Principal Security Engineer, CSS Security

Description

Position Overview

Oracle's Customer Success Services (CSS) Organization is looking for a seasoned information security devops engineer with top-secret clearance to join our efforts in shaping the cloud services landscape across industry verticals and solving difficult problems by designing and building a suite of managed security services in Oracle's Classified Cloud for US National Security (ONSR).

Oracle's Customer Success Services (CSS) is a dynamic, high-impact division that ensures customer success and accelerates cloud adoption. As a key enabler of Oracle's cloud strategy, CSS is backed by strong executive sponsorship and offers a unique opportunity for security professionals.

As an integral team member, you will be responsible for designing, developing, implementing, and supporting efficient and scalable security solutions using third-party and Oracle technologies. Your in-depth knowledge of Oracle SaaS, PaaS, and IaaS offerings and proficiency in security best practices will drive success for Oracle and our customers. You will take an active role in the definition and evolution of standard practices and procedures. You will be responsible for the design and influence of applications and the tools and processes that comprise the CSS organization. You will work independently and closely with team members to solve day-to-day problems, create utilities and applications, and create a security platform of tools that benefits all of Oracle's CSS offerings.  You need to be well-versed in every part of the software development process, including source code management, artifact deployment, package management, continuous integration, build and test automation, application deployment, and application monitoring.

Career Level - IC4

Responsibilities

Characteristics

Expect Results: Consistently drives high standards for each individual, the team, and the organization to accomplish key goals.

Communicates and Influences: Communicates information and ideas to individuals and teams in an articulate, focused, and compelling way. Willing to offer intellectual mindshare.

Is Analytical and Instinctual: Compares information from multiple sources to identify core issues.  Uses data to make decisions but also understands that instinct plays a part in innovating.  Always uses good common sense combined with Emotional Intelligence.

Possesses Strong Technology and Architecture Acumen: In-depth understanding of technology, architecture leadership, and software development with the ability to draw from personal experience to make recommendations.

 

Key Responsibilities

Supports the strengthening of Oracle's security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training, and awareness (ISETA); digital forensics and similar focus areas.

Risk Management: Brings advanced skills to assess the information security risk associated with existing and proposed business operational programs, systems, applications, practices, and procedures in complex, business-critical environments.  May conduct and document very complex information security risk assessments. May assist in the creation and implementation of security solutions and programs.

Regulatory Compliance: Brings advanced skills to manage programs to establish, document, and track compliance to industry and government standards and regulations, e.g., ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc.  Researches and interprets current and pending governmental laws and regulations, industry standards, and customer and vendor contracts to communicate compliance requirements to the business and participates in industry forums monitoring developments in regulatory compliance.

Threat and Vulnerability Management:  This position uses advanced-level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations requiring in-depth analysis of ambiguous information.

Incident Management and Response:  Bring advanced-level skills to respond to security events, identify possible intrusions, and respond in line with Oracle incident response playbooks. May operate as Incident Commander on serious incidents.

Digital Forensics:  Brings advanced level skills to conduct data collection, preservation, and forensic analysis of digital media independently, where an advanced understanding of forensic techniques is required.

Other areas of focus may include:

• Compiling information and reports for management.
• Defining and developing software for tasks associated with developing, designing, and debugging software applications or operating systems.
• Leading contributor individually and as a team member
• Working closely with partners and peers to drive security innovation and world-class solutions to internal and external customers.
• Influencing and assisting in new security solutions, processes, and standards to support hyper-scale cloud growth.

 

Ideal Experience

• Technical understanding and demonstrable cloud engineering experience, specifically in developing applications and solutions that provide security controls.
• 5+ years of systems operation/administration
• Deep understanding of network, storage, and virtualization concepts and technologies.
• Strong experience with enterprise security concepts, including network security lists, disk encryption, and endpoint security technologies.
• Strong and hands-on experience/knowledge in the following or similar areas:
  • Automation development experience
  • Programming in Python/shell scripting
  • Development tools, language features, and library availability
  • Automation deployment and configuration management tools (Chef, Salt, Ansible, and/or Puppet, etc.)
  • Linux and virtualization
  • Git, SVN, or similar version control experience
  • SQL schema design experience with MySQL, Oracle, or Postgres
  • TCP/IP (ipv4 and ipv6) networking and related protocols
  • Multi-platform workstation – Windows/Mac/Linux
  • Agile and Waterfall project methodologies
• Problem-solving skills to learn new technical and non-technical analysis techniques to overcome problems.
• Ability to identify and implement both tactical and strategic solutions.
• Demonstrated knowledge (API) of Oracle Cloud, AWS, Azure, or Google Cloud services.
• Ability to work independently and engage individuals and teams across multiple geographies and cultures.
• Strong written and verbal communication and presentation skills.

 

Preferred Education

Advanced degree in computer science or related field.

 

*US Citizenship and currently holds (or can obtain) a Top Secret (TS)/SCI clearance for Critical-Sensitive Positions with polygraph (FSP).

Qualifications
Disclaimer:

Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.

Range and benefit information provided in this posting are specific to the stated locations only

US: Hiring Range in USD from: $109,200 to $223,400 per annum. May be eligible for bonus and equity.

Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle’s differing products, industries and lines of business.
Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.

Oracle US offers a comprehensive benefits package which includes the following:
1. Medical, dental, and vision insurance, including expert medical opinion
2. Short term disability and long term disability
3. Life insurance and AD&D
4. Supplemental life insurance (Employee/Spouse/Child)
5. Health care and dependent care Flexible Spending Accounts
6. Pre-tax commuter and parking benefits
7. 401(k) Savings and Investment Plan with company match
8. Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.
9. 11 paid holidays
10. Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.
11. Paid parental leave
12. Adoption assistance
13. Employee Stock Purchase Plan
14. Financial planning and group legal
15. Voluntary benefits including auto, homeowner and pet insurance

The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.