Principal Security Engineer (Vulnerability Management)

Job Description

Who We Are

We are a world-class team of high calibre application security researchers and engineers who thrive on new challenges. We are an inclusive and diverse team with a full spectrum of experience distributed globally. We have the resources of a large enterprise and the energy of a start-up, working on a critical Greenfield software assurance project collaboratively with our cloud and mobile engineering teams. The Software Assurance organization has the mission is to make application security and software assurance, at scale, a reality. We are a dedicated team, leveraging each other's insights and abilities to produce cutting edge solutions to difficult problems through automation and CI/CD. Join us to grow your career and create the future of software assurance at scale together.

What You'll Bring

• A minimum of 8 years of experience in the cybersecurity field, with a focus on vulnerability management, cloud security, and security architecture analysis.
• Strong understanding of vulnerability management processes, remediation workflows, and validation of security findings
• Experience designing and managing security metrics, dashboards, and reporting for technical and leadership audiences
• Proven expertise in cloud architecture and security principles, and a thorough understanding of risk management frameworks
• Hands-on experience integrating data from security tools
• Proficiency in developing and implementing security policies and procedures within cloud environments to safeguard against potential threats
• Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
• Excellent organizational, presentation, verbal, and written communication skills.
• Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future

Nice to Have

• Experience automating metrics pipelines using scripting, APIs, or business intelligence platforms.
• Familiarity with regulatory frameworks (e.g., NIST, ISO 27001, CIS) and how they influence security metrics
• Prior experience working closely with IT operations, application teams, and others to support remediation and reporting efforts

What We'll Give You

• A team of very skilled and diverse personnel across the globe
• Ability to work in a flexible work from home arrangement
• Exposure to mind blowing large-scale cutting-edge systems
• The resources of a large, global operation while still having the small, start-up feel of a smaller team day to day
• Develop new skills and competencies working with our vast cloud product offerings
• Ongoing extensive training and skills development to further your career aspirations
• Incredible benefits and company perks
• An organization filled with smart, enthusiastic, and motivated colleagues
• The opportunity to impact and improve our systems and delight our customers

Responsibilities

Work You'll Do

As a member of our team, your days will be dynamic and filled with impactful work. You'll be at the forefront of developing strategies to protect cloud-based systems and services. Your role is pivotal in navigating the evolving landscape of cloud security, where each day brings new challenges and opportunities for innovation. Each project presents a new set of challenges, whether it's tailoring security solutions for Oracle's critical customers, or navigating the complexities of global compliance requirements. Additional responsibilities include:

• Develop and refine new or updated vulnerability management and other technical policies and procedures
• Design, develop, and maintain security metrics and KPIs to measure the effectiveness, maturity, and progress of technical security programs
• Partner with the SOC, Oracle Cloud Infrastructure (OCI), Offensive Security, and other stakeholders to prioritize and validate the impact of suspected vulnerabilities
• Advise customers on mitigation strategies and compensating controls while providing accurate and timely reporting that informs remediation progress
• Validate remediation actions to ensure vulnerabilities are fully resolved
• Engage in cloud security architecture, design and implementation, providing expert guidance to ensure secure development and deployment practices
• Focus on continuous process improvement while developing and refining security protocols and response strategies, ensuring they align with current best practices and regulatory requirements
• Collaborate with OCI and other internal teams to enhance customer security posture
• Play a key role in design consultations, facilitating meaningful involvement of the security team in project lifecycles and decision-making processes
• Stay current on emerging threats, vulnerabilities, and industry trends

Qualifications

Career Level - IC4

About Us

As a world leader in cloud solutions, Oracle uses tomorrow's technology to tackle today's challenges. We've partnered with industry-leaders in almost every sector-and continue to thrive after 40+ years of change by operating with integrity.

We know that true innovation starts when everyone is empowered to contribute. That's why we're committed to growing an inclusive workforce that promotes opportunities for all.

Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.

We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing accommodation-request_mb@oracle.com or by calling +1 888 404 2494 in the United States.

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.