Director, Cybersecurity Engineering

MerckPhiladelphia, PA
$156,900 - $247,000Hybrid

About The Position

The Commercial Technologies Operational Security Lead is a Director role responsible for ensuring the security, resilience, and operational integrity of customer‑facing technology solutions, including software, platforms, and integrated hardware offerings. This role provides hands‑on leadership and subject matter expertise across vulnerability research, security engineering, product security, and operational assurance for technologies delivered to external customers. The individual will partner closely with product, engineering, cloud, and commercial technology teams to ensure security controls are designed, implemented, validated, and continuously improved throughout the product lifecycle. This role plays a critical part in enabling secure innovation, protecting customer trust, and ensuring solutions meet regulatory, contractual, and risk expectations in a highly regulated environment.

Requirements

  • Bachelor’s degree in Computer Science, Engineering, Information Security, or a related field.
  • Strong experience in vulnerability research, vulnerability management operations, and remediation validation.
  • Hands‑on experience with security engineering and product security for software‑based and integrated hardware solutions.
  • Solid understanding of security architecture principles for cloud, virtualized, containerized, and hybrid environments.
  • Experience securing APIs, web applications, SaaS platforms, and distributed systems.
  • Familiarity with DevSecOps practices, CI/CD pipelines, and security automation tooling.
  • Working knowledge of cryptography, identity and access management, and secure communications.
  • Experience supporting customer‑facing technologies where security, availability, and trust are business‑critical.
  • Ability to assess operational risk and translate findings into actionable remediation plans.
  • Experience supporting audits, customer security reviews, and regulatory expectations.
  • 10+ years of experience in cybersecurity, product security, security engineering, or related technical disciplines.
  • Demonstrated ability to operate as a leader, influencing outcomes through expertise rather than formal authority.
  • Proven ability to work effectively across engineering, product, cloud, and business teams.
  • Strong communication skills with the ability to explain complex security concepts to technical and non‑technical stakeholders.
  • Ability to balance security rigor with business enablement and product delivery timelines.

Nice To Haves

  • Advanced degree or relevant security certifications preferred.
  • CISSP, CSSLP, GWAPT, OSCP, or equivalent security certifications.
  • Familiarity with NIST, ISO 27001, OWASP, and secure development lifecycle (SDLC) frameworks.
  • Experience with major cloud platforms (AWS, Azure, GCP) and infrastructure‑as‑code tooling.
  • Experience leveraging automation to scale security controls and operational assurance.

Responsibilities

  • Provide security oversight and operational assurance for customer‑facing software and hardware technology solutions across development, deployment, and runtime operations.
  • Define, assess, and validate security controls for commercial technology platforms, ensuring alignment with enterprise security standards, regulatory requirements, and customer expectations.
  • Lead vulnerability research, analysis, and operational response across applications, platforms, infrastructure, and embedded technologies.
  • Partner with engineering and product teams to integrate security into architecture, design, and development processes using secure‑by‑design and shift‑left principles.
  • Support product security activities including threat modeling, secure design reviews, penetration testing coordination, and remediation validation.
  • Provide security architecture guidance for virtualized, cloud‑native, hybrid, and containerized environments supporting customer solutions.
  • Oversee vulnerability management operations for commercial technologies, including scanning, prioritization, remediation tracking, and risk acceptance.
  • Collaborate with DevSecOps teams to drive automation of security testing, control validation, and continuous monitoring.
  • Ensure security requirements are embedded into CI/CD pipelines and product release processes.
  • Act as a key liaison between commercial technology teams, enterprise security, risk management, and compliance functions.
  • Support customer assurance activities, including security questionnaires, audits, attestations, and incident response coordination.
  • Contribute to incident response and root cause analysis for security events impacting customer‑facing technologies.
  • Identify gaps, emerging risks, and improvement opportunities across product and operational security capabilities.
  • Promote security best practices, standards, and operational maturity across commercial technology portfolios.

Benefits

  • medical, dental, vision healthcare and other insurance benefits (for employee and family)
  • retirement benefits, including 401(k)
  • paid holidays, vacation, and compassionate and sick days
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service