Oracle
Information Security Engineer - Threat and Vulnerability Management
Oracle Cloud Infrastructure
The Oracle Threat and Vulnerability Management (TVM) team proactively identifies, assesses, prioritizes, and relentlessly drives the remediation of security weaknesses and vulnerabilities at scale across the total enterprise. The TVM team performs security assessments, vulnerability research, guides and advises mitigation strategies, and coordinates the response to zero-day and other urgent vulnerabilities. We ensure the security of the software and hardware that runs our cloud and non-cloud infrastructure and strive for continuous improvement. As a team, we defend our customers and ensure Oracle meets or exceeds all applicable security and regulatory requirements in all markets.
Values our foundation and how we deliver excellence. We strive for equity, inclusion, and respect for all. We are committed to the greater good in our products and our actions. We are constantly learning and taking opportunities to grow our careers and ourselves. We challenge each other to stretch beyond our past to build our future. You can learn more about us by visiting https://cloud.oracle.com/cloud-infrastructure.
Are you interested in building large-scale distributed security systems and tools for the cloud? Do you enjoy all aspects of security, from end user devices and traditional information technology (IT), to hyperscale cloud and multicloud services, to hardware and operational technology (OT)? A security-focused leader can have significant technical and business impact. This is a unique opportunity to work with smart people to solve complex and industry-wide problems in distributed systems, security, and multi-tenant Infrastructure-as-a-Service (IaaS) at massive scale. The biggest challenges for the team is the dynamic and fast growth of the business, driving us to improve our systems, tools, and automation to scale to our security expertise several orders of magnitude greater than what we can support today. We understand that software is living and needs investment. The challenge is making the right tradeoffs, communicating those decisions effectively, and crisp execution. Come shape the future of one of the largest cloud services on earth with us!
This role is for a self-motivated individual interested and capable of managing multiple facets of security, comfortable working as part of a global team and also independently as part of a larger security strategy.
Qualifications
8+ years of software or systems engineering experience.
5+ years of cloud security experience.
Experience in evaluating and assessing security threats across a variety of environments and industries.
Knowledge of data structures, algorithms, operating systems, and/or distributed systems fundamentals.
Understanding of secure networking principles, routers, switches and load balancers.
Understanding of databases, NoSQL systems, storage, and/or distributed persistence technologies.
Knowledge of database security principles.
Knowledge of encryption technologies and architectures.
Prior experience with distributed systems, cloud computing, and IaaS.
Understanding of security vulnerabilities and mitigation strategies.
Programming and debugging fundamentals in languages/interfaces, such as Python, Java, Go, etc.
Experience automating tedious work using available application programming interfaces.
Preferred Qualifications
Hands-on experience developing or securing services on a public cloud platform (e.g., AWS, Azure, GCP, OCI).
Proven ability to drive culture and behavioral change within engineering organizations.
Strong knowledge of compliance program security controls, like ISO/IEC 27001, SOC 2, PCI-DSS, HITRUST, FedRAMP, and UK Cyber Essentials.
Strong knowledge of risk assesment frameworks, like ISO/IEC 27005, ISO 31000, FAIR, and NIST 800-30.
Knowledge of incident response frameworks and methodologies, including frameworks like NIST 800-61 and MITRE ATT&CK.
Experience with security operations and security alert triage processes.
Experience building continuous integration/deployment pipelines with robust testing and deployment schedules.
Experience working with internal customers and translating requests into prioritized work or features.
Experience and understanding of cryptographic algorithms, standards, implementation and application.
Experience and understanding of threat modeling, penetration testing, reverse engineering and attacks on software.
Experience working with large enterprise customers.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, and protected veterans' status or any other characteristic protected by law.
Career Level - IC4
Responsibilities
Brings advanced-level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required, and where computer programming/scripting knowledge is required.
Evaluates existing and proposed technical architectures for security risk, provides technical advice to support the design and development of secure architectures and recommends security controls to mitigate those risks. Evaluations of internal security architecture may include design assessment, risk assessment, and threat modeling.
Guides, plans, designs, and oversees the implementation of new internal security architectures.
May participate in an incident management team, bringing advanced-level skills to respond to security events and oversees root cause analysis.
Develops new methods and playbooks as well as sophisticated scripts, applications, and tools, and trains others in their use.
Stay up-to-date on the latest advancements in cloud security and apply them to improve Oracle's security posture.
Work with senior management to develop and implement a multi-year security roadmap.
Focus on operational and strategic level tasks, and provide counsel and guidance to the junior level security personnel in the department.
#J-18808-Ljbffr
The Oracle Threat and Vulnerability Management (TVM) team proactively identifies, assesses, prioritizes, and relentlessly drives the remediation of security weaknesses and vulnerabilities at scale across the total enterprise. The TVM team performs security assessments, vulnerability research, guides and advises mitigation strategies, and coordinates the response to zero-day and other urgent vulnerabilities. We ensure the security of the software and hardware that runs our cloud and non-cloud infrastructure and strive for continuous improvement. As a team, we defend our customers and ensure Oracle meets or exceeds all applicable security and regulatory requirements in all markets.
Values our foundation and how we deliver excellence. We strive for equity, inclusion, and respect for all. We are committed to the greater good in our products and our actions. We are constantly learning and taking opportunities to grow our careers and ourselves. We challenge each other to stretch beyond our past to build our future. You can learn more about us by visiting https://cloud.oracle.com/cloud-infrastructure.
Are you interested in building large-scale distributed security systems and tools for the cloud? Do you enjoy all aspects of security, from end user devices and traditional information technology (IT), to hyperscale cloud and multicloud services, to hardware and operational technology (OT)? A security-focused leader can have significant technical and business impact. This is a unique opportunity to work with smart people to solve complex and industry-wide problems in distributed systems, security, and multi-tenant Infrastructure-as-a-Service (IaaS) at massive scale. The biggest challenges for the team is the dynamic and fast growth of the business, driving us to improve our systems, tools, and automation to scale to our security expertise several orders of magnitude greater than what we can support today. We understand that software is living and needs investment. The challenge is making the right tradeoffs, communicating those decisions effectively, and crisp execution. Come shape the future of one of the largest cloud services on earth with us!
This role is for a self-motivated individual interested and capable of managing multiple facets of security, comfortable working as part of a global team and also independently as part of a larger security strategy.
Qualifications
8+ years of software or systems engineering experience.
5+ years of cloud security experience.
Experience in evaluating and assessing security threats across a variety of environments and industries.
Knowledge of data structures, algorithms, operating systems, and/or distributed systems fundamentals.
Understanding of secure networking principles, routers, switches and load balancers.
Understanding of databases, NoSQL systems, storage, and/or distributed persistence technologies.
Knowledge of database security principles.
Knowledge of encryption technologies and architectures.
Prior experience with distributed systems, cloud computing, and IaaS.
Understanding of security vulnerabilities and mitigation strategies.
Programming and debugging fundamentals in languages/interfaces, such as Python, Java, Go, etc.
Experience automating tedious work using available application programming interfaces.
Preferred Qualifications
Hands-on experience developing or securing services on a public cloud platform (e.g., AWS, Azure, GCP, OCI).
Proven ability to drive culture and behavioral change within engineering organizations.
Strong knowledge of compliance program security controls, like ISO/IEC 27001, SOC 2, PCI-DSS, HITRUST, FedRAMP, and UK Cyber Essentials.
Strong knowledge of risk assesment frameworks, like ISO/IEC 27005, ISO 31000, FAIR, and NIST 800-30.
Knowledge of incident response frameworks and methodologies, including frameworks like NIST 800-61 and MITRE ATT&CK.
Experience with security operations and security alert triage processes.
Experience building continuous integration/deployment pipelines with robust testing and deployment schedules.
Experience working with internal customers and translating requests into prioritized work or features.
Experience and understanding of cryptographic algorithms, standards, implementation and application.
Experience and understanding of threat modeling, penetration testing, reverse engineering and attacks on software.
Experience working with large enterprise customers.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, and protected veterans' status or any other characteristic protected by law.
Career Level - IC4
Responsibilities
Brings advanced-level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required, and where computer programming/scripting knowledge is required.
Evaluates existing and proposed technical architectures for security risk, provides technical advice to support the design and development of secure architectures and recommends security controls to mitigate those risks. Evaluations of internal security architecture may include design assessment, risk assessment, and threat modeling.
Guides, plans, designs, and oversees the implementation of new internal security architectures.
May participate in an incident management team, bringing advanced-level skills to respond to security events and oversees root cause analysis.
Develops new methods and playbooks as well as sophisticated scripts, applications, and tools, and trains others in their use.
Stay up-to-date on the latest advancements in cloud security and apply them to improve Oracle's security posture.
Work with senior management to develop and implement a multi-year security roadmap.
Focus on operational and strategic level tasks, and provide counsel and guidance to the junior level security personnel in the department.
#J-18808-Ljbffr