Skip to main content

Cloud Security Engineer

Job Description

Our IT team operates as a business partner proposing ideas and innovative solutions that enable new organizational capabilities. We collaborate internationally to deliver the services and solutions that help everyone to be more productive and enable innovation.

Reporting directly to the Director of Cloud Security and Information Protection, IT Risk Management & Security, the Cloud Security Engineer is responsible for conducting software and systems engineering to develop new capabilities, ensuring Information Security is integrated across the cloud environments and corporate enterprise. Conducts comprehensive technology research to evaluate potential vulnerabilities in cloud provider systems. Establishes secure standards, architectures configurations, and best practices to enable our Company to accelerate its digital business initiatives.

.

The role serves as a

  • Technical leader on all cyber matters from best practices to cloud controls covering required security requirements
  • Partner with a team of peers in the Cloud COE, DevOps, and IT Risk Management & Security to ensure ongoing integration of Microsoft O365, Azure, AWS and other cloud platforms into the enterprise security framework

You will: 

  • Define requirements, best practices and enable the collaborative development of system/service architecture, design and engineering
  • Researches and analyzes the latest capabilities of specific Information Security (e.g. Cloud services, encryption, PKI etc.) and IT technologies (e.g. operating systems, containerization, networks, storage, etc.). Develops and maintains knowledge of the our Company’s implementation of these technologies.
  • Collaborate in the development of strategy, governance, and drive best practices for protecting company data
  • Provide technical assistance with design and development of cloud-native architectures that will allow business requirements to be met with a minimal degree of risk to the organization
  • Performing Cloud Security Assessments of Cloud platforms/environments using industry standard frameworks such as CSA, PCI, and NIST
  • Works with Engineering, infrastructure services, and application development organizations to choose appropriate technology solutions
  • Review cloud services and recommend appropriate requirements for secure implementation and monitoring
  • Participate in cross-functional Enterprise Architecture team to align cloud security architecture objectives with Enterprise Architecture
  • Produce architecture diagrams, blueprints and to bring solutions to reality with a DevSecOps mindset & culture.
  • Partner with platform and development teams to assess and close gaps in cloud security posture and data protection across the security disciplines
  • Have constructive, efficient interactions with non-technical stakeholders of all levels
  • Ensure compliance with all requirements applied to cloud services and technology.

Responsibilities:

  • Creates, publishes, and maintains Information Security baselines for specific technologies (e.g. operating systems, databases).
  • Performs investigative research, analysis and troubleshooting on complex security issues.
  • Performs tuning and enhancing of Information Security solutions and technologies recommended by senior team members.
  • Act as a consultant to the business to ensure new products are deployed securely
  • Assist with development of policies, standards and procedures in the cloud
  • Writes code/scripts/automation required to meet team objectives.
  • Designs and develops new tools/technologies as related to Cloud Security.
  • Serves as a resource to team members on escalated issues of an unusual nature.
  • Follows written risk and compliance policies and procedures for business activities.

Qualifications
 

Education Minimum Requirement:

  • Bachelor's degree in Computer Science, Engineering, Management of Information Systems Security, or equivalent professional experience

Required Experience and Skills: 

  • 4 or more years of related experience in Information Security, Cybersecurity/Engineering, or Information Technology to include accountability for complex tasks and/or projects.
  • 2 or more years of related experience in Firewalls, Web Proxies, Web Application Firewall, Intrusion Prevention Systems (IPS/IDS), Windows, Linux, Apple, Security Information and Event Management (SIEM), Security Services for one or more leading cloud providers (AWS, Azure, Google Cloud Platform)
  • Proficient level of business acumen in the areas of business operations, risk management, industry practices and emerging trends

Preferred Experience and Skills:

  • The ideal candidate will have extensive experience in cloud-based development and security management in IaaS, PaaS and SaaS environments.
  • Security Orchestration, Automation, and Response (SOAR) solutions
  • Strong technical skills, which includes experience with Linux and Windows operating systems, scripting languages like Python, and cloud provider ecosystems like Amazon AWS/Microsoft Azure.
  • Protection of both structured and unstructured data via the application of controls based on data classification
  • Experience in the technology and process of vulnerability and security configuration assessment and scanning
  • Experience researching emerging cyber threats to understand and present hacker methods and tactics, system vulnerabilities, and indicators of compromise
  • Familiarity with core security applications and systems to include firewall, networking infrastructure, and anti-malware
  • Experience in system administration scripting and automation
  • Experience in Patch management and application/system configuration
  • Experience in system administration applied to implementing security policies, standards, and procedures across multiple platforms and applications
  • Experience applying security principles, methodologies, and controls to new and emerging technology

Our Support Functions deliver services and makes recommendations about ways to enhance our workplace and the experience of working at our organization. Our Support Functions include HR, Finance, Information Technology, Legal, Procurement, Administration, Facilities and Security. 

Merck & Co., Inc., Kenilworth, New Jersey, USA is known as “Merck” in the United States, Canada & Puerto Rico. We are known as “MSD” in Europe, Middle East, Africa, Latin America & Asia Pacific. We are a global biopharmaceutical leader with a diverse portfolio of prescription medicines, oncology, vaccines and animal health products.

We are driven by our purpose to develop and deliver innovative products that save and improve lives. With 69,000 employees operating in more than 140 countries, we offer state of the art laboratories, plants and offices that are designed to Inspire our employees as we learn, develop and grow in our careers. We are proud of our 125 years of service to humanity and continue to be one of the world’s biggest investors in Research & Development.

What we look for …

In a world of rapid innovation, we seek brave Inventors who want to make an Impact in all aspects of our business, enabling breakthroughs that will affect generations to come. We encourage you to bring your disruptive thinking, collaborative spirit and diverse perspective to our organization. Together we will continue Inventing For Life, Impacting Lives while Inspiring Your Career Growth.

INVENT.

IMPACT.

INSPIRE.

NOTICE FOR INTERNAL APPLICANTS

In accordance with Managers' Policy - Job Posting and Employee Placement, all employees subject to this policy are required to have a minimum of twelve (12) months of service in current position prior to applying for open positions.

If you have been offered a separation benefits package but have not yet reached your separation date and are offered a position within the salary and geographical parameters as set forth in the Summary Plan Description (SPD) of your separation package, then you are no longer eligible for your separation benefits package. To discuss in more detail, please contact your HRBP or Talent Acquisition Advisor.

If you need an accommodation for the application process please email us at staffingaadar@merck.com

For more information about personal rights under Equal Employment Opportunity, visit:

EEOC Poster
EEOC GINA Supplement​
OFCCP EEO Supplement

OFCCP Pay Transparency Rule


We are an equal opportunity employer, Minority/Female/Disability/Veteran – proudly embracing diversity in all of its manifestations.

Search Firm Representatives Please Read Carefully 
Merck & Co., Inc., Kenilworth, NJ, USA, also known as Merck Sharp & Dohme Corp., Kenilworth, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company.  No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. 

Employee Status:

Regular

Relocation:

No relocation

VISA Sponsorship:

No

Travel Requirements:

10%

Flexible Work Arrangements:

Flex Time, Remote Work, Telecommuting

Shift:

1st - Day

Valid Driving License:

Yes

Hazardous Material(s):

Number of Openings:

2

Requisition ID:R34184

Cloud Security Engineer

Austin, TX
Full Time

Published on 01/31/2020