Merck
Associate Director, Cybersecurity Operations
Base pay range: $139,600.00/yr - $219,700.00/yr The ideal candidate is an experienced incident response analyst with extensive detection development experience across enterprise technologies. Responsibilities include designing, developing and enhancing threat detection capabilities across detection platforms, providing incident response during critical incidents, and mentoring junior analysts. The primary focus is creating and optimizing threat detection use cases, leveraging advanced tools and techniques to identify and mitigate cyber threats in real time. This role collaborates with cross-functional teams to ensure threat detection solutions align with the organization’s security strategy. This position may consider remote work approval for the right candidate.
Design and implement advanced detection architectures across the security landscape, utilizing SIEM, EDR, XDR and cloud security platforms.
Lead development and refinement of complex, high-fidelity detection use cases, custom correlation rules, and detection models tailored to the organization’s risk profile and threat landscape.
Continuously enhance and optimize detection techniques, reducing alert fatigue and improving detection accuracy.
Identify and develop improvement initiatives within the Detection and Response team, implementing best practices and optimizing processes to enhance security capabilities.
Lead investigations into critical incidents, coordinate containment and eradication activities, and ensure recovery aligns with NIST incident response framework principles.
Leverage SOAR platforms to automate triage, enrichment, and response workflows for improved Incident Response efficiency.
Utilize AI-based tools to enhance investigation speed, threat hunting, and reporting accuracy.
Leverage MDR capabilities to enhance detection and response workflows and streamline investigation prioritization.
Use endpoint protection and diagnostic tools (e.g., Microsoft Defender for Endpoint and CrowdStrike) to conduct forensic analysis and validate root causes.
Partner with internal stakeholders, leadership, and external partners to provide situational awareness and actionable recommendations.
Support junior analysts through coaching, technical guidance, and knowledge sharing to build overall Incident Response capability and mature the threat detection posture.
Core Competencies
Expert understanding of attack lifecycles, network telemetry, endpoint data, and adversarial tactics mapped to MITRE ATT&CK.
Proven ability to lead the full incident lifecycle, following NIST best practices from identification through post-incident recovery.
Design and optimize automated response workflows in SOAR tools to reduce response time and analyst fatigue.
Comfortable integrating AI and machine learning tools into investigative processes to improve detection accuracy and reduce false positives.
Understand the business impact of identified threats and align response actions to minimize operational risk.
Proactively evaluate emerging technologies and integrate them into Incident Response operations.
Technical Knowledge & Skills
Experience with SIEM platforms such as Microsoft Sentinel for event correlation and detection engineering.
Strong knowledge of SOAR technologies for orchestration and response automation.
Familiarity with EDR tools such as MDE, CrowdStrike and Sysinternals.
Working knowledge of AI-powered analysis and automation tools including Agentic AI and Co-pilot.
Understanding of cybersecurity frameworks and standards: NIST IR, MITRE ATT&CK, ISO 27001.
Experience with scripting languages including Python and PowerShell.
Strong knowledge of Windows Active Directory and cloud computing architectures.
Experience conducting forensic analysis, log correlation, and root cause investigations.
Strong communication skills to convey findings to technical and non-technical audiences.
Minimum Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience).
5+ years of experience in IR operations, intrusion detection, or incident response.
Experience developing detection rules, playbooks, and automation workflows.
Demonstrated experience leading complex investigations and coordinating cross-functional response efforts.
Preferred Qualifications
Advanced certifications: GIAC (GCIH, GCFA, etc.).
5+ years of experience in Detection Engineering roles for large organizations.
Hands-on experience with cloud-native security tooling and hybrid SOC environments.
Leadership Expectations
Collaborate across teams; foster an environment where associates thrive and perform well.
Model ethical conduct, transparency, and accountability; ensure compliance with cybersecurity and data privacy standards.
Demonstrate curiosity, adaptability, and a growth mindset; encourage innovation and continuous improvement across IR operations.
Notes: This posting includes references to company-specific policies, hybrid work model, and benefits information. Equal Employment Opportunity statements and legal disclosures are maintained as required.
#J-18808-Ljbffr
Base pay range: $139,600.00/yr - $219,700.00/yr The ideal candidate is an experienced incident response analyst with extensive detection development experience across enterprise technologies. Responsibilities include designing, developing and enhancing threat detection capabilities across detection platforms, providing incident response during critical incidents, and mentoring junior analysts. The primary focus is creating and optimizing threat detection use cases, leveraging advanced tools and techniques to identify and mitigate cyber threats in real time. This role collaborates with cross-functional teams to ensure threat detection solutions align with the organization’s security strategy. This position may consider remote work approval for the right candidate.
Design and implement advanced detection architectures across the security landscape, utilizing SIEM, EDR, XDR and cloud security platforms.
Lead development and refinement of complex, high-fidelity detection use cases, custom correlation rules, and detection models tailored to the organization’s risk profile and threat landscape.
Continuously enhance and optimize detection techniques, reducing alert fatigue and improving detection accuracy.
Identify and develop improvement initiatives within the Detection and Response team, implementing best practices and optimizing processes to enhance security capabilities.
Lead investigations into critical incidents, coordinate containment and eradication activities, and ensure recovery aligns with NIST incident response framework principles.
Leverage SOAR platforms to automate triage, enrichment, and response workflows for improved Incident Response efficiency.
Utilize AI-based tools to enhance investigation speed, threat hunting, and reporting accuracy.
Leverage MDR capabilities to enhance detection and response workflows and streamline investigation prioritization.
Use endpoint protection and diagnostic tools (e.g., Microsoft Defender for Endpoint and CrowdStrike) to conduct forensic analysis and validate root causes.
Partner with internal stakeholders, leadership, and external partners to provide situational awareness and actionable recommendations.
Support junior analysts through coaching, technical guidance, and knowledge sharing to build overall Incident Response capability and mature the threat detection posture.
Core Competencies
Expert understanding of attack lifecycles, network telemetry, endpoint data, and adversarial tactics mapped to MITRE ATT&CK.
Proven ability to lead the full incident lifecycle, following NIST best practices from identification through post-incident recovery.
Design and optimize automated response workflows in SOAR tools to reduce response time and analyst fatigue.
Comfortable integrating AI and machine learning tools into investigative processes to improve detection accuracy and reduce false positives.
Understand the business impact of identified threats and align response actions to minimize operational risk.
Proactively evaluate emerging technologies and integrate them into Incident Response operations.
Technical Knowledge & Skills
Experience with SIEM platforms such as Microsoft Sentinel for event correlation and detection engineering.
Strong knowledge of SOAR technologies for orchestration and response automation.
Familiarity with EDR tools such as MDE, CrowdStrike and Sysinternals.
Working knowledge of AI-powered analysis and automation tools including Agentic AI and Co-pilot.
Understanding of cybersecurity frameworks and standards: NIST IR, MITRE ATT&CK, ISO 27001.
Experience with scripting languages including Python and PowerShell.
Strong knowledge of Windows Active Directory and cloud computing architectures.
Experience conducting forensic analysis, log correlation, and root cause investigations.
Strong communication skills to convey findings to technical and non-technical audiences.
Minimum Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience).
5+ years of experience in IR operations, intrusion detection, or incident response.
Experience developing detection rules, playbooks, and automation workflows.
Demonstrated experience leading complex investigations and coordinating cross-functional response efforts.
Preferred Qualifications
Advanced certifications: GIAC (GCIH, GCFA, etc.).
5+ years of experience in Detection Engineering roles for large organizations.
Hands-on experience with cloud-native security tooling and hybrid SOC environments.
Leadership Expectations
Collaborate across teams; foster an environment where associates thrive and perform well.
Model ethical conduct, transparency, and accountability; ensure compliance with cybersecurity and data privacy standards.
Demonstrate curiosity, adaptability, and a growth mindset; encourage innovation and continuous improvement across IR operations.
Notes: This posting includes references to company-specific policies, hybrid work model, and benefits information. Equal Employment Opportunity statements and legal disclosures are maintained as required.
#J-18808-Ljbffr