Security Engineer 5

Oracle Corp

Nashville, TN

JOB DETAILS
SALARY
$139,400–$306,400 Per Year
SKILLS
Accidental Death and Dismemberment (AD&D), Algorithms, Amazon Web Services (AWS), Analysis Skills, Application Programming Interface (API), Architectural Analysis, Artificial Intelligence (AI), Automation, Business Growth, CISSP - Certified Information Systems Security Professional, Cloud Computing, Communication Skills, Computer Maintenance, Computer Programming, Computer Security, Continuous Deployment/Delivery, Continuous Improvement, Continuous Integration, Cross-Functional, Cryptography, Cryptography Algorithms, Customer Relations, Data Structures, Debugging Skills, Dental Insurance, Distributed Computing, Embedded Systems, Engineering, Establish Priorities, Financial Planning, Flexible Spending Accounts, GCP (Good Clinical Practices), GIAC - Global Information Assurance Certification, Go Programming Language (Golang), Healthcare, ISO (International Organization for Standardization), Incident Management, Incident Response, Information Technology & Information Systems, Information/Data Security (InfoSec), Infrastructure as a Service (IaaS), Interface Programming Languages, International Electro-Technical Commission (IEC), Java, Large-Scale Systems, Leadership, Legal, Life Insurance, Load Balancing, Microsoft Windows Azure, Network Design, Network Routers, Network Switching, NoSQL, Occupational Health, Operating Systems, Operational Strategy, Operations Security (OPSEC), Oracle, PCI-DSS, Penetration Testing, Problem Solving Skills, Process Improvement, Product Design, Public Cloud, Python Programming/Scripting Language, Regulatory Requirements, Research Skills, Reverse Engineering, Risk, Risk Analysis, Risk Management, Root Cause Analysis, Scripting (Scripting Languages), Security Analysis, Security Architecture, Security Attacks, Security Monitoring, Security Software, Software Engineering, Stock Purchase Plans, Systems Engineering, Team Player, Technical Support, Test Plan/Schedule, Test Requirements, Threat Modeling, Threat and risk analysis (TRA), U.S. National Institute of Standards and Technology (NIST), Vision Plan
LOCATION
Nashville, TN
POSTED
1 day ago

Senior Principal Security Engineer, Oracle Threat and Vulnerability Management

Oracle Cloud Infrastructure

The Oracle Threat and Vulnerability Management (TVM) team proactively identifies, assesses, prioritises, and relentlessly drives the remediation of security weaknesses and vulnerabilities at scale across the total enterprise. The TVM team performs security assessments, vulnerability research, guides and advises mitigation strategies, and coordinates the response to zero-day and other urgent vulnerabilities. We ensure the security of the software and hardware that runs our cloud and non-cloud infrastructure and strive for continuous improvement. As a team, we defend our customers and ensure Oracle meets or exceeds all applicable security and regulatory requirements in all markets.

Values our foundation and how we deliver excellence. We strive for equity, inclusion, and respect for all. We are committed to the greater good in our products and our actions. We are constantly learning and taking opportunities to grow our careers and ourselves. We challenge each other to stretch beyond our past to build our future. You can learn more about us by visiting https://cloud.oracle.com/cloud-infrastructure.

Are you interested in building large-scale distributed security systems and tools for the cloud? Do you enjoy all aspects of security, from end user devices and traditional information technology (IT), to hyperscale cloud and multicloud services, to hardware and operational technology (OT)? A security-focused leader can have significant technical and business impact. This is a unique opportunity to work with smart people to solve complex and industry-wide problems in distributed systems, security, and multi-tenant Infrastructure-as-a-Service (IaaS) at massive scale. The biggest challenges for the team is the dynamic and fast growth of the business, driving us to improve our systems, tools, and automation to scale to our security expertise several orders of magnitude greater than what we can support today. We understand that software is living and needs investment. The challenge is making the right tradeoffs, communicating those decisions effectively, and crisp execution. Come shape the future of one of the largest cloud services on earth with us!

Our ideal candidate is a hardworking security practitioner, with interest in working in new domains and learning about new verticals every day. They should be fascinated with solving complex problems at the scale of a distributed multi-tenant service infrastructure.

This role is for a self-motivated individual interested and capable of managing multiple facets of security, comfortable working as part of a global team and also independently as part of a larger security strategy.

Only Oracle brings together the data, infrastructure, applications, and expertise to power everything from industry innovations to life-saving care. And with AI embedded across our products and services, we help customers turn that promise into a better future for all. Discover your potential at a company leading the way in AI and cloud solutions that impact billions of lives.

True innovation starts when everyone is empowered to contribute. That's why we're committed to growing a workforce that promotes opportunities for all with competitive benefits that support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.

We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing accommodation-request_mb@oracle.com or by calling 1-888-404-2494 in the United States.

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

Disclaimer:

Certain U.S. based or U.S. customer or client-facing roles may be required to comply with applicable requirements, such as immunization/occupational health mandates, and/or drug testing requirements.

Range and benefit information provided in this posting are specific to the stated locations only

US: Hiring Range in USD from: $139,400 to $306,400 per annum. May be eligible for bonus, equity, and compensation deferral.

Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle''s differing products, industries and lines of business.

Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.

Oracle US offers a comprehensive benefits package which includes the following:

  1. Medical, dental, and vision insurance, including expert medical opinion

  2. Short term disability and long term disability

  3. Life insurance and AD&D

  4. Supplemental life insurance (Employee/Spouse/Child)

  5. Health care and dependent care Flexible Spending Accounts

  6. Pre-tax commuter and parking benefits

  7. 401(k) Savings and Investment Plan with company match

  8. Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.

  9. 11 paid holidays

  10. Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.

  11. Paid parental leave

  12. Adoption assistance

  13. Employee Stock Purchase Plan

  14. Financial planning and group legal

  15. Voluntary benefits including auto, homeowner and pet insurance

The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.

Career Level - IC5

Responsibilities

  • Brings expert-level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required, and where computer programming/scripting knowledge is required.
  • Evaluates existing and proposed technical architectures for security risk, provides technical advice to support the design and development of secure architectures and recommends security controls to mitigate those risks. Evaluations of internal security architecture may include design assessment, risk assessment, and threat modelling.
  • Guides, plans, designs, and oversees the implementation of new internal security architectures.
  • May participate in an incident management team, bringing advanced-level skills to respond to security events and oversees root cause analysis.
  • Develops new methods and playbooks as well as sophisticated scripts, applications, and tools, and trains others in their use.
  • Stay up-to-date on the latest advancements in cloud security and apply them to improve Oracle''s security posture.
  • Work with senior management to develop and implement a multi-year security roadmap.
  • Focus on operational and strategic level tasks, and provide counsel and guidance to the junior level security personnel in the department.
  • Influences and drives cross-functional changes in furtherance of security objectives.

Qualifications

  • 10+ years of software or systems engineering experience.
  • 6+ years of cloud security experience.
  • Experience in evaluating and assessing security threats across a variety of environments and industries.
  • Knowledge of data structures, algorithms, operating systems, and/or distributed systems fundamentals.
  • Understanding of secure networking principles, routers, switches and load balancers.
  • Understanding of databases, NoSQL systems, storage, and/or distributed persistence technologies.
  • Knowledge of database security principles.
  • Knowledge of encryption technologies and architectures.
  • Prior experience with distributed systems, cloud computing, and IaaS.
  • Understanding of security vulnerabilities and mitigation strategies.
  • Programming and debugging fundamentals in languages/interfaces, such as Python, Java, Go, etc.
  • Experience automating tedious work using available application programming interfaces.

Preferred Qualifications

  • Hands-on experience developing or securing services on a public cloud platform (e.g., AWS, Azure, GCP, OCI).
  • Industry certifications such as CISSP, OSCP, GIAC, or equivalents.
  • Proven ability to drive culture and behavioural change within engineering organisations.
  • Ability to effectively communicate and influence secure product and network design in a collaborative environment.
  • Experience driving multi-team initiatives, tracking milestones, and reporting status to leadership.
  • Experience with security operations and security alert triage processes.
  • Knowledge of compliance program security controls, like ISO/IEC 27001, SOC 2, PCI-DSS, HITRUST, FedRAMP, and UK Cyber Essentials.
  • Knowledge of risk assessment frameworks, like ISO/IEC 27005, ISO 31000, FAIR, and NIST 800-30.
  • Knowledge of incident response frameworks and methodologies, including frameworks like NIST 800-61 and MITRE ATT&CK.
  • Experience building continuous integration/deployment pipelines with robust testing and deployment schedules.
  • Experience and understanding of cryptographic algorithms, standards, implementation and application.
  • Experience and understanding of threat modelling, penetration testing, reverse engineering and attacks on software.
  • Experience working in large, complex global enterprise environments.

Responsibilities

  • Brings expert-level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required, and where computer programming/scripting knowledge is required.
  • Evaluates existing and proposed technical architectures for security risk, provides technical advice to support the design and development of secure architectures and recommends security controls to mitigate those risks. Evaluations of internal security architecture may include design assessment, risk assessment, and threat modelling.
  • Guides, plans, designs, and oversees the implementation of new internal security architectures.
  • May participate in an incident management team, bringing advanced-level skills to respond to security events and oversees root cause analysis.
  • Develops new methods and playbooks as well as sophisticated scripts, applications, and tools, and trains others in their use.
  • Stay up-to-date on the latest advancements in cloud security and apply them to improve Oracle''s security posture.
  • Work with senior management to develop and implement a multi-year security roadmap.
  • Focus on operational and strategic level tasks, and provide counsel and guidance to the junior level security personnel in the department.
  • Influences and drives cross-functional changes in furtherance of security objectives.

Qualifications

  • 10+ years of software or systems engineering experience.
  • 6+ years of cloud security experience.
  • Experience in evaluating and assessing security threats across a variety of environments and industries.
  • Knowledge of data structures, algorithms, operating systems, and/or distributed systems fundamentals.
  • Understanding of secure networking principles, routers, switches and load balancers.
  • Understanding of databases, NoSQL systems, storage, and/or distributed persistence technologies.
  • Knowledge of database security principles.
  • Knowledge of encryption technologies and architectures.
  • Prior experience with distributed systems, cloud computing, and IaaS.
  • Understanding of security vulnerabilities and mitigation strategies.
  • Programming and debugging fundamentals in languages/interfaces, such as Python, Java, Go, etc.
  • Experience automating tedious work using available application programming interfaces.

Preferred Qualifications

  • Hands-on experience developing or securing services on a public cloud platform (e.g., AWS, Azure, GCP, OCI).
  • Industry certifications such as CISSP, OSCP, GIAC, or equivalents.
  • Proven ability to drive culture and behavioural change within engineering organisations.
  • Ability to effectively communicate and influence secure product and network design in a collaborative environment.
  • Experience driving multi-team initiatives, tracking milestones, and reporting status to leadership.
  • Experience with security operations and security alert triage processes.
  • Knowledge of compliance program security controls, like ISO/IEC 27001, SOC 2, PCI-DSS, HITRUST, FedRAMP, and UK Cyber Essentials.
  • Knowledge of risk assessment frameworks, like ISO/IEC 27005, ISO 31000, FAIR, and NIST 800-30.
  • Knowledge of incident response frameworks and methodologies, including frameworks like NIST 800-61 and MITRE ATT&CK.
  • Experience building continuous integration/deployment pipelines with robust testing and deployment schedules.
  • Experience and understanding of cryptographic algorithms, standards, implementation and application.
  • Experience and understanding of threat modelling, penetration testing, reverse engineering and attacks on software.
  • Experience working in large, complex global enterprise environments.

About the Company

O

Oracle Corp

For over three decades, Oracle has been the center of innovation for business software birthplace of the first commercially available relational database, the first suite of internet-based applications, and the next-generation enterprise-computing platform, Oracle Fusion. Today, Oracle provides the world's most complete, open, and integrated business software and hardware systems, with more than 370,000 customers including - 100 of the Fortune 100 - representing a variety of sizes and industries in more than 145 countries around the globe. And Oracle's 110,000 global employees - including 30,000 developers working full-time on Oracle products -are critical to that success. Oracle Supports Workforce Diversity
COMPANY SIZE
10,000 employees or more
INDUSTRY
Computer/IT Services
FOUNDED
1977