OT Cyber Security Lead

Job Description

Our IT team operates as a business partner proposing ideas and innovative solutions that enable new organizational capabilities. We collaborate internationally to deliver the services and solutions that help everyone to be more productive and enable innovation.

The OT Cyber Security Lead will lead a small team of cyber security professionals while sharing experience to multiple Cyber Security domains such as security event monitoring, threat intelligence, threat hunting, governance, metrics and others.The OT Cyber Security Lead will focus on leading and maturing the OT Security focus within the manufacturing security operations across the company. The successful candidate has a working knowledge of IT cyber security, experience with SIEM solution, an Incident Response process, and is aware of latest threats within industry. The ideal candidate possesses an interest in becoming an industry expert in OT security. The role leverages technical knowledge in multiple disciplines within Infrastructure and Information Security such as assessing threats, hunting and Incident Response. The applicant will be responsible for researching potential impact to the organization, and communicating the risks. The OT Cyber Security Analyst will closely cooperate with various Cyber Fusion Center teams and operational staff on a manufacturing site as examples.

Key Responsibilities:
  • On point with Engineering teams to provide requirements and to assist in the implementation new OT Cyber Security technologies.
  • Provide regular risk briefings to senior management on the findings and develop remediation approaches.
  • Analyze threat intelligence and spread findings to relevant groups.
  • Leadership and process improvement in OT security incident response through all phases.
  • Act as Subject Matter Expert (SME) on OT cyber security related issues.
  • Recommend necessary corrective and preventive actions to reduce the risk.
  • Leadership and process improvements around conducting hunts for Indicators of Compromise (IOC) and APT Tactics, Techniques, and Procedures (TTP).
  • Provide clear and repeatable hunt tactics and techniques to Threat Defense Operation (TDO) team.
  • Performs operational excellence through continuous improvement and automation.
  • Serves as the escalation point for security issues related to OT Cyber Security.
  • Assists in the development and knowledge transfer to CFC team members, as well as other enterprise groups.
  • Establish strong working relationships with manufacturing sites and related personnel to drive recommendations to improve the Cybersecurity posture.

Education Minimum Requirement:
  • A Bachelor's degree in Computer Science, Information Systems or other related field and experience, preferably in a pharmaceutical, biotechnology or other regulated environment OR equivalent experience and/or education.

Required Experience and Skills:
  • At 5-7 years of IT experience, the majority of time spent in the cyber security discipline.
  • Experience related to security technologies such as firewall logs, IDS/IPS, endpoint security solutions, proxies and other related security technologies.
  • Experience related to working in security operations environments, experience with key security operations technologies such as SIEM and log aggregation (e.g., ArcSight, Splunk ES, IBM QRadar etc.).
  • Excellent written and oral communication skills​.
  • Experience with collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources.
  • Experience with cyber, security engineering, security operations, computer network operations, information operations, information warfare, or topical cyber.
  • Demonstrated analytic expertise - to include ability to think critically and logically in a dynamic, high-pressure, fast-paced environment.
  • Experience related to Incident Response (IR), Cyber Threat Intelligence (CTI) and Threat Defense Operation (TDO) functions.
  • Understanding of the NIST Incident Response framework.

Preferred Experience and Skills:
  • Demonstrated experience leading teams.
  • In depth understanding of operating systems, network/system architecture, and IT architecture design.
  • Experience with operational technologies such as Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition (SCADA) software, and Distributed Control Systems (DCS).
  • Understanding of IT and OT network communication protocols (including TCP/IP, UDP, DNP3, Modbus, OPC) and ability to perform packet analysis.
  • Understanding of threats, vulnerabilities, and exploits in ICS environments and appropriate mitigation techniques.
  • Experience with at least one OT Cyber Security Solution (eg. Dragos, Claroty, Nozomi, Indegy, etc.).
  • Exposure and knowledge with Digital Forensics.
  • Exposure and Knowledge with IOT devices and associated architecture.
  • Experience creating Indicators of Compromise from technical sources and/or experience with Snort, YARA, or other detection technologies.
  • Security certifications (e.g. GICSP,GRID, GCIP, Security+, GCIA, GCIH, OSCP, CEH, etc.).

Our Support Functions deliver services and make recommendations about ways to enhance our workplace and the culture of our organization. Our Support Functions include HR, Finance, Information Technology, Legal, Procurement, Administration, Facilities and Security.

Who we are ...

We are known as Merck & Co., Inc., Kenilworth, New Jersey, USA in the United States and Canada and MSD everywhere else. For more than a century, we have been inventing for life, bringing forward medicines and vaccines for many of the world's most challenging diseases. Today, our company continues to be at the forefront of research to deliver innovative health solutions and advance the prevention and treatment of diseases that threaten people and animals around the world.

What we look for ...

Imagine getting up in the morning for a job as important as helping to save and improve lives around the world. Here, you have that opportunity. You can put your empathy, creativity, digital mastery, or scientific genius to work in collaboration with a diverse group of colleagues who pursue and bring hope to countless people who are battling some of the most challenging diseases of our time. Our team is constantly evolving, so if you are among the intellectually curious, join us—and start making your impact today.


In accordance with Managers' Policy - Job Posting and Employee Placement, all employees subject to this policy are required to have a minimum of twelve (12) months of service in current position prior to applying for open positions.

If you have been offered a separation benefits package, but have not yet reached your separation date and are offered a position within the salary and geographical parameters as set forth in the Summary Plan Description (SPD) of your separation package, then you are no longer eligible for your separation benefits package. To discuss in more detail, please contact your HRBP or Talent Acquisition Advisor.

Current Employees apply HERE

Current Contingent Workers apply HERE

US and Puerto Rico Residents Only:

Our company is committed to inclusion, ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here if you need an accommodation during the application or hiring process.

For more information about personal rights under Equal Employment Opportunity, visit:

EEOC Poster

EEOC GINA Supplement​

OFCCP EEO Supplement

Pay Transparency Nondiscrimination

We are proud to be a company that embraces the value of bringing diverse, talented, and committed people together. The fastest way to breakthrough innovation is when diverse ideas come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another's thinking and approach problems collectively. We are an equal opportunity employer, committed to fostering an inclusive and diverse workplace.

Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Kenilworth, NJ, USA, also known as Merck Sharp & Dohme Corp., Kenilworth, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

Employee Status:

No relocation

VISA Sponsorship:

Travel Requirements:

Flexible Work Arrangements:


Valid Driving License:

Hazardous Material(s):

Number of Openings:

Requisition ID:R136453