Oracle
Job Description
Join to apply for the
Principal Security Engineer (OCI)
role at
Oracle .
At Oracle Cloud Infrastructure (OCI), we build the future of the cloud for enterprises. We act with the speed and attitude of a start-up, combined with the scale and customer focus of the leading enterprise software company in the world.
About the Team The Enterprise Engineering team is responsible for ensuring the security and compliance of internal systems by performing regular audits, identifying gaps in existing standards, and actively enhancing the organization’s overall security framework using automation. We are an internal security and compliance team tasked with maintaining the security of all systems and ensuring compliance with various security frameworks. Our responsibilities include performing continuous compliance assessments to ensure all systems meet required security standards and are effectively protected.
Ideal Candidate The candidate is expected to be in Oracle’s Nashville office – 5 days/week.
This role supports the strengthening of Oracle’s security posture, focusing on one or more of the following areas: regulatory compliance, risk management, Zero Trust Network Access (ZTNA), security policy development and enforcement, and Threat and Vulnerability Management.
Regulatory Compliance: Manage programs that establish, document, and track compliance with industry and government standards and regulations (e.g., ISO 27001, PCI-DSS, HIPAA, FedRAMP, CMMC, GDPR, etc.).
Risk Management: Assess information security risks in complex environments and help implement security solutions and programs.
Cloud Security: Knowledge of cloud security principles and best practices across platforms; OCI experience is a plus.
Network Security: Knowledge of network security, firewalls, VPNs, IDS/IPS, and network segmentation; Zero Trust experience is a plus.
Threat and Vulnerability Management: Research, evaluate, and manage information security threats and vulnerabilities.
Mentoring: Mentors and trains other team members.
Reporting: Compiles and presents security and compliance reports to management.
Career Level
– IC4
Responsibilities
Develop and manage information security governance, including policies, procedures, standards, baselines, and guidelines to ensure secure operation of information systems.
Build application security framework review processes (e.g., OWASP Top 10) to identify vulnerabilities.
Design secure system architectures in the cloud, incorporating zero-trust models, network segmentation, and access control.
Monitor network traffic and security events to detect and respond to threats.
Conduct regular vulnerability assessments and penetration tests on network and cloud infrastructure.
Support configuration and management of firewalls, VPNs, IDS/IPS, and cloud-native security tools.
Perform code reviews and security testing (SAST, DAST); enforce secure coding practices across the SDLC with CI/CD tools; manage secrets, SCA, and open-source tools.
Develop and monitor configuration management automation and IaC strategies for a secure-by-design framework.
Monitor information systems for security incidents and vulnerabilities; provide visibility and reporting to IT and executive management.
Lead security projects and initiatives using Agile or Waterfall methodologies.
Architect and operate information system security controls; train staff in system administration and operations.
Develop cybersecurity documentation (SSP, PIA, CMP, POA&M, SOP) as required.
Create stakeholder reports with actionable recommendations; provide metrics to cybersecurity leadership and brief executives on compliance matters.
Participate in internal and external audits with clear briefings on findings and corrective actions.
Location and Sponsorship This team is targeting candidates in the U.S. who can work onsite in Nashville, TN. Relocation assistance is provided. This is not a remote position. Visa sponsorship is not available for this position.
Qualifications
Bachelor’s degree in computer science, Information Security, or a related field; Master’s degree preferred.
10+ years of experience in cybersecurity, security architecture, or related security roles, with focus on cloud environments, automation workflows, incident detection and response, and vulnerability remediation.
Industry certifications such as CISSP, OSCP, CISM, GIAC, or cloud security specialties (OCI, AWS, Azure) are highly preferred.
Proven expertise in security architecture, threat modeling, and risk management at an enterprise level.
Strong knowledge of network and cloud security (OCI, AWS, Azure, GCP); experience with IAM, cryptography, secure coding, and zero-trust.
Experience with SAST/DAST, secure coding practices, and CI/CD tooling; scripting (Bash, Python, Perl, YAML) and IaC (Terraform, CloudFormation).
Familiarity with container orchestration (Kubernetes, OpenShift, EKS, AKS) and vulnerability management.
Excellent communication skills with ability to convey technical concepts clearly.
Disclaimer Certain US customer or client-facing roles may require immunization/occupational health mandates. Location and benefits information are specific to the stated locations. This posting includes a salary range for the US: $109,200 – $223,400 per year, with potential bonus and equity. Oracle offers a comprehensive benefits package as described.
About Us Oracle is a world leader in cloud solutions, committed to an inclusive workforce and opportunities for all. Accessibility accommodations are available upon request at accommodation-request_mb@oracle.com or +1 888 404 2494 in the United States. Oracle is an Equal Employment Opportunity Employer.
Other
Seniority level: Mid-Senior level
Employment type: Full-time
Job function: Information Technology
Industries: IT Services and IT Consulting
Referrals increase your chances of interviewing at Oracle. Get notified about new Principal Security Engineer jobs in Nashville, TN.
#J-18808-Ljbffr
Principal Security Engineer (OCI)
role at
Oracle .
At Oracle Cloud Infrastructure (OCI), we build the future of the cloud for enterprises. We act with the speed and attitude of a start-up, combined with the scale and customer focus of the leading enterprise software company in the world.
About the Team The Enterprise Engineering team is responsible for ensuring the security and compliance of internal systems by performing regular audits, identifying gaps in existing standards, and actively enhancing the organization’s overall security framework using automation. We are an internal security and compliance team tasked with maintaining the security of all systems and ensuring compliance with various security frameworks. Our responsibilities include performing continuous compliance assessments to ensure all systems meet required security standards and are effectively protected.
Ideal Candidate The candidate is expected to be in Oracle’s Nashville office – 5 days/week.
This role supports the strengthening of Oracle’s security posture, focusing on one or more of the following areas: regulatory compliance, risk management, Zero Trust Network Access (ZTNA), security policy development and enforcement, and Threat and Vulnerability Management.
Regulatory Compliance: Manage programs that establish, document, and track compliance with industry and government standards and regulations (e.g., ISO 27001, PCI-DSS, HIPAA, FedRAMP, CMMC, GDPR, etc.).
Risk Management: Assess information security risks in complex environments and help implement security solutions and programs.
Cloud Security: Knowledge of cloud security principles and best practices across platforms; OCI experience is a plus.
Network Security: Knowledge of network security, firewalls, VPNs, IDS/IPS, and network segmentation; Zero Trust experience is a plus.
Threat and Vulnerability Management: Research, evaluate, and manage information security threats and vulnerabilities.
Mentoring: Mentors and trains other team members.
Reporting: Compiles and presents security and compliance reports to management.
Career Level
– IC4
Responsibilities
Develop and manage information security governance, including policies, procedures, standards, baselines, and guidelines to ensure secure operation of information systems.
Build application security framework review processes (e.g., OWASP Top 10) to identify vulnerabilities.
Design secure system architectures in the cloud, incorporating zero-trust models, network segmentation, and access control.
Monitor network traffic and security events to detect and respond to threats.
Conduct regular vulnerability assessments and penetration tests on network and cloud infrastructure.
Support configuration and management of firewalls, VPNs, IDS/IPS, and cloud-native security tools.
Perform code reviews and security testing (SAST, DAST); enforce secure coding practices across the SDLC with CI/CD tools; manage secrets, SCA, and open-source tools.
Develop and monitor configuration management automation and IaC strategies for a secure-by-design framework.
Monitor information systems for security incidents and vulnerabilities; provide visibility and reporting to IT and executive management.
Lead security projects and initiatives using Agile or Waterfall methodologies.
Architect and operate information system security controls; train staff in system administration and operations.
Develop cybersecurity documentation (SSP, PIA, CMP, POA&M, SOP) as required.
Create stakeholder reports with actionable recommendations; provide metrics to cybersecurity leadership and brief executives on compliance matters.
Participate in internal and external audits with clear briefings on findings and corrective actions.
Location and Sponsorship This team is targeting candidates in the U.S. who can work onsite in Nashville, TN. Relocation assistance is provided. This is not a remote position. Visa sponsorship is not available for this position.
Qualifications
Bachelor’s degree in computer science, Information Security, or a related field; Master’s degree preferred.
10+ years of experience in cybersecurity, security architecture, or related security roles, with focus on cloud environments, automation workflows, incident detection and response, and vulnerability remediation.
Industry certifications such as CISSP, OSCP, CISM, GIAC, or cloud security specialties (OCI, AWS, Azure) are highly preferred.
Proven expertise in security architecture, threat modeling, and risk management at an enterprise level.
Strong knowledge of network and cloud security (OCI, AWS, Azure, GCP); experience with IAM, cryptography, secure coding, and zero-trust.
Experience with SAST/DAST, secure coding practices, and CI/CD tooling; scripting (Bash, Python, Perl, YAML) and IaC (Terraform, CloudFormation).
Familiarity with container orchestration (Kubernetes, OpenShift, EKS, AKS) and vulnerability management.
Excellent communication skills with ability to convey technical concepts clearly.
Disclaimer Certain US customer or client-facing roles may require immunization/occupational health mandates. Location and benefits information are specific to the stated locations. This posting includes a salary range for the US: $109,200 – $223,400 per year, with potential bonus and equity. Oracle offers a comprehensive benefits package as described.
About Us Oracle is a world leader in cloud solutions, committed to an inclusive workforce and opportunities for all. Accessibility accommodations are available upon request at accommodation-request_mb@oracle.com or +1 888 404 2494 in the United States. Oracle is an Equal Employment Opportunity Employer.
Other
Seniority level: Mid-Senior level
Employment type: Full-time
Job function: Information Technology
Industries: IT Services and IT Consulting
Referrals increase your chances of interviewing at Oracle. Get notified about new Principal Security Engineer jobs in Nashville, TN.
#J-18808-Ljbffr