Supports the strengthening of Oracle’s security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas.
Risk Management: Assesses the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in complex, business-critical environments. May conduct and document complex information security risk assessments. May assist in the creation and implementation of security solutions and programs.
Regulatory Compliance: assists in programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business.
Threat and Vulnerability Management: May research, evaluate, track, and manage information security threats and vulnerabilities in situations where analysis of well-understood information is required.
Incident Management and response: Responds to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks.
Digital Forensics: May conduct data collection, preservation and forensic analysis of digital media independently, where a basic understanding of forensic techniques is required.
Other areas of focus may include duties managing Information Security Education, Training and Awareness programs. In a Corporate Security role, may manage the creation, review and approval of corporate information security policies.
Compiles information and reports for management.
Minimum of 5 years experience in information systems, business operations, or related fields, at least 2 years of which must be from at least one of the following: Information security risk management; information security program management; Industry/Government security compliance program management (ISO-27001, GDPR, HIPAA, FedRamp, etc.); threat and vulnerability management; incident management and response; security policy development and enforcement; privacy, information security education, training and awareness (ISETA), information security solutions development, etc. required.
Preferred but not required qualifications include: Bachelor-level university degree in a relevant field from an accredited university, or equivalent. CISSP, CISM, CISA , CIPP or other equivalent certification. Experience managing security incidents and vulnerabilities through their life cycle. Experience designing and developing automated process for responding to possible network intrusions. Knowledge of secure software design principles and the software development life cycle. Experience with at least 1 automation language or framework (Python, Ruby, SALT, Terraform, etc.) or vulnerability scanning tool (Qualys, Burp Suite, etc.).
If you are a Colorado resident, Please Contact us or Email us at [email protected] to receive compensation and benefits information for this role. Please include this Job ID: 184411 in the subject line of the email.
About the role
In this role of a Senior Security Analyst you will be conducting and documenting a highly complex information security risk assessments, developing and implementing security processes. As a member of the Software Assurance central services team y ou will be responsible for reviewing and reporting vulnerability reports issued by SAST and SCA tooling. Upon finding vulnerabilities you will required to deep dive into the vulnerability ensuring it is not a false positive to ensure high accuracy of v ulnerabilities performing further analysis. Y ou will be responsible for planning, developing processes, documenting them while interacting with a variety of teams across our Software Assurance organisation, train staff, and be the go-to person for such security processes. You foster the collaborative atmosphere to enable buy-in into security processes and cross-team collaboration. You are ambitious, yet humble – you realise there are always opportunities for improvement, you take on feedback from team members and introspect to raise the bar for yourself and your organization. You are comfortable with ambiguity. this is 100% on-site position. candidates must be in Columbia, MD or willing to relocate.
Who We Are
We are a world class team of high calibre application security researchers and analysts who thrive on new challenges. We are an inclusive and diverse team with a full spectrum of experience distributed globally. We have the resources of a large enterprise and the energy of a start-up, working on a critical greenfield software assurance project collaboratively with our cloud and mobile engineering teams. The Software Assurance organisation has the mission is to make application security and software assurance, at scale, a reality. We are a dedicated team, leveraging each other’s insights and abilities to produce cutting edge solutions to difficult problems through automation and CI/CD. Join us to grow your career and create the future of software assurance at scale together.
Work You’ll Do
What You’ll Bring
Nice to Have
What We’ll Give You
#LI-RS14