The Security Specialist – SDLC

Job Description

The Security Specialist – SDLC is responsible for embedding security controls, risk management, and compliance requirements across all phases of the System Development Life Cycle.

This role ensures that applications, systems, and integrations are designed, developed, tested, deployed, and maintained in alignment with corporate security standards, regulatory requirements, and industry best practices.

The position acts as a security partner to development, architecture, infrastructure, and product teams, enabling secure-by-design solutions without hindering delivery velocity. We are looking for a Qualys Security Engineer to join our global Security Operations (Platform Management) team. This role is an opportunity to drive enterprise-level vulnerability detection across a large-scale environment, shaping visibility, stability, and supporting the company’s vulnerability management program.

 

 Key Responsibilities:

• Define, implement, and continuously improve Secure SDLC standards, controls, and guardrails
• Ensure security requirements are integrated into: Requirements & design; Development & build; Testing & validation; Deployment & operations
• Maintain alignment with internal security policies, risk frameworks, and regulatory obligations
• Perform application and system security design reviews
• Third-party and open-source dependencies
• Review findings, assess risk severity
• Document risks and track remediation through the development lifecycle
• Provide security evidence, control mappings, and risk assessments
• Ensure SDLC activities comply with applicable regulations and internal standards
• Act as a trusted security advisor for operational and engineering teams
• Contribute to security awareness for technical teams

 

•  Required Skills & Experience:
• Strong understanding of Secure SDLC principles
• Knowledge of ITIL Framework
• Knowledge of AGILE Framework
• Experience with ITSM and project management tools (SNOW and JIRA)
• Understanding of basic information security principles
• Familiarity with risk assessment and mitigation frameworks
• Ability to translate security requirements into actionable guidance
• Strong communication and stakeholder management skills
• Ability to balance security risk with business and delivery needs
• Analytical mindset with strong documentation skills

 

 Education & Certifications (preferred):

• Bachelor’s degree in Computer Science, Information Security, or related field
• ITIL Foundation v4
• Jira/Service Now/Confluence related certifications
• Experience in large, regulated environments (pharma, finance, manufacturing)
• Exposure to Security Operations/SOC collaboration, threat intel workflows, or cloud-security initiatives

 

 What we offer:

• A hybrid work environment with flexibility
• Competitive salary and benefits package
• Opportunities for professional growth and further training
• A dynamic and supportive team environment, collaborating on the latest in security technologies.

Required Skills:

Availability Management, Change Controls, Incident Management, Infectious Disease, Information Security, Management System Development, Platform Management, Problem Management, Project Management, Quality Assurance (QA), Regulatory Requirements, Risk Management, Security Risk, Security Technologies, Service Delivery, SLA Management, Software Configurations, Software Development Life Cycle (SDLC), Software Project Management, Stakeholder Management, Systems Development Lifecycle (SDLC), Testing

Preferred Skills:

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully 
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company.  No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. 

Employee Status:

Regular

Relocation:

No relocation

VISA Sponsorship:

No

Travel Requirements:

No Travel Required

Flexible Work Arrangements:

Hybrid

Shift:

Not Indicated

Valid Driving License:

No

Hazardous Material(s):

n/a

Job Posting End Date:

04/30/2026

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.