Oracle Hiring for Senior Security Analyst – #SWA at Columbia, MD Full Time

Develops and executes programs and processes to reduce information security risk and strengthen Oracle’s security posture.

Supports the strengthening of Oracle’s security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas.

Risk Management: Assesses the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in complex, business-critical environments. May conduct and document complex information security risk assessments. May assist in the creation and implementation of security solutions and programs.

Regulatory Compliance: assists in programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business.

Threat and Vulnerability Management: May research, evaluate, track, and manage information security threats and vulnerabilities in situations where analysis of well-understood information is required.

Incident Management and response: Responds to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks.

Digital Forensics: May conduct data collection, preservation and forensic analysis of digital media independently, where a basic understanding of forensic techniques is required.

Other areas of focus may include duties managing Information Security Education, Training and Awareness programs. In a Corporate Security role, may manage the creation, review and approval of corporate information security policies.

Compiles information and reports for management.

Minimum of 5 years experience in information systems, business operations, or related fields, at least 2 years of which must be from at least one of the following: Information security risk management; information security program management; Industry/Government security compliance program management (ISO-27001, GDPR, HIPAA, FedRamp, etc.); threat and vulnerability management; incident management and response; security policy development and enforcement; privacy, information security education, training and awareness (ISETA), information security solutions development, etc. required.

Preferred but not required qualifications include: Bachelor-level university degree in a relevant field from an accredited university, or equivalent. CISSP, CISM, CISA , CIPP or other equivalent certification. Experience managing security incidents and vulnerabilities through their life cycle. Experience designing and developing automated process for responding to possible network intrusions. Knowledge of secure software design principles and the software development life cycle. Experience with at least 1 automation language or framework (Python, Ruby, SALT, Terraform, etc.) or vulnerability scanning tool (Qualys, Burp Suite, etc.).

If you are a Colorado resident, Please Contact us or Email us at [email protected] to receive compensation and benefits information for this role. Please include this Job ID: 184411 in the subject line of the email.

About the role

In this role of a Senior Security Analyst you will be conducting and documenting a highly complex information security risk assessments, developing and implementing security processes. As a member of the Software Assurance central services team y ou will be responsible for reviewing and reporting vulnerability reports issued by SAST and SCA tooling. Upon finding vulnerabilities you will required to deep dive into the vulnerability ensuring it is not a false positive to ensure high accuracy of v ulnerabilities performing further analysis. Y ou will be responsible for planning, developing processes, documenting them while interacting with a variety of teams across our Software Assurance organisation, train staff, and be the go-to person for such security processes. You foster the collaborative atmosphere to enable buy-in into security processes and cross-team collaboration. You are ambitious, yet humble – you realise there are always opportunities for improvement, you take on feedback from team members and introspect to raise the bar for yourself and your organization. You are comfortable with ambiguity. this is 100% on-site position. candidates must be in Columbia, MD or willing to relocate.

Who We Are

We are a world class team of high calibre application security researchers and analysts who thrive on new challenges. We are an inclusive and diverse team with a full spectrum of experience distributed globally. We have the resources of a large enterprise and the energy of a start-up, working on a critical greenfield software assurance project collaboratively with our cloud and mobile engineering teams. The Software Assurance organisation has the mission is to make application security and software assurance, at scale, a reality. We are a dedicated team, leveraging each other’s insights and abilities to produce cutting edge solutions to difficult problems through automation and CI/CD. Join us to grow your career and create the future of software assurance at scale together.

Work You’ll Do

• Review and categorize software security analysis v ulnerability findings
• Report and document v ulnerability findings
• Identify duplications and false positive v ulnerability reports
• Partner with software development through ongoing security identification
• Partner with Site reliability engineering to help identify and work with them to improve automation mechanisms
• seek out opportunities to improve systems and reporting mechanisms
• Travel domestically up to 50% of your time

What You’ll Bring

• A Bachelor’s Degree or higher in Computer Science, Cyber Security or related disciplines would be ideal
• Good understanding of application security, CVE classification system (Common Vulnerabilities and Exposures) and OWASP top 10
• Have worked and understand report outputs through SAST and SCA tooling.
• Ability to review vulnerabilities in open-source software written in Java and/or GoLang, C/C++, Python.
• Foundational skills in Python programming
• Familiar with SCM/software version control tools (e.g., Git)
• A strong interest in application security, willingness to learn and seek out information to solve challenging problems is essential
• Strong analytical skills combined with good communication skills and fluent English

Nice to Have

• Prior experience in a software development role
• Knowledge and experience of security testing tools
• DevSecOps and/or CI/CD experience
• Automation experience using Python

What We’ll Give You

• A team of very skilled and diverse personnel across the globe
• Ability to work in a flexible work from home arrangement
• Exposure to mind blowing large-scale cutting-edge systems
• The resources of a large, global operation while still having the small, start-up feel of a smaller team day to day
• Develop new skills and competencies working with our vast cloud product offerings
• Ongoing extensive training and skills development to further your career aspirations
• Incredible benefits and company perks
• An organisation filled with smart, enthusiastic, and motivated colleagues
• The opportunity to impact and improve our systems and delight our customers

#LI-RS14