Principal Security Engineer

Job Description

Principal Security Software Engineer

Are you interested in building large-scale distributed software for the cloud Oracle's Service Cloud team is building Software-as-a-Service technologies that operate at high scale in a broadly distributed multi-tenant cloud environment. Our customers run their businesses on our cloud, and our mission is to provide them with best in class compute, storage, networking, database, security, and an ever expanding set of foundational cloud-based services.

These are exciting times in our space - we are growing fast, still at an early stage, and working on ambitious new initiatives. An engineer at any level can have significant technical and business impact.

You should value simplicity and scale, work comfortably in a collaborative, agile environment, and be excited to learn.

• Penetration testing
• Hardening of network, software and firmware
• Security tool development (e.g. scanning tools)
• Security metrics definition and delivery
• Consult across different software development teams
• Attack vector modeling
• Champion secure coding practices

Minimum Qualifications:

• Bachelor's or Master's degree in Computer Science or related field
• 7+ years of experience in software engineering or related field
• Experience working in a large cloud or Internet software company preferred
• Strong application/product/software security background
• Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
• Excellent organizational, verbal and written communication skills
• Ability to succeed through collaboration and working through internal and external organizations and individuals
• Prior DevOps or continuous delivery and deployment experience preferred
• Strong security testing experience with Fortify, Burp, Zap or Webinspect.
• Thorough understanding of latest security principles, techniques, and protocols.
• Security certifications is a plus.

Skills Required:

1. Application architecture and design reviews
2. Penetration Testing and Vulnerability assessments
3. Web Services and API security assessments
4. Product Security Assessments and Threat Modeling
5. Dynamic Vulnerability Scanningusing automated application scanners
6. Execute Secure Code Audits using manual and automated methods to review product codes
7. Secure SDLC Processes including DevOps and Agile
8. Knowledge of languages, including Java, .Net, PHP, C++, and XML
9. Security Testing tools, includingNmap, Nessus, Web Inspect, BurpSuite, ZAP Scanner,Fortify Secure code scanner, SOAP UI, Kali Linux, and Metasploit
10. Operating Systems including Windows and Linux
11. Cryptographic algorithms, hashing algorithms, encryption and
12. Network and web related protocols, including TCP/IP, TLS/SSL, HTTP, and FTP.

Detailed Description and Job Requirements

Develop, implement, and enforce Oracle's security policies. Develop, implement, and manage Oracle's compliance with operational security procedures. Develop Security Review threat model and operationalization standards for cloud services to be built and deployed into Oracle's Service cloud.

Duties and tasks are varied and complex needing independent judgment. Fully competent in own area of expertise.

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic protected by law.

Career Level - IC4