Cyber Attack Surface Reduction Lead

Date: Apr 19, 2019

Location: Branchburg, NJ, US

Apply now »
Requisition ID: COM000715

Merck & Co., Inc. Kenilworth, N.J., U.S.A. known as Merck in the United States and Canada, is a global health care leader with a diversified portfolio of prescription medicines, vaccines and animal health products. The difference between potential and achievement lies in the spark that fuels innovation and inventiveness; this is the space where Merck has codified its legacy for over a century. Merck’s success is backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare.

Leads the day-to-day operations of Attack Surface Reduction (ASR) team. Point of contact across the CFC for all needs relating to the ASR function. coordinate, monitor and support activities in the areas of the Vulnerability scanning across both internal infrastructure, external web and mobile applications, security patch and remediation management. Provide input, help prepare and update ASR road map, develop, maintain and publish project plans. Prepare and provide detailed reports.

Key Responsibilities:

  • Oversee the day-to-day operations of the ASR team
  • Develop close working partnerships with functional senior leaders to ensure Penetration Testers have the support, products, and permissions they need to accomplish their mission
  • Provide quality control over team products; assist with drafting, editing, critiquing, and proofreading vulnerability management playbooks, policies, and reports
  • Maintain an ongoing development of current threat intelligence and vulnerability analysis with an in-depth knowledge of identification, mitigation, and recovery strategies

Education Minimum Requirement:
  • BA/BS in Engineering, Computer Science, Information Security, or Information System or 8-10 years of computer and network security experience
Required Experience and Skills: 
  • 3+ years of leading a team
  • Experience with designing and implementing Attack Surface Reduction strategies
  • Experience with leading a team responsible for performing compliance scans, analyzing configurations, as well as recommending hardening configuration settings for networks, operating systems, applications, databases, and other information system components
  • Detailed knowledge of TCP/IP communications, common protocols, and applications at the network level
  • Demonstrated analytic expertise – to include ability to think critically and logically in a dynamic, high-pressure, fast-paced environment
  • Excellent oral and written communication skills
Preferred Experience and Skills:
  • Experience leading a security team in an enterprise environment
  • Experience working with platform owners to resolve vulnerability and configuration issues
  • Experience managing and tracking vulnerability cases
  • Experience with Microsoft, OS X, and Unix-based operating systems
  • Experience supporting network investigations
  • Experience in scripting with Perl, Shell, Python, or similar high-level programming language
  • Experience with enterprise full packet capture solutions
  • Network or Engineering Certification, including Network+, MCSE, or CCNA
  • Preferred certifications include, Security+, CEH, GCIA, GCIH, CISSP or similar certification
Your role at Merck is integral to helping the world meet new breakthroughs that affect generations to come, and we’re counting on your skills and inventiveness to help make meaningful contributions to global medical advancement. At Merck, we’re inventing for life. 

If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to
Search Firm Representatives Please Read Carefully: 
Merck & Co., Inc. is not accepting unsolicited assistance from search firms for this employment opportunity.  Please, no phone calls or emails.  All resumes submitted by search firms to any employee at Merck via email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Merck.  No fee will be paid in the event the candidate is hired by Merck as a result of the referral or through other means.
Visa sponsorship is not available for this position.
For more information about personal rights under Equal Employment Opportunity, visit:
            EEOC Poster
            EEOC GINA Supplement


Job: Compliance & Risk Management
Other Locations:
Employee Status: Regular
Travel: Yes, 5 % of the Time
Number of Openings: 1
Shift (if applicable): 1st
Hazardous Materials: No
Company Trade Name: Merck

Apply now »