Job Description

We are seeking a Cyber Defense Analytics Senior Specialist with deep expertise in Security Orchestration, Automation, and Response (SOAR) and SIEM engineering. This role is pivotal in designing, developing, and advancing automation capabilities within our Microsoft Sentinel ecosystem. The ideal candidate will drive operational efficiency, optimize security incident response, and help mature our SOAR capabilities through engineering excellence.

Key Responsibilities

• Design and Implementation: Lead the design, implementation, and enhancement of Microsoft Sentinel SOAR workflows using Azure Logic Apps, Power Automate, and custom APIs.

• Subject Matter Expert: Serve as the SOAR engineering subject matter expert, collaborating with SIEM developers and threat detection analysts to deliver scalable, reliable, and context-rich automation solutions.

• Tool Development: Develop tools and frameworks to improve the creation, testing, and deployment of automated playbooks and security response pipelines.

• Cross-Functional Collaboration: Partner with cross-functional teams to gather use case requirements and integrate them into automation design, ensuring alignment with enterprise risk management priorities.

• Technical Integration: Oversee the technical integration of log sources and data enrichment tools critical to automation and alert triage processes.

• Backlog Management: Maintain the backlog and roadmap for SOAR use cases and automation capabilities; ensure continuous improvement through retrospectives and stakeholder feedback.

• Workflow Maintenance: Ensure robustness and maintainability of automated workflows by applying DevSecOps principles, version control, and automated testing.

• Performance Monitoring: Monitor and optimize SOAR solution performance metrics, including mean time to respond (MTTR), automation success rate, and system reliability.

• Mentorship: Mentor and coach junior engineers and analysts on SOAR capabilities, coding practices, and Sentinel fundamentals to increase team-wide technical maturity.

• Compliance Assurance: Ensure compliance with security governance, SDLC policies, and regulatory standards such as GDPR, PCI, and internal audit frameworks.

Qualifications & Experience

• Experience: Minimum 3 years of experience in cybersecurity operations, with a strong focus on SOAR development and engineering.

• Technical Expertise: In-depth experience with Microsoft Sentinel and Azure-based SOAR features.

• Programming Skills: Proficient in Azure Logic Apps, PowerShell, and Python, particularly for developing automation scripts and REST API integrations.

• Data Management: Strong knowledge of Azure Data Explorer (ADX) and familiarity with ETL processes for enrichment and correlation.

• Integration Skills: Experience integrating third-party platforms via APIs for enhanced automation (e.g., ServiceNow, Microsoft Defender, Cribl).

• Agile Methodologies: Solid understanding of Agile development methodologies, Jira usage, and DevSecOps pipelines.

• Problem-Solving: Strong problem-solving skills, with the ability to independently analyze complex security issues and design effective automated responses.

• Regulatory Knowledge: Familiarity with data privacy, compliance, and regulatory requirements (PCI, GDPR, HIPAA, etc.).

Preferred Certifications

• Microsoft Certified: Security Operations Analyst Associate (Sentinel).

• CISSP, CISM, or equivalent certifications.

• Microsoft Azure Fundamentals or Security Engineer Associate.

Why Join Us?

• Innovative Environment: Be part of a forward-thinking team that values creativity and innovation in cybersecurity.

• Professional Growth: Opportunities for continuous learning and professional development.

• Impactful Work: Contribute to enhancing our security posture and protecting critical assets.

Application Process

If you are passionate about cybersecurity and meet the qualifications outlined above, we invite you to apply. Please submit your resume and a cover letter detailing your relevant experience and why you would be a great fit for our team.

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

Employee Status:

Regular

Relocation:

Domestic

VISA Sponsorship:

No

Travel Requirements:

25%

Flexible Work Arrangements:

Hybrid

Shift:

Not Indicated

Valid Driving License:

No

Hazardous Material(s):

n/a

Required Skills:

Agile Application Development, Agile Methodology, Automation Solutions, Azure Logic Apps, Coding Practices, Computer Science, Cyber Defense, Cybersecurity, Data Privacy, Design Applications, Information Security, Internal Auditing, Management Process, Microsoft Azure Administration, Security Compliance, Security Governance, Security Operations, SLA Management, Software Development, Software Development Life Cycle (SDLC), System Designs, Technical Advice, Threat Detection, Vulnerability Scanning

Preferred Skills:

Job Posting End Date:

06/10/2025

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.