Job Description

As the Product Security Lead Designer, you will play a pivotal role in shaping the security landscape of our organization. Your primary responsibilities will include:

• Designing Security Controls: Lead the design and implementation of innovative and robust security controls across various domains (Cloud, AI, DevSecOps,...), ensuring alignment with industry best practices and regulatory requirements.

• Collaborating with Cross-Functional Teams: Work closely with engineering, product management, IT, and other relevant teams to integrate security controls seamlessly into existing and new systems.

• Conducting Security Assessments: Perform security assessments and threat modeling to identify potential vulnerabilities and recommend appropriate mitigation strategies.

• Developing Security Designs & Patterns: Create and maintain comprehensive security designs that address the unique needs of different projects and initiatives.

• Providing Technical Guidance: Serve as a subject matter expert, offering technical guidance and support to engineering teams during the development and deployment of security solutions.

• Mentoring and Leadership: Mentor junior team members, fostering a culture of continuous learning and professional development within the security design team.

We are looking for a passionate and skilled security professional with demonstrated experience in at least one of the following domains:

Cloud Security

• Hands-on experience with securing workloads and architectures in AWS, Azure, or Google Cloud Platform (GCP)

DevSecOps & Secure Software Development

• Practical experience integrating security into the DevOps lifecycle (Secure CI/CD pipeline design, SAST, DAST, SCA)

• Infrastructure as Code (IaC) scanning and policy enforcement (e.g., Terraform, CloudFormation)

AI/ML Security

• Understanding of AI/ML security risks

• Familiarity with AI Security Posture Management (AI-SPM) or relevant AI risk frameworks (e.g., NIST AI RMF, EU AI Act)

Identity and Access Management (IAM)

• Knowledge of identity governance, authentication, authorization, role-based access control (RBAC), and federated identity systems (e.g., SAML, OAuth, OIDC)

On top of that, we also expect you to match following boxes:

• Fast learner with the ability to grasp new security domains and emerging technologies

• Skilled in translating complex technical concepts for diverse audiences, including stakeholders and leadership

• Proven ability to design security solutions and guide implementation by engineering teams

• Strong interpersonal and collaboration skills across global and cross-functional teams

• Demonstrated passion for continuous learning and driving product security maturity

Preferred Experience and Skills

• Solid understanding of the OWASP Top Ten and best-practice mitigations (e.g., XSS, SQLi, CSRF).

• Familiarity with Agile methodologies and secure development practices in iterative environments.

• Experience implementing secrets management, key management, and cryptographic controls following industry standards (e.g., NIST, ISO).

• Awareness of containerization technologies (Docker, Kubernetes) and associated security risks and hardening techniques.

• Working knowledge of networking and web technologies (e.g., TCP/IP, HTTP/HTTPS, TLS, DNS, SSH, REST APIs).

• Ability to read and understand code in one or more languages (e.g., Python, Java, JavaScript, .NET) and apply secure coding principles.

Our offer:

The primary location is Czechia, benefits in the US may vary.

• Exciting work in a great team, global projects, international environment

• Opportunity to learn and grow professionally within the company globally

• Hybrid working model, flexible role pattern

• Pension and health insurance contributions

• Internal reward system plus referral program

• 5 weeks annual leave, 5 sick days, 15 days of certified sick leave paid above statutory requirements annually, 40 paid hours annually for volunteering activities, 12 weeks of parental contribution

• Cafeteria for tax free benefits according to your choice (meal vouchers, Lítačka, sport, culture, health, travel, etc.), Multisport Card

• Vodafone, Raiffeisen Bank, Foodora, and Mall.cz discount programs

• Up-to-date laptop and iPhone

• Parking in the garage for drivers or showers for bikers

• Competitive salary, incentive pay, and many more

Ready to take up the challenge? Apply now!
Know anybody who might be interested? Refer this job!

The date shown below is the earliest possible closing date for this posting. However, we sometimes extend the job posting period as needed, so please feel free to apply anytime you see the "Apply" button available. You may also reach out to the recruiter directly via https://www.linkedin.com/in/badumtss/

Current Employees apply HERE

Current Contingent Workers apply HERE

US and Puerto Rico Residents Only:

Our company is committed to inclusion, ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here if you need an accommodation during the application or hiring process.

As an Equal Employment Opportunity Employer, we provide equal opportunities to all employees and applicants for employment and prohibit discrimination on the basis of race, color, age, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or other applicable legally protected characteristics.  As a federal contractor, we comply with all affirmative action requirements for protected veterans and individuals with disabilities.  For more information about personal rights under the U.S. Equal Opportunity Employment laws, visit:

EEOC Know Your Rights

EEOC GINA Supplement​

We are proud to be a company that embraces the value of bringing together, talented, and committed people with diverse experiences, perspectives, skills and backgrounds. The fastest way to breakthrough innovation is when people with diverse ideas, broad experiences, backgrounds, and skills come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another’s thinking and approach problems collectively.

Learn more about your rights, including under California, Colorado and other US State Acts

U.S. Hybrid Work Model

Effective September 5, 2023, employees in office-based positions in the U.S. will be working a Hybrid work consisting of three total days on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence.This Hybrid work model does not apply to, and daily in-person attendance is required for, field-based positions; facility-based, manufacturing-based, or research-based positions where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance also does not apply to roles that have been designated as “remote”.

The salary range for this role is

$139,600.00 - $219,700.00

This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. An employee’s position within the salary range will be based on several factors including, but not limited to relevant education, qualifications, certifications, experience, skills, geographic location, government requirements, and business or organizational needs.

The successful candidate will be eligible for annual bonus and long-term incentive, if applicable.

We offer a comprehensive package of benefits.  Available benefits include medical, dental, vision healthcare and other insurance benefits (for employee and family), retirement benefits, including 401(k), paid holidays, vacation, and compassionate and sick days. More information about benefits is available at https://jobs.merck.com/us/en/compensation-and-benefits.

You can apply for this role through https://jobs.merck.com/us/en (or via the Workday Jobs Hub if you are a current employee). The application deadline for this position is stated on this posting.

San Francisco Residents Only: We will consider qualified applicants with arrest and conviction records for employment in compliance with the San Francisco Fair Chance Ordinance

Los Angeles Residents Only: We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance

Search Firm Representatives Please Read Carefully 
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company.  No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. 

Employee Status:

Regular

Relocation:

VISA Sponsorship:

Travel Requirements:

Flexible Work Arrangements:

Remote

Shift:

Valid Driving License:

Hazardous Material(s):

Required Skills:

Agile Application Development, Agile Methodology, AWS Architecture, Business, Cloud Governance, Data Loss Prevention (DLP), Design Applications, Dynamic Application Security Testing (DAST), Information Security, Kubernetes, Management Process, OWASP Top 10, Python (Programming Language), Role Based Access Control (RBAC), Security Operations, Security Solutions, SLA Management, Social Collaboration, Software Development, Software Development Life Cycle (SDLC), System Designs, Technical Advice, Vulnerability Scanning

 Preferred Skills:

Job Posting End Date:

09/19/2025

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.