Job Description

We are seeking for Engineering Senior Specialist to design, engineer, and operate enterprise-scale XDR and SIEM platforms across Microsoft and Google security ecosystems. This role operates at the intersection of security platform engineering, detection engineering, and operational resilience, with a clear mandate to improve threat detection quality, response effectiveness, data fidelity, and platform reliability in a global enterprise environment.

The ideal candidate brings deep hands-on engineering expertise, an operations-first mindset, and the ability to collaborate effectively with SOC (CFC), cloud, identity, and infrastructure teams.

Key Responsibilities:

Platform Engineering & Operations

Engineer, operate, and continuously optimize Microsoft Sentinel and Microsoft Defender XDR (Defender for Endpoint, Identity, Office, and Cloud).
Engineer and operate Google Security Operations (Chronicle SIEM) to support high-volume security telemetry ingestion, analytics, and long-term retention.
Design and maintain scalable ingestion architectures, including normalization, enrichment, routing, and retention across hybrid and multi-cloud environments.
Ensure platform reliability, performance, cost awareness, and operational stability.

Detection Engineering & Threat Response Enablement

Support detection tuning activities to reduce false positives, improve signal-to-noise ratio, and align with SOC workflows.
Provide deep platform and data expertise to support incident investigation, threat hunting, and response activities.
Align detection logic with MITRE ATT&CK and threat-informed defense principles.

Data Quality, Telemetry & Observability

Support onboarding, validation, parsing, and ongoing quality monitoring of security telemetry sources.
Partner with application, platform, and infrastructure teams to identify and close logging and visibility gaps.
Establish and enforce data quality standards to ensure reliable detection, investigation, and reporting.
Ensure logging and monitoring practices meet internal security standards and regulatory requirements.

Automation & Continuous Improvement

Implement automation for detection lifecycle management, enrichment, and response orchestration using SOAR and native platform capabilities.
Drive standardization, documentation, and runbook development to improve operational maturity and resiliency.
Contribute to platform roadmaps, reliability improvements, and technical debt reduction initiatives.

Collaboration & Governance

Work closely with CFC/SOC, Cloud Security, Identity, Infrastructure, and Compliance teams.
Support audit and compliance activities, including SOX and regulatory log‑retention requirements.
Provide technical input into onboarding decisions, platform changes, and security architecture reviews.

Required Qualifications:

5+ years of experience in security engineering, detection engineering, or SOC engineering roles.
Strong hands-on experience with Microsoft Sentinel and Microsoft Defender XDR.
Experience with Google Security Operations (Chronicle SIEM) or equivalent large-scale cloud SIEM platforms.
Proficiency in KQL and experience authoring structured detection logic.
Solid understanding of cloud security (Azure and/or GCP), identity, endpoint, and network telemetry.
Experience operating security platforms in large, complex enterprise environments.

**Required Skills: **

Certificate Services, Certificate Services, Cloud Security, Cyber Defense, Cybersecurity, Cybersecurity Analytics, Cybersecurity Operations, Data Quality Control, Delivery of Security Applications, Design Applications, Enterprise Resource Planning (ERP), Identity Access Management (IAM), Incident Investigations, Incident Response, Information Security, Microsoft Azure, Network Segmentation, Operational Technology (OT) Security, Regulatory Requirements, Security Analytics, Security Architecture Design, Security Architecture Review, Security Engineering, SLA Management, System Designs {+ 3 more}

**Preferred Skills: **

Current Employees apply HERE

Current Contingent Workers apply HERE

**Search Firm Representatives Please Read Carefully ** Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

**Employee Status: **

Regular

Relocation:

Domestic

VISA Sponsorship:

Travel Requirements:

No Travel Required

Flexible Work Arrangements:

Hybrid

Shift:

Not Indicated

Valid Driving License:

Hazardous Material(s):

n/a

Job Posting End Date:

05/31/2026

***A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date. **

Job Description

Key Responsibilities:

Platform Engineering & Operations

Engineer, operate, and continuously optimize Microsoft Sentinel and Microsoft Defender XDR (Defender for Endpoint, Identity, Office, and Cloud).
Engineer and operate Google Security Operations (Chronicle SIEM) to support high-volume security telemetry ingestion, analytics, and long-term retention.
Design and maintain scalable ingestion architectures, including normalization, enrichment, routing, and retention across hybrid and multi-cloud environments.
Ensure platform reliability, performance, cost awareness, and operational stability.

Detection Engineering & Threat Response Enablement

Support detection tuning activities to reduce false positives, improve signal-to-noise ratio, and align with SOC workflows.
Provide deep platform and data expertise to support incident investigation, threat hunting, and response activities.
Align detection logic with MITRE ATT&CK and threat-informed defense principles.

Data Quality, Telemetry & Observability

Support onboarding, validation, parsing, and ongoing quality monitoring of security telemetry sources.
Partner with application, platform, and infrastructure teams to identify and close logging and visibility gaps.
Establish and enforce data quality standards to ensure reliable detection, investigation, and reporting.
Ensure logging and monitoring practices meet internal security standards and regulatory requirements.

Automation & Continuous Improvement

Implement automation for detection lifecycle management, enrichment, and response orchestration using SOAR and native platform capabilities.
Drive standardization, documentation, and runbook development to improve operational maturity and resiliency.
Contribute to platform roadmaps, reliability improvements, and technical debt reduction initiatives.

Collaboration & Governance

Work closely with CFC/SOC, Cloud Security, Identity, Infrastructure, and Compliance teams.
Support audit and compliance activities, including SOX and regulatory log‑retention requirements.
Provide technical input into onboarding decisions, platform changes, and security architecture reviews.

Required Qualifications:

5+ years of experience in security engineering, detection engineering, or SOC engineering roles.
Strong hands-on experience with Microsoft Sentinel and Microsoft Defender XDR.
Experience with Google Security Operations (Chronicle SIEM) or equivalent large-scale cloud SIEM platforms.
Proficiency in KQL and experience authoring structured detection logic.
Solid understanding of cloud security (Azure and/or GCP), identity, endpoint, and network telemetry.
Experience operating security platforms in large, complex enterprise environments.

**Required Skills: **

**Preferred Skills: **

Current Employees apply HERE

Current Contingent Workers apply HERE

**Employee Status: **

Regular

Relocation:

Domestic

VISA Sponsorship:

Travel Requirements:

No Travel Required

Flexible Work Arrangements:

Hybrid

Shift:

Not Indicated

Valid Driving License:

Hazardous Material(s):

n/a

Job Posting End Date:

05/31/2026

***A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date. **

Engineering Senior Specialist

What you'd actually do

Skills

Required

Nice to have

What the JD emphasized

Key Responsibilities:

Platform Engineering & Operations

Detection Engineering & Threat Response Enablement

Data Quality, Telemetry & Observability

Automation & Continuous Improvement

Collaboration & Governance

Required Qualifications:

Key Responsibilities:

Platform Engineering & Operations

Detection Engineering & Threat Response Enablement

Data Quality, Telemetry & Observability

Automation & Continuous Improvement

Collaboration & Governance

Required Qualifications: