Senior Application Security Engineer

| Greater NYC Area | Remote
Sorry, this job was removed at 1:27 p.m. (EST) on Thursday, February 3, 2022
Find out who's hiring in Greater NYC Area.
See all Cybersecurity + IT jobs in Greater NYC Area
Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

Job Description
Subject to applicable law, all prospective hires will be required to demonstrate that they have been fully vaccinated for COVID-19 or intend to be vaccinated for COVID-19 by November 1, 2021, or qualify for a medical or religious accommodation to this vaccination requirement. Hired candidates who are not vaccinated by November 1, 2021, and who have not been approved for a legally-required medical or religious accommodation will be subject to disciplinary action up to and including termination of employment, in accordance with applicable law.
Our IT team operates as a business partner proposing ideas and innovative solutions that enable new organizational capabilities. We collaborate internationally to deliver the services and solutions that help everyone to be more productive and enable innovation.
We are seeking motivated talent interested in solving problems to improve tomorrow by joining a new team focused on Application Security and Software Assurance.
You will:

  • Contribute to the success of firmwide application security program by working with application development stakeholders and cybersecurity engineers to implement software security controls effectively.
  • Develop secure code guidelines and provide remediation strategies.
  • Perform detail analysis of results found by application security tools in pre-prod and prod environments, help eliminate false positives, prioritize vulnerabilities, research, and propose remediation steps.
  • Create custom rules for scan engines such as Appscan Source, Fortify or Checkmarx.
  • Define and capture metrics to support security in the software development lifecycle.
  • Act as subject matter expert for application security and manage vulnerability remediation.
  • Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.
  • Work with developers and security engineers to continuously improve AppDev security services.
  • Assist with security and compliance projects on an ad-hoc basis.
  • Advocate for security requirements during all phases of the SDLC.


You will work and learn more about:

  • Integration of leading-edge cybersecurity initiatives with application development.
  • Working globally across our market and hub network.
  • How to define meaningful metrics that lead to a reduction in security flaws.
  • Understanding of our business in healthcare sector.


Education Minimum Requirement:
A Bachelor's Degree is required. Concentration in one of the following fields preferred.

  • Computer Science
  • Cybersecurity
  • Management/Computer Information Systems
  • Information Assurance


Required Experience and Skills:

  • 3+ years of hands-on software development experience with Java/.NET.
  • Expert level understanding of OWASP Top 10, SANS Top 25, SAFECode and other software security taxonomy, guidelines, and best practices.
  • Experience documenting and providing fixes to identified vulnerabilities at the code level (developer friendly).
  • Understanding of secure software development lifecycle process and accompanying technologies.
  • Knowledge of tools and processes used to expose common vulnerabilities and implement countermeasures is expected.
  • Excellent communication skills (written and verbal) and the ability to communicate with all levels of staff and management.
  • Ability to work both independently and perform as a leader in team environment.


Preferred Experience and Skills:

  • 5+ years of experience in software security and software security vulnerabilities.
  • Experience with penetration testing tools and technologies, application layer assessment tools, such as local proxies and fuzzers.
  • Experience with threat modeling and security design review methodologies.
  • Ability to perform targeted vulnerability research.
  • Proficiency in cloud and mobile security concepts.
  • Ongoing operations of software composition analysis and pen testing capabilities.
  • Experience with tools such as AppScan Source, Fortify, Veracode, Sonatype or Blackduck.
  • Experience with access management, cyber incidents, security products, and industry standards (e.g., NIST, ISO).
  • Relevant professional certification (e.g., CISSP, CCSLP).


Our Support Functions deliver services and make recommendations about ways to enhance our workplace and the culture of our organization. Our Support Functions include HR, Finance, Information Technology, Legal, Procurement, Administration, Facilities and Security.
Who we are ...
We are known as Merck & Co., Inc., Kenilworth, New Jersey, USA in the United States and Canada and MSD everywhere else. For more than a century, we have been inventing for life, bringing forward medicines and vaccines for many of the world's most challenging diseases. Today, our company continues to be at the forefront of research to deliver innovative health solutions and advance the prevention and treatment of diseases that threaten people and animals around the world.
What we look for ...
Imagine getting up in the morning for a job as important as helping to save and improve lives around the world. Here, you have that opportunity. You can put your empathy, creativity, digital mastery, or scientific genius to work in collaboration with a diverse group of colleagues who pursue and bring hope to countless people who are battling some of the most challenging diseases of our time. Our team is constantly evolving, so if you are among the intellectually curious, join us-and start making your impact today.
NOTICE FOR INTERNAL APPLICANTS
In accordance with Managers' Policy - Job Posting and Employee Placement, all employees subject to this policy are required to have a minimum of twelve (12) months of service in current position prior to applying for open positions.
If you have been offered a separation benefits package, but have not yet reached your separation date and are offered a position within the salary and geographical parameters as set forth in the Summary Plan Description (SPD) of your separation package, then you are no longer eligible for your separation benefits package. To discuss in more detail, please contact your HRBP or Talent Acquisition Advisor.
Current Employees apply HERE
Current Contingent Workers apply HERE
US and Puerto Rico Residents Only:
Our company is committed to inclusion, ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here if you need an accommodation during the application or hiring process.
For more information about personal rights under Equal Employment Opportunity, visit:
EEOC Poster
EEOC GINA Supplement
OFCCP EEO Supplement
Pay Transparency Nondiscrimination
We are proud to be a company that embraces the value of bringing diverse, talented, and committed people together. The fastest way to breakthrough innovation is when diverse ideas come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another's thinking and approach problems collectively. We are an equal opportunity employer, committed to fostering an inclusive and diverse workplace.
Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Kenilworth, NJ, USA, also known as Merck Sharp & Dohme Corp., Kenilworth, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.
Employee Status:
Regular
Relocation:
No relocation
VISA Sponsorship:
No
Travel Requirements:
10%
Flexible Work Arrangements:
Remote Work
Shift:
Valid Driving License:
Hazardous Material(s):
Number of Openings:
1

Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

Technology we use

  • Engineering
    • C#Languages
    • C++Languages
    • GolangLanguages
    • JavaLanguages
    • JavascriptLanguages
    • KotlinLanguages
    • PerlLanguages
    • PHPLanguages
    • PythonLanguages
    • RLanguages
    • RubyLanguages
    • ScalaLanguages
    • SqlLanguages
    • SwiftLanguages
    • TypeScriptLanguages
    • D3JSLibraries
    • FluxLibraries
    • jQueryLibraries
    • jQuery UILibraries
    • ModemizrLibraries
    • ParseLibraries
    • ReactLibraries
    • ReduxLibraries
    • Twitter BootstrapLibraries
    • ZeptoLibraries
    • ASP.NETFrameworks
    • Backbone.jsFrameworks
    • CaffeFrameworks
    • CakePHPFrameworks
    • CircleCIFrameworks
    • CodeIgniterFrameworks
    • DjangoFrameworks
    • Ember.jsFrameworks
    • ExpressFrameworks
    • FlaskFrameworks
    • FlexFrameworks
    • HadoopFrameworks
    • JestFrameworks
    • JSFFrameworks
    • JupyterFrameworks
    • LaravelFrameworks
    • MeteorFrameworks
    • Node.jsFrameworks
    • PlayFrameworks
    • PlaywrightFrameworks
    • Ruby on RailsFrameworks
    • Sails.jsFrameworks
    • SparkFrameworks
    • SpringFrameworks
    • SymfonyFrameworks
    • TensorFlowFrameworks
    • TheanoFrameworks
    • TorchFrameworks
    • Vue.jsFrameworks
    • ZendFrameworks
    • AccessDatabases
    • CassandraDatabases
    • DB2Databases
    • FileMakerDatabases
    • HBaseDatabases
    • HiveDatabases
    • InformixDatabases
    • MariaDBDatabases
    • MemcachedDatabases
    • Microsoft SQL ServerDatabases
    • MongoDBDatabases
    • MySQLDatabases
    • Neo4jDatabases
    • OracleDatabases
    • PostgreSQLDatabases
    • RedisDatabases
    • SAP HANADatabases
    • SnowflakeDatabases
    • SQLiteDatabases
    • TeradataDatabases

Location

Merck is headquartered in Rahway, NJ, and has 266 office locations across 76 countries.

What are Merck Perks + Benefits

Merck Benefits Overview

Our commitment to you
We promise a Merck experience based on
a foundation of…
Culture
We are committed to fostering an environment where all colleagues
feel welcomed, respected and valued.
Responsibility
We are committed to tackling the world’s biggest health challenges by
discovering better ways to make a difference in everything we do.
Career development
We are committed to encouraging professional career development that
aligns to our business strategy.
Rewards
We are committed to offering plans, programs and resources that provide
you and your family what you need, when you need it

Culture
Volunteer in local community
Partners with nonprofits
Open door policy
OKR operational model
Team based strategic planning
Open office floor plan
Flexible work schedule
Remote work program
Diversity
Dedicated diversity and inclusion staff
Diversity employee resource groups
Hiring practices that promote diversity
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability insurance
Dental insurance
Vision insurance
Health insurance
Life insurance
Pet insurance
Wellness programs
Mental health benefits
Financial & Retirement
401(K)
Performance bonus
Charitable contribution matching
Child Care & Parental Leave Benefits
Childcare benefits
Generous parental leave
Family medical leave
Adoption Assistance
Company sponsored family events
Vacation & Time Off Benefits
Generous PTO
Paid volunteer time
Paid holidays
Paid sick days
Office Perks
Relocation assistance
Fitness stipend
Onsite gym
Professional Development Benefits
Job training & conferences
Tuition reimbursement
Promote from within
Mentorship program
Continuing education available during work hours
Online course subscriptions available

More Jobs at Merck

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about MerckFind similar jobs like this