Redteam / Pentesting / Cyber Analyst
Branchburg, New Jersey, United States of America
Our IT team operates as a business partner proposing ideas and innovative solutions that enable new organizational capabilities. We collaborate internationally to deliver the services and solutions that help everyone to be more productive and enable innovation.
This position is responsible to plan and execute penetration / redteam tasks. This includes maintaining an arsenal of tools, maintenance of testing platforms as well as strong collaboration with those teams that have to address the remediation. They will operate with limited direct oversight and remote supervision and must be capable of adhering to strict rules of engagement and ethical cyber operational behavior. The Analyst may be required to assist drafting key stakeholder reports and or presenting status information to a technical and non-technical audience.
- Plan and execute Red Team and Purple Team operations with the latest red teaming methods and activities, including Cyber security, business continuity management, 3rd party vendors, physical security, and personnel security
- Provide Cyber security technical testing services, including network or application penetration test and vulnerability assessment through in-depth technical analysis and exploitation of vulnerabilities.
- Provide regular risk briefings on the findings from red team operations and develop remediation approaches and recommendations to improve the posture
- The position may require occasional travel to other countries.
Education Minimum Requirement:
- BA or BS degree in IT, Information Security, Computer Engineering, EE, or Electronic Engineering or 5 years of experience in information security
Required Experience and Skills:
- 2-4 years of experience in Cyber security and performing Redteam / Purpleteam operations
- Experience with analyzing and incorporating log information with other relevant data sources and integrating computer network attack analyses with threat intelligence data sources
- Knowledge of the latest Cyber security tools and vulnerabilities
- Ability to automate through the development and deployment of custom scripts, shellcode, and applications
- Ability to emulate the latest tactics, techniques, and procedures learnt from adversarial activities to the engagement
- Ability to circumvent incident detection and response processes when conducting red team operations
- Good written and oral communication skills
Preferred Experience and Skills:
- Security certifications (e.g. Security+, GCIA, GCIH, CISSP, CEH, etc.)
- OSCP or CREST Certification, Familiar with KALI, Metasploit, Cobalt Strike
- Experience with emerging computer or online technologies, online social behaviors, and Internet slang
- Experience with applying Cyber threat intelligence research and analysis to incident analysis
- Knowledge of network security technologies, log formats, SIEM technologies, and security operations
- Knowledge of malware assembly and obfuscation techniques
Our Support Functions deliver services and makes recommendations about ways to enhance our workplace and the experience of working at our organization. Our Support Functions include HR, Finance, Information Technology, Legal, Procurement, Administration, Facilities and Security.
Merck & Co., Inc., Kenilworth, New Jersey, USA is known as “Merck” in the United States, Canada & Puerto Rico. We are known as “MSD” in Europe, Middle East, Africa, Latin America & Asia Pacific. We are a global biopharmaceutical leader with a diverse portfolio of prescription medicines, oncology, vaccines and animal health products.
We are driven by our purpose to develop and deliver innovative products that save and improve lives. With 69,000 employees operating in more than 140 countries, we offer state of the art laboratories, plants and offices that are designed to Inspire our employees as we learn, develop and grow in our careers. We are proud of our 125 years of service to humanity and continue to be one of the world’s biggest investors in Research & Development.
What we look for …
In a world of rapid innovation, we seek brave Inventors who want to make an Impact in all aspects of our business, enabling breakthroughs that will affect generations to come. We encourage you to bring your disruptive thinking, collaborative spirit and diverse perspective to our organization. Together we will continue Inventing For Life, Impacting Lives while Inspiring Your Career Growth.
NOTICE FOR INTERNAL APPLICANTS
In accordance with Managers’ Policy – Job Posting and Employee Placement, all employees subject to this policy are required to have a minimum of twelve (12) months of service in current position prior to applying for open positions.
If you have been offered a separation benefits package but have not yet reached your separation date and are offered a position within the salary and geographical parameters as set forth in the Summary Plan Description (SPD) of your separation package, then you are no longer eligible for your separation benefits package. To discuss in more detail, please contact your HRBP or Talent Acquisition Advisor.
US and Puerto Rico Residents Only
If you need an accommodation for the application process please email us at firstname.lastname@example.org
For more information about personal rights under Equal Employment Opportunity, visit:
We are an equal opportunity employer, Minority/Female/Disability/Veteran – proudly embracing diversity in all of its manifestations.
Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Kenilworth, NJ, USA, also known as Merck Sharp & Dohme Corp., Kenilworth, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.
Employee Status: Regular
Flexible Work Arrangements:Flex Time
Valid Driving License:No
Number of Openings: 1
Do You Need Additional Cyber Security Training?
Try these online classes:
- IBM Data Science Professional Certificate by IBM
- Java Programming and Software Engineering Fundamentals Duke University
- Cloud Computing by University of Illinois
- Data Mining by University of Illinois
- Applied Data Science with Python by University of Michigan
- Data in Database by Arizona State University
- Excel Skills for Business by Macquarie University
- Financial Management by University of Illinois
- Financial Reporting by University of Illinois