Oracle
Principal Security Analyst, Threat and Vulnerability Management
Oracle, Nashville, Tennessee, United States, 37247
Principal Security Analyst, Threat and Vulnerability Management
Salary: $104,200.00/yr - $223,400.00/yr
We are looking for a senior Security Analyst for Oracle Threat and Vulnerability Management. This role is ideal for a technically strong security professional with a passion for data‑driven risk management. You will leverage analytical platforms (e.g., Jupyter, Apache Spark) to collect, analyze, and correlate security signals, uncovering actionable insights to better identify, prioritize, and mitigate emerging threats and vulnerabilities across the enterprise.
Our ideal candidate is an inquisitive and curious analyst who combines deep technical knowledge with advanced data analysis skills. You are passionate about using data to drive smarter, faster decisions in threat detection, vulnerability management, and risk assessment. You’re comfortable navigating large, complex data sets and translating technical findings into actionable business recommendations.
Responsibilities
Collect, normalize, and analyze diverse security signals from endpoints, infrastructure, applications, and external intelligence sources to assess potential risks.
Lead and perform security risk assessments across critical systems, applications, and processes using data‑driven methodologies.
Use advanced analytics tools such as Jupyter and Spark to sift through large datasets, uncover patterns, and quantify risk profiles and threat trends.
Translate analytical outcomes into prioritized, actionable mitigation strategies, collaborating with engineering and operations teams to ensure timely remediation.
Help drive enhancements to the vulnerability management lifecycle, including detection, validation, risk scoring, and reporting.
Develop visualizations and reports to effectively communicate findings, risks, and recommendations to technical and executive stakeholders.
Identify opportunities to automate repetitive tasks related to data collection, analysis, and reporting; partner with development/engineering for tool integration.
Work cross‑functionally with threat intelligence, incident response, and risk management teams to ensure alignment and comprehensive coverage.
Qualifications
8+ years of professional experience in security operations, threat/vulnerability management, or a similar cybersecurity discipline.
Strong hands‑on experience with analytical and scripting tools such as Python, Jupyter Notebooks, and Apache Spark.
Proven ability to process and analyze large‑scale security data sets to drive actionable threat/risk insights.
Deep knowledge of vulnerability assessment tools, threat modeling, risk scoring methodologies, and common attack techniques (e.g., MITRE ATT&CK).
Familiarity with enterprise networking, system administration, and major OS security concepts (Windows, Linux, cloud platforms).
Excellent written and verbal communication skills; able to clearly articulate complex technical issues to technical and non‑technical audiences.
Preferred Qualifications
Hands‑on experience developing or securing services on a public cloud platform (e.g., AWS, Azure, GCP, OCI).
Industry certifications such as CISSP, OSCP, GIAC, or equivalents.
Proven ability to drive culture and behavioral change within engineering organizations.
Experience with security operations and security alert triage processes.
Knowledge of compliance program security controls, like ISO/IEC 27001, SOC 2, PCI‑DSS, HITRUST, FedRAMP, and UK Cyber Essentials.
Knowledge of risk assessment frameworks, like ISO/IEC 27005, ISO 31000, FAIR, and NIST 800‑30.
Experience building continuous integration/deployment pipelines with robust testing and deployment schedules.
Experience with threat modeling, penetration testing, reverse engineering, and software attacks.
Experience working in large, complex global enterprise environments.
Benefits
Medical, dental, and vision insurance.
Short‑term and long‑term disability coverage.
Life insurance and AD&D.
401(k) savings plan with company match.
Paid time off, flexible vacation, and paid sick leave.
Paid parental leave, adoption assistance.
Employee Stock Purchase Plan.
Volunteer and community engagement programs.
Employment Details
Seniority level: Mid‑Senior level
Employment type: Full‑time
Job function: Information Technology
Industries: IT Services and IT Consulting
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment.
Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, and protected veterans’ status or any other characteristic protected by law.
#J-18808-Ljbffr
We are looking for a senior Security Analyst for Oracle Threat and Vulnerability Management. This role is ideal for a technically strong security professional with a passion for data‑driven risk management. You will leverage analytical platforms (e.g., Jupyter, Apache Spark) to collect, analyze, and correlate security signals, uncovering actionable insights to better identify, prioritize, and mitigate emerging threats and vulnerabilities across the enterprise.
Our ideal candidate is an inquisitive and curious analyst who combines deep technical knowledge with advanced data analysis skills. You are passionate about using data to drive smarter, faster decisions in threat detection, vulnerability management, and risk assessment. You’re comfortable navigating large, complex data sets and translating technical findings into actionable business recommendations.
Responsibilities
Collect, normalize, and analyze diverse security signals from endpoints, infrastructure, applications, and external intelligence sources to assess potential risks.
Lead and perform security risk assessments across critical systems, applications, and processes using data‑driven methodologies.
Use advanced analytics tools such as Jupyter and Spark to sift through large datasets, uncover patterns, and quantify risk profiles and threat trends.
Translate analytical outcomes into prioritized, actionable mitigation strategies, collaborating with engineering and operations teams to ensure timely remediation.
Help drive enhancements to the vulnerability management lifecycle, including detection, validation, risk scoring, and reporting.
Develop visualizations and reports to effectively communicate findings, risks, and recommendations to technical and executive stakeholders.
Identify opportunities to automate repetitive tasks related to data collection, analysis, and reporting; partner with development/engineering for tool integration.
Work cross‑functionally with threat intelligence, incident response, and risk management teams to ensure alignment and comprehensive coverage.
Qualifications
8+ years of professional experience in security operations, threat/vulnerability management, or a similar cybersecurity discipline.
Strong hands‑on experience with analytical and scripting tools such as Python, Jupyter Notebooks, and Apache Spark.
Proven ability to process and analyze large‑scale security data sets to drive actionable threat/risk insights.
Deep knowledge of vulnerability assessment tools, threat modeling, risk scoring methodologies, and common attack techniques (e.g., MITRE ATT&CK).
Familiarity with enterprise networking, system administration, and major OS security concepts (Windows, Linux, cloud platforms).
Excellent written and verbal communication skills; able to clearly articulate complex technical issues to technical and non‑technical audiences.
Preferred Qualifications
Hands‑on experience developing or securing services on a public cloud platform (e.g., AWS, Azure, GCP, OCI).
Industry certifications such as CISSP, OSCP, GIAC, or equivalents.
Proven ability to drive culture and behavioral change within engineering organizations.
Experience with security operations and security alert triage processes.
Knowledge of compliance program security controls, like ISO/IEC 27001, SOC 2, PCI‑DSS, HITRUST, FedRAMP, and UK Cyber Essentials.
Knowledge of risk assessment frameworks, like ISO/IEC 27005, ISO 31000, FAIR, and NIST 800‑30.
Experience building continuous integration/deployment pipelines with robust testing and deployment schedules.
Experience with threat modeling, penetration testing, reverse engineering, and software attacks.
Experience working in large, complex global enterprise environments.
Benefits
Medical, dental, and vision insurance.
Short‑term and long‑term disability coverage.
Life insurance and AD&D.
401(k) savings plan with company match.
Paid time off, flexible vacation, and paid sick leave.
Paid parental leave, adoption assistance.
Employee Stock Purchase Plan.
Volunteer and community engagement programs.
Employment Details
Seniority level: Mid‑Senior level
Employment type: Full‑time
Job function: Information Technology
Industries: IT Services and IT Consulting
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment.
Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, and protected veterans’ status or any other characteristic protected by law.
#J-18808-Ljbffr