Merck Jobs

Job Description

We are looking for a Senior Director to lead our Offensive Security Operations team (AKA Red Team), a group of highly skilled and experienced professionals who provide offensive security testing and threat emulation services to our clients. As the Senior Director, you will be responsible for defining the vision, strategy, and roadmap for the Offensive Security Operations capabilities, as well as overseeing the delivery of high-quality and mission driven security assessments. You will also lead the staff, guide, and train them, and promote a culture of creativity, teamwork, and excellence.

Responsibilities:

• Develop and execute the Offensive Security Operations services strategy, roadmap, and budget, aligning with the overall cybersecurity business objectives and internal customer needs.

• Lead penetration testing projects which includes network, cloud, wireless, web application, social engineering, and infrastructure penetration testing.

• Plan / Build collaborative testing scenarios with other key stakeholders and partners (Blue and Purple) to improve overall security.

• Simulate real-world attacks to identify vulnerabilities and potential angles of attack.

• Oversee the scoping, planning, execution, and reporting of Red Team and Purple Team engagements, ensuring compliance with contractual obligations, ethical guidelines, and legal requirements.

• Reporting findings back to the company to help fortify cybersecurity measures.

• Provide technical leadership and advise to our internal stakeholders on attack and penetration test engagements.

• Ensure that service delivery is monitored effectively and that identified actions to maintain or improve levels of service are implemented.

• Ensure that service level agreements are complete and cost-effective across the catalogue of available services.

• Lead and manage the staff, including hiring, performance management, career development, and retention.

• Lead offensive efforts such as measuring performance quality, establishing goals and objectives for the team, and planning resources.

• Ensure the team delivers high-quality and impactful engagements that meet or exceed our company’s expectations aligned to industry standards.

• Establish and maintain strong relationships with internal and external stakeholders, including senior management, risk officers, product and engineering teams.

• Stay abreast of the latest trends, technologies, and threats in the cybersecurity domain, and incorporate them into the product line offerings.

• Establish processes and programs that investigate an organization’s cybersecurity efforts.

• Review and perform in-depth analysis of test results and oversee reporting that describes findings, exploitation procedures, risks and recommendations.

• Convey complex technical security concepts to technical and non-technical audiences including executives.

Required Qualifications:

• Bachelor's Degree or higher in Cybersecurity, Computer Science, Engineering, Information Systems, or related field.

• Minimum of 5 years of experience in cybersecurity, with at least 3 years of experience in leading and managing Red Team or offensive security teams.

• Expert knowledge and hands-on experience in various aspects of offensive security, such as penetration testing, vulnerability assessment, exploit development, malware analysis, reverse engineering, and threat intelligence.

• Strong leadership, communication, and interpersonal skills, with the ability to inspire, motivate, and mentor a diverse and talented team.

• Excellent customer service, project management, and problem-solving skills, with the ability to deliver high-quality and impactful results under pressure and tight deadlines.

• Proven track record of developing and executing successful product line strategies, roadmaps, and budgets, and achieving the goals and objectives that drive overall risk reduction.

• Extensive network and reputation in the cybersecurity industry and community, with the ability to attract and retain top talent and customers.

• Certifications such as OSCP, OSCE, OSWE, GPEN, GXPN, or equivalent are highly desirable.

• Strongly prefer US based candidates to be in EST time zone for collaboration and work purposes.

#eligibleforerp

NOTICE FOR INTERNAL APPLICANTS

In accordance with Managers' Policy - Job Posting and Employee Placement, all employees subject to this policy are required to have a minimum of twelve (12) months of service in current position prior to applying for open positions.

If you have been offered a separation benefits package, but have not yet reached your separation date and are offered a position within the salary and geographical parameters as set forth in the Summary Plan Description (SPD) of your separation package, then you are no longer eligible for your separation benefits package. To discuss in more detail, please contact your HRBP or Talent Acquisition Advisor.

Employees working in roles that the Company determines require routine collaboration with external stakeholders, such as customer-facing commercial, or research-based roles, will be expected to comply not only with Company policy but also with policies established by such external stakeholders (for example, a requirement to be vaccinated against COVID-19 in order to access a facility or meet with stakeholders). Please understand that, as permitted by applicable law, if you have not been vaccinated against COVID-19 and an essential function of your job is to call on external stakeholders who require vaccination to enter their premises or engage in face-to-face meetings, then your employment may pose an undue burden to business operations, in which case you may not be offered employment, or your employment could be terminated. Please also note that, where permitted by applicable law, the Company reserves the right to require COVID-19 vaccinations for positions, such as in Global Employee Health, where the Company determines in its discretion that the nature of the role presents an increased risk of disease transmission.

Current Employees apply HERE (https://wd5.myworkday.com/msd/d/task/1422$6687.htmld)

Current Contingent Workers apply HERE (https://wd5.myworkday.com/msd/d/task/1422$4020.htmld)

US and Puerto Rico Residents Only:

Our company is committed to inclusion, ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here (https://survey.sogosurvey.com/r/aCdfqL) if you need an accommodation during the application or hiring process.

We are an Equal Opportunity Employer, committed to fostering an inclusive and diverse workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status, or other applicable legally protected characteristics. For more information about personal rights under the U.S. Equal Opportunity Employment laws, visit:

EEOC Know Your Rights (https://www.eeoc.gov/sites/default/files/2022-10/22-088_EEOC_KnowYourRights_10_20.pdf)

EEOC GINA Supplement​

Pay Transparency Nondiscrimination (https://www.dol.gov/sites/dolgov/files/OFCCP/pdf/pay-transp_%20English_formattedESQA508c.pdf)

We are proud to be a company that embraces the value of bringing diverse, talented, and committed people together. The fastest way to breakthrough innovation is when diverse ideas come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another’s thinking and approach problems collectively.

Learn more about your rights, including under California, Colorado and other US State Acts (https://www.msdprivacy.com/us/en/CCPA-notice/)

U.S. Hybrid Work Model

Effective September 5, 2023, employees in office-based positions in the U.S. will be working a Hybrid work consisting of three total days on-site per week, generally Tuesday, Wednesday and either Monday or Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence. This Hybrid work model does not apply to, and daily in-person attendance is required for, field-based positions; facility-based, manufacturing-based, or research-based positions where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance also does not apply to roles that have been designated as “remote”.

Under New York State, Colorado State, Washington State, and California State law, the Company is required to provide a reasonable estimate of the salary range for this job. Final determinations with respect to salary will take into account a number of factors, which may include, but not be limited to the primary work location and the chosen candidate’s relevant skills, experience, and education.

Expected salary range:

$181,600.00 - $285,800.00

Available benefits include bonus eligibility, health care and other insurance benefits (for employee and family), retirement benefits, paid holidays, vacation, and sick days. For Washington State Jobs, a summary of benefits is listed here (https://www.benefitsatmerck.com/) .

Search Firm Representatives Please Read Carefully

Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

Employee Status:

Regular

Relocation:

No relocation

VISA Sponsorship:

Yes

Travel Requirements:

10%

Flexible Work Arrangements:

Hybrid

Shift:

1st - Day

Valid Driving License:

No

Hazardous Material(s):

N/A

Job Posting End Date: 05/18/2024

A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.

Requisition ID: R290145