Job Description

The Cyber Defense AI & Automation team are seeking a Cybersecurity AI Engineer to design and implement AI-driven automation that transforms how we defend the enterprise. This role focuses on building security-aware AI agents and automated workflows that integrate across cloud, identity, endpoint, and network security platforms. You will use Azure Data Explorer (ADX) as the central telemetry layer to power AI reasoning and safe, autonomous security outcomes.

You will partner closely with data scientists, platform engineers, and automation developers to convert raw telemetry into decision-ready insights, and to engineer scalable, explainable AI systems with enforcement guardrails.

Responsibilities

• Design and deploy AI agents in Azure AI Foundry and Copilot Studio, backed by ADX telemetry.
• Build and operationalize security automations using Logic Apps, APIs, and cloud-native integrations.
• Translate ADX telemetry into enriched case packages that drive AI reasoning and decision-making.
• Develop analyst-facing experiences (Teams cards, Copilot interactions) with confidence scoring and clear rationale.
• Integrate AI-driven outputs with security control platforms for automated enforcement across cloud, identity, endpoint, and network.
• Implement guardrails including kill switches, dry-run modes, and time-limited actions.
• Ensure observability with audit logs, dashboards, and feedback loops.
• Collaborate across cybersecurity domains to embed AI and automation into enterprise defense.

Qualifications

Required

• Bachelor’s degree in Computer Science, Cybersecurity, Engineering, or a related field.
• 5+ years in cybersecurity engineering, automation, or applied AI.
• Proficiency with KQL and hands-on experience working with ADX telemetry.
• Experience building automations with Logic Apps, APIs, and JSON pipelines.
• Strong understanding of enterprise security domains (endpoint, identity, cloud, network).
• Ability to explain AI-driven recommendations to both technical and non-technical audiences.

Preferred

• Experience with Azure AI Foundry / AI Studio and Copilot Studio.
• Familiarity with APIs from security control platforms.
• Exposure to threat intelligence integration and enrichment pipelines.
• Knowledge of explainable AI (XAI) in security contexts.
• Background in SOAR-style workflows.

What Success Looks Like

• Delivery of scalable, production-ready AI agents and automations powered by ADX.
• Demonstrated reduction in manual analyst workload and security noise.
• Established reusable frameworks for AI and automation across multiple domains.
• Trusted AI outcomes that improve both analyst experience and enterprise defense posture.

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

Employee Status:

Regular

Relocation:

No relocation

VISA Sponsorship:

No

Travel Requirements:

No Travel Required

Flexible Work Arrangements:

Hybrid

Shift:

Not Indicated

Valid Driving License:

No

Hazardous Material(s):

n/a

Required Skills:

Certificate Services, Cloud Security, Cybersecurity, Cybersecurity Analytics, Cybersecurity Operations, Information Security, Security Analytics

Preferred Skills:

Job Posting End Date:

10/17/2025

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.