The Security Intelligence and Vulnerability Management team supporting the Global Business Units is looking to add a talented Security Engineer to the team to help support and grow our vulnerability management program.

This position will specialize in tooling, automation, and process enhancement affecting the existing vulnerability management program as well as other business-as-usual security processes.

You will be working with a talented group of professionals responsible for discovering and reporting operational risk as well as recommending and validating remedial action in our cloud hosting environments.

This position will involve querying, collating, merging, manipulating, and pipelining data sourced from first- and third-party systems to empower security analysts, development teams, and operations engineers to rapidly identify and act on security considerations in a dynamic hosting environment.

The ideal candidate is innately curious and demonstrates the ability and the drive to analyze challenges, develop a thorough understanding of complex systems, and forge creative solutions.

Required Qualifications

• Candidate must be proficient in at least one of the following scripting languages: Python, Bash, PowerShell.
• Candidate must be willing to learn additional scripting languages as required.
• 5+ years of experience in application development or system administration.
• Advanced understanding of Linux operating systems.
• Working familiarity with API-based workflows and microservice architecture.
• Strong understanding of information security principles.
• Strong understanding of git version control.
• Strong understanding of container-based architecture.
• Solid understanding of cloud native application environments or architecture.
• Intermediate working knowledge of SQL database systems.

Additional Qualifications

• Solid understanding of conventional network infrastructure.
• Working understanding of Agile software development methodology.
• Proficiency in writing technical analysis reports.
• Strong written and verbal communication skills.
• Direct experience in an information security role is a plus.
• Familiarity with HashiCorp Terraform infrastructure-as-code is a plus.
• Understanding of Microsoft Windows Server operating systems is a plus.
• Experience with endpoint management and security tools is a plus.
• Experience working with tooling and operational visibility in containers is a plus.

Detailed Description and Job Requirements

• Coordinate and directly contribute to automation projects that improve the quality, consistency, and efficiency of the team’s output.
• Contribute to in-house software that supervises the daily collection, collation, and delivery of security findings from tools to vulnerability management software.
• Coordinate bug fixes and new features with other internal software teams as a stakeholder representing the business unit’s needs and requirements.
• Support triage and remediating tracking efforts of newly disclosed vulnerabilities affecting cloud systems.
• Research and develop detection techniques for systematically discovering the presence of vulnerabilities.
• Develop scripts to act as sensors on servers, providing real time visibility into the run state of the hosting environment.
• Operate tools and execute security processes as a part of the vulnerability discovery, remediation, and management program.
• Design, implement, and maintain internal systems to support security workflow at scale.
• Ensure continuous operation of day-to-day security automation.
• Participate in Agile Scrum Teams as a developer.
• Other tasks as assigned.

Job duties are varied and complex; independent judgment needed.

Minimum of five (5) years relevant experience. BA/BS degree relevant to computer science, software engineering, or information security is preferred.

Responsible for the planning, design and build of security architectures; oversees the implementation of network and computer security and ensures compliance with corporate security policies and procedures.

Responsible for basic planning, design and build of security systems, applications, environments and architectures; oversees the implementation of security systems, applications, environments and architectures and ensures compliance with information security standards and corporate security policies and procedures. Assist in development of incident response capabilities, training, and tool validation. May research, evaluate, track, and manage information security threats and vulnerabilities in situations where analysis of well-understood information is required and where computer programming/scripting knowledge is required. May participate in an incident management team, responding to security events in line with Oracle incident response playbooks. Investigates purported intrusions and breaches, and oversees root cause analysis. Coordinates incidents with other business units and may assist the Incident Commander during serious incidents. Participates in developing new methods, and playbooks, as well as basic scripts, applications, and tools. Research industry trends and constantly assess current controls and threat posture of new and existing products and services. Recommend and implement new security controls across Oracle’s line of business (LOB). Improve current processes and workflows to minimize manual efforts.

Minimum of 5 years related experience in an information security role, supporting security programs and security engineering/architecture in complex enterprise environments. Hands on experience with enterprise security architecture, engineering and implementation required. Knowledge of compliance program security controls, like ISO 27001, SOC 2, HITRUST, and FedRAMP, as applied to cloud SaaS, PaaS and IaaS operations. Familiarity with SDLC principles and scripting & programming languages (such as Terraform, Python, Ruby, etc.). Preferred but not required qualifications include: Bachelor-level university degree in a relevant field from an accredited university, or equivalent. Experience in developing secure, scalable cloud architectures and distributed systems. Experience with high-level software design and development and the design, use, and deployment of automation and orchestration frameworks. Demonstrable scripting or programming experience.