Develops and executes programs and processes and software to reduce information security risk and strengthen Oracle’s security posture within the OCI Storage org. You will be conducting and documenting highly complex information security risk assessments and developing and implementing security processes, tools, and procedures. Cloud Engineering Infrastructure Development.

What You’ll Bring

• A bachelor’s degree or higher in Computer Science, Cyber Security or related disciplines would be ideal
• Good understanding of application security, CVE classification system (Common Vulnerabilities and Exposures) and OWASP top 10
• Have worked and understand report outputs through SAST, DAST and SCA tooling.
• Foundational skills in Python programming and scripting (Linux Shell, MS Windows)
• Familiar with SCM/software version control tools (e.g., Git)
• A strong interest in application security, willingness to learn and seek out information to solve challenging problems is essential.
• Strong analytical skills combined with good communication skills and fluent English.
• Eligibility to work in the United States without sponsorship is essential.

Nice to Have

• Prior experience in a software development role
• Knowledge and experience of security testing tools
• DevSecOps and/or CI/CD experience
• Automation experience using Python

What We’ll Give You

• The ability to work with a distributed, talented software organization
• Exposure to mind blowing large-scale cutting-edge systems
• The resources of a large, global operation while still having the small, start-up feel of a smaller team day to day
• Develop new skills and competencies working with our vast cloud product offerings
• Ongoing extensive training and skills development to further your career aspirations
• Incredible benefits and company perks
• An organization filled with smart, enthusiastic, and motivated colleagues
• The opportunity to impact and improve our systems and delight our customers

Risk Management : Assesses the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in complex, business-critical environments. May conduct and document basic information security risk assessments. May assist in the creation and implementation of security solutions and programs.

Regulatory Compliance : assists in programs to establish, document and track compliance to industry and government standards and regulations, e.g., NIST CSF, NIST 800-53, ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Assist with research and interpretation of current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business.

Threat and Vulnerability Management : May research, evaluate, track, and manage information security threats and vulnerabilities in situations where analysis of well-understood information is required.

Incident Management and response : Responds to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks.

Digital Forensics : Assist with data collection, preservation and forensic analysis of digital media independently, where a basic understanding of forensic techniques is required.

In a Corporate Security role, may assist with the creation, review and approval of corporate information security policies and guidelines.

Compiles information and reports for management.