Threat Defense Operations Lead

Date: Jun 16, 2019

Location: Branchburg, NJ, US

Apply now »
Requisition ID: COM000707

Merck & Co., Inc. Kenilworth, N.J., U.S.A. known as Merck in the United States and Canada, is a global health care leader with a diversified portfolio of prescription medicines, vaccines and animal health products. The difference between potential and achievement lies in the spark that fuels innovation and inventiveness; this is the space where Merck has codified its legacy for over a century. Merck’s success is backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare.

 The TDO Lead is responsible day-to-day Threat Defense Operations (TDO), including the creation of detection logic tailored to enterprise threat landscape using industry-specific intelligence and developed use cases. Responsible for fostering relationship with Cyber Threat Intelligence as a content provider and Incident Response as a content customer. 

Key Responsibilities:

  • Oversee the day-to-day operations of the TDO team
  • Develop close working partnerships with functional senior leaders to ensure threat intelligence analysis and products are mapped to prioritized corporate assets and risks
  • Respond to high-priority requests for information/hunts from senior stakeholders
  • Develop relationships with CTI and IR to enhance TDO hunt capabilities.
  • Provide quality control over team products; assist with drafting, editing, critiquing, and proofreading threat intelligence estimates, briefs, assessments, and memorandums. 
  • Conduct analytic reviews to foster analytic quality
  • Manage and update Threat Defense Operations Procedures as needed


Your role at Merck is integral to helping the world meet new breakthroughs that affect generations to come, and we’re counting on your skills and inventiveness to help make meaningful contributions to global medical advancement. At Merck, we’re inventing for life. 

If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to

Education Minimum Requirement: 


Required Experience and Skills: 

  • 3+ years of experience leading high-functioning teams
  • Expert knowledge of network monitoring and network exploitation techniques
  • Experience with common attack vectors, including advanced adversaries (nation state/financial motivation)
  • Knowledge around common web application attacks including SQL injection, cross-site scripting, invalid inputs and forceful browsing
  • Ability to demonstrate analytical expertise, close attention to detail, excellent critical thinking, logic, and solution orientation and to learn and adapt quickly
  • Ability to learn and operate in a dynamic environment
  • Knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
  • Strong written communication skills
  • Required certifications include, Security+, CEH, GCIA, GCIH, CISSP or similar
  • Experience working with cyber security tools and software such as Splunk, Symantec End Point, TrendMicro Antivirus, McAfee Web Gateway, Checkpoint Firewalls, Bluecoat, Sourcefire, Active Directory, or relevant cyber security assets
  • Min 3 years of experience in one or more of the following areas: proactive and reactive hunt techniques, zero-day exploit activities, malware identification
Preferred Experience and Skills:
  • Experience with scripting or programming, including Perl, Python, C, C++, C#, Java, Bash/Shell, or Batch is a plus
  • Experience working in a SOC environment
  • Experience managing or developing detection logic for enterprise SIEM systems
  • Experience with exploitation techniques and use case development
  • Experience with IOC datasets (e.g., YARA, OpenIOC
  • MA/MS in Engineering, Computer Science, Information Security, or Information Systems a Plus
Search Firm Representatives Please Read Carefully: 
Merck & Co., Inc. is not accepting unsolicited assistance from search firms for this employment opportunity.  Please, no phone calls or emails.  All resumes submitted by search firms to any employee at Merck via email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Merck.  No fee will be paid in the event the candidate is hired by Merck as a result of the referral or through other means.
Visa sponsorship is not available for this position.
For more information about personal rights under Equal Employment Opportunity, visit:
            EEOC Poster
            EEOC GINA Supplement


Job: Compliance & Risk Management
Other Locations:
Employee Status: Regular
Travel: Yes, 5 % of the Time
Number of Openings: 1
Shift (if applicable):
Hazardous Materials: No
Company Trade Name: Merck

Apply now »