Job Description
Job Description
The Director of Edge Protection is a leadership role responsible for the enterprise-wide strategy, governance, and protection of the company's global domain portfolio and external digital ecosystem. This role ensures the security, resilience, and operational excellence of all public-facing and internal websites, domains, and edge-facing services. The Director partners closely with Legal, Trademarks, Marketing, Corporate Affairs, IT, and Security teams to safeguard corporate assets, support market enablement, and reduce cyber risk.
This leader owns the end-to-end operating model for domain lifecycle management, edge protection, WAF engineering, secure external SDLC, external attack surface management, DDoS readiness, registrar/vendor management, data integrity, and M&A domain integrations. The role brings strong business acumen to balance enterprise risk, financial stewardship, and strategic execution across divisions.
Required Experience
Bachelor's degree in computer science, Cybersecurity, Information Systems, Engineering, or related field.
7+ yearsin IT, cybersecurity, cloud/edge security, or product/application security.
Demonstrated experience withData Loss Prevention (DLP)technologies, including endpoint, email, and web DLP.
Significant experience withDNS, TLS/SSL, CDN, WAF, website security, and external digital asset protection.
Proven leadership indomain portfolio governance, registrar/vendor management, and global domain lifecycle operations.
Experience operating enterprise-scaleExternal Attack Surface Management (EASM)
Experience with Secure Systems Development Lifecycle programs.
Experience collaborating with Legal, Marketing, and Corporate Affairs leadership.
Experience leading global teams or cross-functional security programs.
Required Skills
Deep technical expertise in:
DNS, domain governance, SSL/TLS
CDN/WAF platforms
Public cloud hosting patterns (AWS preferred)
Website security, OWASP Top 10, CI/CD pipeline integration
EASM, bug bounty workflows, and external threat analysis
DLP policies, monitoring, and tuning
Strong executive communication and stakeholder alignment capabilities.
Ability to translate complex cyber risk into actionable business decisions.
Strong financial management skills, including budgeting and vendor negotiation.
Preferred Skills-
Master's degree preferred
Required Skills:
Accountability, Accountability, Application Security, Applied Engineering, Attack Surface Analysis, Business Decisions, Client Relationship Building, Communication, Conflict Resolution, Cybersecurity Risk Management, Data Integrity, Data Loss Prevention (DLP), Executive Communications, Financial Acumen, Financial Management, IT Security Operations, Leadership, Operational Technology (OT) Security, Persuasion, Security Operations, SLA Management, Stakeholder Communications, Strategic Planning, Team Leadership, Technical Advice {+ 1 more}Preferred Skills:
Current Employees apply HERE
Current Contingent Workers apply HERE
US and Puerto Rico Residents Only:
As an Equal Employment Opportunity Employer, we provide equal opportunities to all employees and applicants for employment and prohibit discrimination on the basis of race, color, age, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or other applicable legally protected characteristics.As a federal contractor, we comply with all affirmative action requirements for protected veterans and individuals with disabilities. For more information about personal rights under the U.S. Equal Opportunity Employment laws, visit:
We are proud to be a company that embraces the value of bringing together, talented, and committed people with diverse experiences, perspectives, skills and backgrounds. The fastest way to breakthrough innovation is when people with diverse ideas, broad experiences, backgrounds, and skills come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another's thinking and approach problems collectively.
U.S. Hybrid Work Model
Effective September 5, 2023, employees in office-based positions in the U.S. will be working a Hybrid work consisting of three total days on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence.This Hybrid work model does not apply to, and daily in-person attendance is required for, field-based positions; facility-based, manufacturing-based, or research-based positions where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance also does not apply to roles that have been designated as "remote".
San Francisco Residents Only:We will consider qualified applicants with arrest and conviction records for employment in compliance with the San Francisco Fair Chance Ordinance
Los Angeles Residents Only:We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance
Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.
Employee Status:
RegularRelocation:
No relocationVISA Sponsorship:
NoTravel Requirements:
25%Flexible Work Arrangements:
Not ApplicableShift:
1st - DayValid Driving License:
NoHazardous Material(s):
N/aJob Posting End Date:
02/17/2026*A job posting is effective until 11:59:59PM on the day BEFOREthe listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.
Requisition ID:R384359
Job Description
The Director of Edge Protection is a leadership role responsible for the enterprise-wide strategy, governance, and protection of the company's global domain portfolio and external digital ecosystem. This role ensures the security, resilience, and operational excellence of all public-facing and internal websites, domains, and edge-facing services. The Director partners closely with Legal, Trademarks, Marketing, Corporate Affairs, IT, and Security teams to safeguard corporate assets, support market enablement, and reduce cyber risk.
This leader owns the end-to-end operating model for domain lifecycle management, edge protection, WAF engineering, secure external SDLC, external attack surface management, DDoS readiness, registrar/vendor management, data integrity, and M&A domain integrations. The role brings strong business acumen to balance enterprise risk, financial stewardship, and strategic execution across divisions.
Required Experience
Bachelor's degree in computer science, Cybersecurity, Information Systems, Engineering, or related field.
7+ yearsin IT, cybersecurity, cloud/edge security, or product/application security.
Demonstrated experience withData Loss Prevention (DLP)technologies, including endpoint, email, and web DLP.
Significant experience withDNS, TLS/SSL, CDN, WAF, website security, and external digital asset protection.
Proven leadership indomain portfolio governance, registrar/vendor management, and global domain lifecycle operations.
Experience operating enterprise-scaleExternal Attack Surface Management (EASM)
Experience with Secure Systems Development Lifecycle programs.
Experience collaborating with Legal, Marketing, and Corporate Affairs leadership.
Experience leading global teams or cross-functional security programs.
Required Skills
Deep technical expertise in:
DNS, domain governance, SSL/TLS
CDN/WAF platforms
Public cloud hosting patterns (AWS preferred)
Website security, OWASP Top 10, CI/CD pipeline integration
EASM, bug bounty workflows, and external threat analysis
DLP policies, monitoring, and tuning
Strong executive communication and stakeholder alignment capabilities.
Ability to translate complex cyber risk into actionable business decisions.
Strong financial management skills, including budgeting and vendor negotiation.
Preferred Skills-
Master's degree preferred
Required Skills:
Accountability, Accountability, Application Security, Applied Engineering, Attack Surface Analysis, Business Decisions, Client Relationship Building, Communication, Conflict Resolution, Cybersecurity Risk Management, Data Integrity, Data Loss Prevention (DLP), Executive Communications, Financial Acumen, Financial Management, IT Security Operations, Leadership, Operational Technology (OT) Security, Persuasion, Security Operations, SLA Management, Stakeholder Communications, Strategic Planning, Team Leadership, Technical Advice {+ 1 more}Preferred Skills:
Current Employees apply HERE
Current Contingent Workers apply HERE
US and Puerto Rico Residents Only:
As an Equal Employment Opportunity Employer, we provide equal opportunities to all employees and applicants for employment and prohibit discrimination on the basis of race, color, age, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or other applicable legally protected characteristics.As a federal contractor, we comply with all affirmative action requirements for protected veterans and individuals with disabilities. For more information about personal rights under the U.S. Equal Opportunity Employment laws, visit:
We are proud to be a company that embraces the value of bringing together, talented, and committed people with diverse experiences, perspectives, skills and backgrounds. The fastest way to breakthrough innovation is when people with diverse ideas, broad experiences, backgrounds, and skills come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another's thinking and approach problems collectively.
U.S. Hybrid Work Model
Effective September 5, 2023, employees in office-based positions in the U.S. will be working a Hybrid work consisting of three total days on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence.This Hybrid work model does not apply to, and daily in-person attendance is required for, field-based positions; facility-based, manufacturing-based, or research-based positions where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance also does not apply to roles that have been designated as "remote".
San Francisco Residents Only:We will consider qualified applicants with arrest and conviction records for employment in compliance with the San Francisco Fair Chance Ordinance
Los Angeles Residents Only:We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles' Fair Chance Initiative for Hiring Ordinance
Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.
Employee Status:
RegularRelocation:
No relocationVISA Sponsorship:
NoTravel Requirements:
25%Flexible Work Arrangements:
Not ApplicableShift:
1st - DayValid Driving License:
NoHazardous Material(s):
N/aJob Posting End Date:
02/17/2026*A job posting is effective until 11:59:59PM on the day BEFOREthe listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.
Requisition ID:R384359
About Merck
At Merck, known as MSD outside of the United States and Canada, we are unified around our purpose: We use the power of leading-edge science to save and improve lives around the world. For more than 130 years, we have brought hope to humanity through the development of important medicines and vaccines. We aspire to be the premier research-intensive biopharmaceutical company in the world – and today, we are at the forefront of research to deliver innovative health solutions that advance the prevention and treatment of diseases in people and animals. We foster a diverse and inclusive global workforce and operate responsibly every day to enable a safe, sustainable and healthy future for all people and communities.
