Security Point of Contact (SPOC)

In accordance with company requirements, the Oracle Analytics Development team requires a dedicated Security Point of Contact (SPOC). This role has been fulfilled part-time by different developers, but the sheer number of security efforts and products employed by the Analytics team necessitates a full-time resource.

Short description displayed on job title

As part of Oracle’s Analytics team, the Security Lead is responsible for reducing security assurance risk in their Line of Business. They need to develop a security culture in their organization and ensure that all security activities are effective at avoiding, mitigating, finding, and fixing vulnerabilities.

Job description displayed in the job posting

As a member of the software engineering division, you will take an active role in the definition and evolution of standard practices and procedures. You will be responsible for defining and developing software for tasks associated with the developing, designing, and debugging of software applications or operating systems.
The engineer will be expected to participate in security project tasks on an as-needed basis and interact directly with security organizations and multiple Lines of Business globally.

Preferred Qualifications:

• 6+ years related experience in an information security role, supporting security programs and security engineering/architecture in complex enterprise environments. Hands-on experience with enterprise security architecture, engineering, and implementation (Networking, Endpoint, System Level Security) required.
• Experience with at least one enterprise-scale of the following security platforms: SIEM, Antivirus, Endpoint Detection and Response.
• Strong experience in cloud computing and building secure environments in the cloud utilizing tools such as Terraform & Ansible.
• Experience in security aspects of multiple platforms, operating systems (Linux and Windows servers), software, communications, and network protocols.
• Understanding of networking protocols and infrastructure designs; including routing, network ports and protocols, host and network intrusion detection systems, encryption, load balancing, and other network infrastructure.
• Knowledge of security processes and technologies including threat detection, firewall functionality, security monitoring, and specific tools: SIEM, AV, IDS/IPS.
• Excellent communication skills, analytical ability, strong judgment and leadership skills, and the ability to work effectively with development management and staff.
• Dedicated and self-driven desire to maintain knowledge of current security threats and countermeasures; enthusiastic team member.

Responsibilities:

• Monitor, develop, and maintain enterprise security tooling program including Security Information and Event Management (SIEM), Endpoint Protection, and Web Application Firewalls in both engineering and analyst capacity.
• Work directly with system owners to implement security controls and configure security tools to meet a variety of requirements.
• Reduce risk by enhancing existing security tools and processes within the organization.
• Support for Reported Product Security Vulnerabilities - Have the skills to review code fixes of security bugs in their areas of responsibility.
• Technical Guidance for Ongoing Product Development - During the design phase, the Security Lead must ensure that product functional and design specifications include security considerations for every release.
• Cloud Engineering Infrastructure Development.
• Security Community Activity Leadership - The Security Lead must coordinate the various security activities for the respective product family.
• Product Security Compliance - A major component of the Security Lead function is to identify and quantify security risks for management, especially product risks for customers and the consequential risks to the Oracle brand.
• Participate in a Rotational On-Call schedule for Critical issues (we strive to make sure this is truly as rare as it can be).