AI & SaaS Product Security Engineer

Job Description

Role Overview

Join our Strategic Platforms Security & AI Security team a function at the intersection of AI security initiatives, cloud-native product security, and enterprise SaaS security. We protect the platforms that run global drug development from AI-powered research tools to enterprise SaaS systems used by thousands of scientists worldwide. As a Specialist, you'll be a hands-on practitioner driving security assessments, AI risk controls implementation, and technical security programs that protect critical platforms across the global footprint of our company. You will work closely with platform owners and senior security leadership to assess and mature security posture across a complex portfolio of SaaS and AI systems.

 

What will you do in this role:

• Own end-to-end security assessments for enterprise SaaS platform from IAM misconfigurations to API exposure

• Collaborate with product teams to enforce SaaS application security best practices, conduct reviews, perform scans and assist in threat modelling to identify and mitigate security risks throughout the development lifecycle.
• Be on the front line of AI security: design guardrails, hunt for prompt injection attacks, and build controls that didn't exist a year ago
• Operate security tooling including AI Guardrails and AI DLP tools
• Maintain and monitor security tools and dashboards, ensuring that applications deployed in our environments adhere to organizational security standards and compliance requirements.
• Create and document security patterns for SaaS and AI Systems.

What should you have:

• 3+ years of experience in cybersecurity, IT, or a closely related field - internships count
• Solid grounding in application or cloud security; hands-on experience with real enterprise environments
• Experience working with enterprise SaaS platforms and their security configurations
• Ability to communicate risk clearly - you can explain a complex finding to an engineer and to a business leader, and know the difference
• Genuine curiosity about AI and generative AI security.  You've read about prompt injection, jailbreaks, or model supply chain risks and found yourself wanting to go deeper
• Scripting or automation experience in Python, Bash, or PowerShell - you reach for code when repetitive tasks get in the way
• Familiarity with cloud environments (AWS, Azure, or GCP) and cloud-native security concepts
• Experience with security tools in the ASM, CASB, SAST/DAST, or DLP space is nice to have
• You take ownership of your work and follow through
• Innovative thinking, experimental mindset and fast learner

What we offer

• Exciting work in a great team, global projects, international environment
• Opportunity to learn and grow professionally within the company globally
• Hybrid working model, flexible role pattern
• Competitive salary & incentive pay
• Pension and health insurance contributions
• Internal reward system and referral scheme
• 5  weeks annual leave, 5 sick days, 15 days of certified sick leave paid above statutory requirements annually, 40  paid hours annually for volunteering activities, 12 weeks of parental contribution
• Cafeteria for tax free benefits according to your choice (meal vouchers, sport, culture, health, travel, etc.), Multisport Card
• Vodafone, Raiffeisen Bank, Foodora, and discount programmes
• Up-to-date laptop and iPhone
• Parking in the garage, showers, refreshments, massage chairs, library, music corner 

Ready to take up the challenge? Apply now!

Know anybody who might be interested? Refer this job! 

Required Skills:

Application Security, Application Security, Certificate Services, Cloud Application Security, Cloud Native Security, Cloud Security, Cybersecurity, Cybersecurity Analytics, Cybersecurity Operations, Delivery of Security Applications, Design Applications, Drug Development, Grounding Equipment, Information Security, Network Segmentation, Operational Technology (OT) Security, Power Shell Scripting, Product Risk Management, Product Security, Security Compliance Assessment, Security Management, SLA Management, Supply Chain Risk Management, Systematic Problem Solving, System Designs {+ 4 more}

Preferred Skills:

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully 
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company.  No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. 

Employee Status:

Regular

Relocation:

No relocation

VISA Sponsorship:

No

Travel Requirements:

10%

Flexible Work Arrangements:

Hybrid

Shift:

1st - Day

Valid Driving License:

No

Hazardous Material(s):

n/a

Job Posting End Date:

06/27/2026

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.