vaccines and animal health products. The difference between potential and achievement lies in the spark that fuels innovation and inventiveness; this is the space where Merck has codified its 125-year legacy. Merck’s success is backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare.

Merck’s Information Technology organization partners with colleagues across the business to help serve our patients and customers around the world. Ours is a high energy team of dynamic, innovative individuals dedicated to advancing Merck’s contribution to global medical innovation by leveraging information and technology to efficiently advance the business by driving revenue and productivity.

 

How will you invent the future?


As a Senior Application Security Engineer at Merck’s Austin IT HUB, you will be part of inventing tomorrow. Our Innovative centers are where great people come together and deliver solutions that save and improve lives.


We are seeking motivated talent interested in solving problems to improve tomorrow by joining a new team focused on Application Security and Software Assurance.


You will:

  • Contribute to the success of firmwide application security program by leading the engineering and introduction of new security services for application development. This position is responsible for integration and automation of application security testing into firm’s standard SDLC.
  • Design, analyze, develop and/or deliver, application security products and services to secure SDLC.
  • Ensure stability and resiliency of application security products and services.
  • Driving the testing and deployment of scanning tools across various CI environments.
  • L1/L2 support to developers and coordination with tool vendors to file bugs, enhancement requests, etc.
  • Implement custom rules for scan engines such as Appscan, Fortify or Checkmarx.
  • Contribute on technical inputs to management during proof of concept reviews to new security products.
  • Develop a familiarity with new tools and best practices and assist with the integration of these toolsets with the enterprise.
  • Define and capture metrics from multiple sources across varying technology environment to support security in the software development lifecycle.
  • Recommends & Implement security solutions in mitigating/closing the application vulnerabilities.
 

You will work and learn more about:

  • Integration of leading edge cybersecurity initiatives with application development.
  • Working globally across our market and hub network.
  • How to define meaningful metrics that lead to a reduction in security flaws.
  • Acquire deep understanding and knowledge of business processes working with development team.

Position is in Austin, Texas.

Qualifications

Education:

  • A Bachelor's Degree is required.
  • Concentration in one of the following fields preferred.
    • Computer Science
    • Cybersecurity
    • Management/Computer Information Systems
    • Information Assurance
 

Required:

  • Minimum of five (5) years of Information Security Experience.
  • Minimum of three (3) years of operational implementation and use of Application security assessment tools e.g. Appscan, Fortify, Black duck or similar scanning tools.
  • Experience with hands on security testing of applications to proactively discover risk and track to resolution.
  • Solid foundation in application security practices and methodologies to include Continuous Integration/Delivery
    • Scripting knowledge (e.g. python, shell scripting, Java script)
    • Ability to scale security within the SDLC by automating using tools sets such as source code analyzers, vulnerability scanners, configuration validation and similar techniques.
    • Passion for learning about new technologies and emerging security threats.
    • Familiarity with common programming languages (Java, .NET, C/C++, etc.)
    • Familiarity with build tools and processes (Jenkins, Bamboo, Ant, TFS/VSTS, Source Control, etc.)
    • Familiarity with bug trackers such as JIRA and Bugzilla
    • Familiarity with IDEs such as VS and Eclipse
    • Familiarity with application security fundamentals (common vulnerabilities, business risk from app vulnerabilities, static vs dynamic testing, etc.)
 

Preferred:

  • Demonstrated understanding of Common Vulnerabilities (OWASP Top 10), DAST, SAST, application Security Architecture and Threat Modeling.
  •  Experience building security within DevOps to ensure applications are secure, while ensuring the needs of the CI/CD are met.
  • Have a strong understanding of the Ethical Hacker processes and procedures.
  • Able to explain application vulnerabilities to programmers and application owners.
  • Proficiency in cloud and mobile security concepts.
  • Familiarity with cloud-based tools and platforms (Docker, Azure, AWS, etc.).
  • Ongoing operations of software composition analysis and pen testing capabilities.
  • Experience with access management, cyber incidents, security products, and industry standards (e.g. NIST, ISO) preferred
 

Your role at Merck is integral to helping the world meet new breakthroughs that affect generations to come, and we’re counting on your skills and inventiveness to help make meaningful contributions to global medical advancement. At Merck, we’re inventing for life. 

 

If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to staffingaadar@merck.com.

  

Search Firm Representatives Please Read Carefully: 

Merck & Co., Inc. is not accepting unsolicited assistance from search firms for this employment opportunity.  Please, no phone calls or emails.  All resumes submitted by search firms to any employee at Merck via email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Merck.  No fee will be paid in the event the candidate is hired by Merck as a result of the referral or through other means.

 

Visa sponsorship is not available for this position.

 

For more information about personal rights under Equal Employment Opportunity, visit:

 

            EEOC Poster

            EEOC GINA Supplement 



Job: Engineering, Development & Integration
Other Locations:
Employee Status: Regular
Travel: Yes, 5 % of the Time
Number of Openings:
Shift (if applicable):
Hazardous Materials:
Company Trade Name: Merck

Similar jobs

Similar jobs