Associate Director, Cyber Detection and Response

Job Description

Job Title: Associate Director, Cyber Detection and Response

We are seeking a highly skilled and motivated Regional Lead for our SOC and Incident Response teams within our Cyber Fusion Center. This role offers the opportunity to enhance our cyber threat detection and response processes and technologies, ensuring the protection of our critical assets and data. Collaboration is key in this position, as you will work closely with Global Technical Lead, Service Line Lead, and other Regional Cyber Fusion Center Leads to drive effective strategies and solutions. While this is a management position, we expect managers to be expert practitioners, able to lead by example, contribute at the highest level, and assess work based on their own professional experience and skill. Candidates should have deep, hands-on expertise with a range of security tooling and practices, which they can integrate into a holistic next-generation security solution to detect Advanced Persistent Threat groups.

Responsibilities:

• Run the company's SOC and Incident Response functions during Asia Pacific business hours. 

• Lead, coach, mentor, and develop a team of outstanding technical security professionals.

• Own and lead investigations into complex cyber incidents and advanced threats.  

• Provide expert technical advice to SOC and IR analysts, enhancing their effectiveness in managing cybersecurity incidents.

• Develop and engineer threat detection logics to detect complex threat actor behaviors. 

• Identify opportunities for workflow automation within incident analysis procedures. 

• Ensure comprehensive technical incident documentation is accurately followed for each incident.

• Suggest improvements to SOC and Incident Response processes. 

• Act as Deputy Cyber Fusion Center Regional Lead. 

Qualifications:

• Ability to effectively lead technical teams, fostering collaboration and innovation within incident response functions.

• Robust background in incident response and cybersecurity, with hands-on experience in real-world scenarios.

• Ability to lead effectively during high-pressure situations, managing crises and coordinating response efforts.

• Aptitude for providing expert technical advice and constructive feedback to SOC and IR analysts.

• Solid knowledge of frameworks such as NIST, SANS, and MITRE ATT&CK to guide incident response best practices.

• Experience presenting incident response findings and conducting training sessions for SOC and IR teams to enhance their capabilities.

• Proficient with threat intelligence consumption to drive operational improvements.

• Strong grasp of common operating systems, security technologies, and networking components. 

• Exceptional documentation skills for maintaining compre hensive records of incidents, including actions taken and outcomes.

• Familiarity with AWS, Azure cloud environments, MDR services, and SIEM solutions. 

Nice to have:

• Possession of advanced technical certifications (e.g., GIAC, OSCP).

• Knowledge of programming languages such as Python, PowerShell, or Bash. 

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully 
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company.  No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. 

Employee Status:

Regular

Relocation:

VISA Sponsorship:

Travel Requirements:

Flexible Work Arrangements:

Hybrid

Shift:

Valid Driving License:

Hazardous Material(s):

Required Skills:

Ability to Work Under Pressure, Computer Science, Crisis Management, Crisis Response, Cybersecurity, Cybersecurity Risk Management, Cyber Threat Intelligence, Cyber Threat Prevention, Digital Forensics, Incident Management, Operating Systems (OS), Penetration Testing, Power Shell Scripting, Programming Languages, Python (Programming Language), Security Operations, Security Technologies, SLA Management, Threat Detection, Vulnerability Scanning, Workflow Automation

 Preferred Skills:

Job Posting End Date:

07/17/2025

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.