Security Analyst 2

Security Software Engineer

Are you interested in building large-scale distributed software for the cloud? Oracle’s Service Cloud team is building Software-as-a-Service technologies that operate at high scale in a broadly distributed multi-tenant cloud environment. Our customers run their businesses on our cloud, and our mission is to provide them with best in class compute, storage, networking, database, security, and an ever expanding set of foundational cloud-based services.

We’re looking for hands-on engineers with expertise and passion in identifying and resolving difficult security problems in distributed systems, virtualized infrastructure, and highly available services. If this is you, at Oracle you can design and build innovative new systems from the ground up. These are exciting times in our space - we are growing fast, still at an early stage, and working on ambitious new initiatives. An engineer at any level can have significant technical and business impact.

As a Security Software Engineer you will review the software design and development for all components of Oracle’s Service Cloud team. You should value simplicity and scale, work comfortably in a collaborative, agile environment, and be excited to learn.

Things you'll do:
* Penetration testing
* Hardening of network, software and firmware
* Security tool development (e.g. scanning tools)
* Security metrics definition and delivery
* Consult across different software development teams
* Attack vector modeling
* Champion secure coding practices

Minimum Qualifications: 

• Bachelor’s or Master’s degree in Computer Science or related field
• 3+ years of experience in software engineering or related field
• Experience working in a large cloud or Internet software company preferred
• Strong application/product/software security background
• Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
• Excellent organizational, verbal and written communication skills
• Ability to succeed through collaboration and working through internal and external organizations and individuals
• Prior DevOps or continuous delivery and deployment experience preferred
• Strong security testing experience with Fortify, Burp, Zap or Webinspect.
• Thorough understanding of latest security principles, techniques, and protocols.
• Security certifications is a plus.
  
   

Detailed Description and Job Requirements

As a member of the software security team, you will assist in defining and developing software for tasks associated with the security testing of software applications. Provide technical leadership to other software developers. Specify, design and implement modest changes to existing software architecture to meet changing needs. Develop, implement, and enforce Oracle’s security policies. Develop, implement, and manage Oracle’s compliance with operational security procedures. Develop Security Review threat model and operationalization standards for cloud services to be built and deployed into Oracle’s Service cloud.

Duties and tasks are varied and complex needing independent judgment. Fully competent in own area of expertise. 

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic protected by law.

Career Level - IC2

Risk Management: Assesses the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in complex, business-critical environments.  May conduct and document basic information security risk assessments. May assist in the creation and implementation of security solutions and programs.
Regulatory Compliance: assists in programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc.  Assist with research and interpretation of current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business.
Threat and Vulnerability Management:  May research, evaluate, track, and manage information security threats and vulnerabilities in situations where analysis of well-understood information is required.
Incident Management and response:  Responds to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks.
Digital Forensics:  Assist with data collection, preservation and forensic analysis of digital media independently, where a basic understanding of forensic techniques is required.
In a Corporate Security role, may assist with the creation, review and approval of corporate information security policies.
Compiles information and reports for management.

As a world leader in cloud solutions, Oracle uses tomorrow’s technology to tackle today’s problems. True innovation starts with diverse perspectives and various abilities and backgrounds.

When everyone’s voice is heard, we’re inspired to go beyond what’s been done before. It’s why we’re committed to expanding our inclusive workforce that promotes diverse insights and perspectives.

We’ve partnered with industry-leaders in almost every sector—and continue to thrive after 40+ years of change by operating with integrity.

Oracle careers open the door to global opportunities where work-life balance flourishes. We offer a highly competitive suite of employee benefits designed on the principles of parity and consistency. We put our people first with flexible medical, life insurance and retirement options. We also encourage employees to give back to their communities through our volunteer programs.

We’re committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by calling +1 888 404 2494, option one.

Disclaimer:

Oracle is an Equal Employment Opportunity Employer*. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

* Which includes being a United States Affirmative Action Employer