Sr. Application Security Expert
Merck & Co., Inc. Kenilworth, N.J., U.S.A. known as Merck in the United States and Canada, is a global health care leader with a diversified portfolio of prescription medicines, vaccines and animal health products. The difference between potential and achievement lies in the spark that fuels innovation and inventiveness; this is the space where Merck has codified its legacy for over a century. Merck’s success is backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare.
Merck Manufacturing Division, MMD, is a team of dedicated, energetic individuals who are committed to being the most trusted supplier of pharmaceuticals and health products worldwide. Our facilities, along with our external contractors, suppliers, and partners, comprise an interdependent global manufacturing network that’s committed to delivering a compliant, reliable supply to customers and patients on time, every time, across the globe.
How will you invent the future?
As a Senior Application Security Expert at Merck’s Branchburg IT HUB, you will be part of inventing tomorrow. Our Innovative centers are where great people come together and deliver solutions that save and improve lives.
We are seeking motivated talent interested in solving problems to improve tomorrow by joining a new team focused on Application Security and Software Assurance.
- Contribute to the success of firm wide application security program by working with application development stakeholders and cyber security engineers to implement software security controls effectively
- Perform detail analysis of results found by application security tools in pre-prod and prod environments, help eliminate false positives, prioritize vulnerabilities, research and propose remediation steps
- Act as subject matter expert for application security and manage vulnerability remediation
- Work with developers and security engineers to continuously improve AppDev security services
- Assist with security and compliance projects on an ad-hoc basis
- Define and capture metrics to support security in the software development lifecycle
- Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness
- Develop secure code guidelines and provide remediation strategies
- Create custom rules for scan engines such as Appscan, Fortify or Checkmarx.
- Advocate for security requirements during all phases of the SDLC
You will work and learn more about:
- Integration of leading edge cybersecurity initiatives with application development
- Working globally across our market and hub network
- How to define meaningful metrics that lead to a reduction in security flaws
Education Minimum Requirement:
- A Bachelor's Degree is required. Concentration in one of the following fields preferred.
- Computer Science
- Management/Computer Information Systems
- Information Assurance
- 5+ years of experience in software security and software security vulnerabilities
- 3+ years of hands on software development experience with Java/.NET
- Expert level understanding of OWASP Top 10, SANS Top 25, SAFECode and other software security taxonomy, guidelines and best practices
- Experience documenting and providing fixes to identified vulnerabilities at the code level (developer friendly)
- Understanding of secure software development lifecycle process and accompanying technologies
- Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected.
- Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management
- Ability to work both independently and perform as a leader in team environment
Your role at Merck is integral to helping the world meet new breakthroughs that affect generations to come, and we’re counting on your skills and inventiveness to help make meaningful contributions to global medical advancement. At Merck, we’re inventing for life.
If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to firstname.lastname@example.org.
Search Firm Representatives Please Read Carefully:
Merck & Co., Inc. is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at Merck via email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Merck. No fee will be paid in the event the candidate is hired by Merck as a result of the referral or through other means.
Visa sponsorship is not available for this position.
For more information about personal rights under Equal Employment Opportunity, visit:
Job: Compliance & Risk Management
Employee Status: Regular
Travel: Yes, 5 % of the Time
Number of Openings: 1
Shift (if applicable):
Company Trade Name: Merck