Oracle
Principal Security Analyst, Threat and Vulnerability Management
Oracle, Nashville, Tennessee, United States, 37247
We are looking for a senior Security Analyst for Oracle Threat and Vulnerability Management. This role is ideal for a technically strong security professional with a passion for data-driven risk management. You will leverage analytical platforms (e.g., Jupyter, Apache Spark) to collect, analyze, and correlate security signals, uncovering actionable insights to better identify, prioritize, and mitigate emerging threats and vulnerabilities across the enterprise.
Our ideal candidate is an inquisitive and curious analyst who combines deep technical knowledge with advanced data analysis skills. You are passionate about using data to drive smarter, faster decisions in threat detection, vulnerability management, and risk assessment. You're comfortable navigating large, complex data sets and translating technical findings into actionable business recommendations.
Responsibilities
Collect, normalize, and analyze diverse security signals from endpoints, infrastructure, applications, and external intelligence sources to assess potential risks.
Lead and perform security risk assessments across critical systems, applications, and processes using data-driven methodologies.
Use advanced analytics tools such as Jupyter and Spark to sift through large datasets, uncover patterns, and quantify risk profiles and threat trends.
Translate analytical outcomes into prioritized, actionable mitigation strategies, collaborating with engineering and operations teams to ensure timely remediation.
Help drive enhancements to the vulnerability management lifecycle, including detection, validation, risk scoring, and reporting.
Develop visualizations and reports to effectively communicate findings, risks, and recommendations to technical and executive stakeholders.
Identify opportunities to automate repetitive tasks related to data collection, analysis, and reporting; partner with development/engineering for tool integration.
Work cross-functionally with threat intelligence, incident response, and risk management teams to ensure alignment and comprehensive coverage.
Qualifications
8+ years of professional experience in security operations, threat/vulnerability management, or a similar cybersecurity discipline
Strong hands-on experience with analytical and scripting tools such as Python, Jupyter Notebooks, and Apache Spark
Proven ability to process and analyze large-scale security data sets to drive actionable threat/risk insights
Deep knowledge of vulnerability assessment tools, threat modeling, risk scoring methodologies, and common attack techniques (e.g., MITRE ATT&CK)
Familiarity with enterprise networking, system administration, and major OS security concepts (Windows, Linux, cloud platforms)
Excellent written and verbal communication skills; able to clearly articulate complex technical issues to technical and non-technical audiences
Preferred Qualifications
Hands-on experience developing or securing services on a public cloud platform (e.g., AWS, Azure, GCP, OCI)
Industry certifications such as CISSP, OSCP, GIAC, or equivalents
Proven ability to drive culture and behavioral change within engineering organizations
Ability to effectively communicate and influence secure product and network design in a collaborative environment
Experience with security operations and security alert triage processes
Knowledge of compliance program security controls, like ISO/IEC 27001, SOC 2, PCI-DSS, HITRUST, FedRAMP, and UK Cyber Essentials
Knowledge of risk assessment frameworks, like ISO/IEC 27005, ISO 31000, FAIR, and NIST 800-30
Knowledge of incident response frameworks and methodologies, including frameworks like NIST 800-61 and MITRE ATT&CK
Experience building continuous integration/deployment pipelines with robust testing and deployment schedules
Experience and understanding of cryptographic algorithms, standards, implementation and application
Experience and understanding of threat modeling, penetration testing, reverse engineering and attacks on software
Experience working in large, complex global enterprise environments
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, and protected veterans' status or any other characteristic protected by law.
Compensation and Benefits US: Hiring Range in USD from: $104,200 to $223,400 per annum. May be eligible for bonus and equity.
Medical, dental, and vision insurance, including expert medical opinion
Short term disability and long term disability
Life insurance and AD&D
Supplemental life insurance (Employee/Spouse/Child)
Health care and dependent care Flexible Spending Accounts
Pre-tax commuter and parking benefits
401(k) Savings and Investment Plan with company match
Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.
11 paid holidays
Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.
Paid parental leave
Adoption assistance
Employee Stock Purchase Plan
Financial planning and group legal
Voluntary benefits including auto, homeowner and pet insurance
Additional Information Career Level - IC4
The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.
#J-18808-Ljbffr
Our ideal candidate is an inquisitive and curious analyst who combines deep technical knowledge with advanced data analysis skills. You are passionate about using data to drive smarter, faster decisions in threat detection, vulnerability management, and risk assessment. You're comfortable navigating large, complex data sets and translating technical findings into actionable business recommendations.
Responsibilities
Collect, normalize, and analyze diverse security signals from endpoints, infrastructure, applications, and external intelligence sources to assess potential risks.
Lead and perform security risk assessments across critical systems, applications, and processes using data-driven methodologies.
Use advanced analytics tools such as Jupyter and Spark to sift through large datasets, uncover patterns, and quantify risk profiles and threat trends.
Translate analytical outcomes into prioritized, actionable mitigation strategies, collaborating with engineering and operations teams to ensure timely remediation.
Help drive enhancements to the vulnerability management lifecycle, including detection, validation, risk scoring, and reporting.
Develop visualizations and reports to effectively communicate findings, risks, and recommendations to technical and executive stakeholders.
Identify opportunities to automate repetitive tasks related to data collection, analysis, and reporting; partner with development/engineering for tool integration.
Work cross-functionally with threat intelligence, incident response, and risk management teams to ensure alignment and comprehensive coverage.
Qualifications
8+ years of professional experience in security operations, threat/vulnerability management, or a similar cybersecurity discipline
Strong hands-on experience with analytical and scripting tools such as Python, Jupyter Notebooks, and Apache Spark
Proven ability to process and analyze large-scale security data sets to drive actionable threat/risk insights
Deep knowledge of vulnerability assessment tools, threat modeling, risk scoring methodologies, and common attack techniques (e.g., MITRE ATT&CK)
Familiarity with enterprise networking, system administration, and major OS security concepts (Windows, Linux, cloud platforms)
Excellent written and verbal communication skills; able to clearly articulate complex technical issues to technical and non-technical audiences
Preferred Qualifications
Hands-on experience developing or securing services on a public cloud platform (e.g., AWS, Azure, GCP, OCI)
Industry certifications such as CISSP, OSCP, GIAC, or equivalents
Proven ability to drive culture and behavioral change within engineering organizations
Ability to effectively communicate and influence secure product and network design in a collaborative environment
Experience with security operations and security alert triage processes
Knowledge of compliance program security controls, like ISO/IEC 27001, SOC 2, PCI-DSS, HITRUST, FedRAMP, and UK Cyber Essentials
Knowledge of risk assessment frameworks, like ISO/IEC 27005, ISO 31000, FAIR, and NIST 800-30
Knowledge of incident response frameworks and methodologies, including frameworks like NIST 800-61 and MITRE ATT&CK
Experience building continuous integration/deployment pipelines with robust testing and deployment schedules
Experience and understanding of cryptographic algorithms, standards, implementation and application
Experience and understanding of threat modeling, penetration testing, reverse engineering and attacks on software
Experience working in large, complex global enterprise environments
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, and protected veterans' status or any other characteristic protected by law.
Compensation and Benefits US: Hiring Range in USD from: $104,200 to $223,400 per annum. May be eligible for bonus and equity.
Medical, dental, and vision insurance, including expert medical opinion
Short term disability and long term disability
Life insurance and AD&D
Supplemental life insurance (Employee/Spouse/Child)
Health care and dependent care Flexible Spending Accounts
Pre-tax commuter and parking benefits
401(k) Savings and Investment Plan with company match
Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.
11 paid holidays
Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.
Paid parental leave
Adoption assistance
Employee Stock Purchase Plan
Financial planning and group legal
Voluntary benefits including auto, homeowner and pet insurance
Additional Information Career Level - IC4
The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.
#J-18808-Ljbffr