Security Engineer 5
Oracle · Nashville, TN · 1 wk ago
Information Technology$139k–$306k/yrFull-time
Responsibilities
- Brings expert-level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required, and where computer programming/scripting knowledge is required.
- Evaluates existing and proposed technical architectures for security risk, provides technical advice to support the design and development of secure architectures and recommends security controls to mitigate those risks.
- Evaluations of internal security architecture may include design assessment, risk assessment, and threat modelling.
- Guides, plans, designs, and oversees the implementation of new internal security architectures.
- May participate in an incident management team, bringing advanced-level skills to respond to security events and oversees root cause analysis.
- Develops new methods and playbooks as well as sophisticated scripts, applications, and tools, and trains others in their use.
- Stays up-to-date on the latest advancements in cloud security and applies them to improve Oracle's security posture.
- Works with senior management to develop and implement a multi-year security roadmap.
- Focuses on operational and strategic level tasks, and provides counsel and guidance to the junior level security personnel in the department.
- Influences and drives cross-functional changes in furtherance of security objectives.
Qualifications
- 10+ years of software or systems engineering experience.
- 6+ years of cloud security experience.
- Experience in evaluating and assessing security threats across a variety of environments and industries.
- Knowledge of data structures, algorithms, operating systems, and/or distributed systems fundamentals.
- Understanding of secure networking principles, routers, switches and load balancers.
- Understanding of databases, NoSQL systems, storage, and/or distributed persistence technologies.
- Knowledge of database security principles.
- Knowledge of encryption technologies and architectures.
- Prior experience with distributed systems, cloud computing, and IaaS.
- Programming and debugging fundamentals in languages/interfaces, such as Python, Java, Go, etc.
- Experience automating tedious work using available application programming interfaces.
Preferred Qualifications
- Hands-on experience developing or securing services on a public cloud platform (e.g., AWS, Azure, GCP, OCI).
- Industry certifications such as CISSP, OSCP, GIAC, or equivalents.
- Proven ability to drive culture and behavioral change within engineering organizations.
- Ability to effectively communicate and influence secure product and network design in a collaborative environment.
- Experience driving multi-team initiatives, tracking milestones, and reporting status to leadership.
- Experience with security operations and security alert triage processes.
- Knowledge of compliance program security controls, like ISO/IEC 27001, SOC 2, PCI-DSS, HITRUST, FedRAMP, and UK Cyber Essentials.
- Knowledge of risk assessment frameworks, like ISO/IEC 27005, ISO 31000, FAIR, and NIST 800-30.
- Knowledge of incident response frameworks and methodologies, including frameworks like NIST 800-61 and MITRE ATT&CK.
- Experience building continuous integration/deployment pipelines with robust testing and deployment schedules.
- Experience and understanding of cryptographic algorithms, standards, implementation and application.
- Experience and understanding of threat modelling, penetration testing, reverse engineering and attacks on software.
- Experience working in large, complex global enterprise environments.