Oracle Senior Security Engineer (JoinOCI-SecGroup) in Aurora, Colorado
Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc.
As a member of the software engineering division, you will assist in defining and developing software for tasks associated with the developing, debugging or designing of software applications or operating systems. Provide technical leadership to other software developers. Specify, design and implement modest changes to existing software architecture to meet changing needs.
Duties and tasks are varied and complex needing independent judgment. Fully competent in own area of expertise. May have project lead role and or supervise lower level personnel. BS or MS degree or equivalent experience relevant to functional area. 4 years of software engineering or related experience.
Oracle is an Affirmative Action-Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans status, age, or any other characteristic protected by law.
About the Team:
The Oracle Cloud Infrastructure (OCI) team can provide you the opportunity to build and operate a suite of massive scale, integrated cloud services in a broadly distributed, multi-tenant cloud environment. OCI is committed to providing the best in cloud products that meet the needs of our customers who are tackling some of the world s biggest challenges.
We offer unique opportunities for smart, hands-on engineers with the expertise and passion to solve difficult problems in distributed highly available services and virtualized infrastructure. At every level, our engineers have a significant technical and business impact designing and building innovative new systems to power our customer s business critical applications.
The OCI WAF Cyber Security Intelligence Response Team (OCI WAF CSIRT) is responsible for responding to and managing customer, platform security incidents and researching threat tactics, techniques, and procedures. You will be exposed to a myriad of web architectures protected by Oracle s application delivery and security service networks. You will identify the changing landscape of adversarial actions, tailor defenses to match them, and react to ongoing incidents. You will train other responders & teams to enable global scalability and tackle the hardest challenges of Internet Web security. You will be exposed to new technologies and ideas and be expected to learn them quickly and then be able to teach them to others./You will find your ideas challenged and have to defend them with sound logic and evidence and have the pleasure of working with others held to the same standards./
This individual will be responsible for quality assurance and contributing to threat intelligence services within the organization. This individual will be focused on deep packet inspection, DDoS BOTNET validation, WAF investigations, security incident SME support, security research, proactive intelligence framework monitoring, and protection, and will participate in tool development within the research environment. This position will also be responsible for forensic cases as assigned, will participate in all research papers that are published by OCIWAF CSIRT to include Threat Advisories, White Papers, and post mortem incident reports.* *
About the Job
Do you want to help shape the future of security of the Internet?
Can you analyze a system at different levels of abstraction and spot the flaws?
Do you have the hacker mindset?
Come join the OCI WAF CSIRT Cyber-Security Intelligence Response Team as a Security Researcher Lvl2.
This is not a job about configuring packet filters or applying vendor patches. You will be exposed to new technologies and ideas and be expected to learn them quickly. You will find your ideas challenged and have to defend them with sound logic and evidence and have the pleasure of working with others held to the same standards.
Be part of a team of dedicated security experts who work to make the Internet a safer place for everyone.
Build secure web-based tools
Collaborate with Security Architects, Security Researchers, and Software Engineers to improve the resilience of OCI WAF systems under pressure from adversaries.
Contribute to formal security reviews of proposed software designs, controls, and test plans, applying System-Theoretic Process Analysis (STPA) and STPA-derived methods.
Assist in incident response and analysis
Help analyze and articulate risks to Internet infrastructure.
Advise engineers in the development of safer and more defensible software.
Read code to find flaws and propose fixes.
Propose new ways to find and/or prevent flaws in Internet-connected software and systems.
Research new trends in attack tools, techniques, and procedures; and learn how to adjust configurations to protect against them. Publish or present this research for consumption by our own security operators, by customers' security teams, and by the security community at large.
Critical incident response efforts, including coordination, communication, resolution, and timely handoff. Develop research tools to support gathering and analysis of intelligence from internal and external sources. Develop attacks against Internet infrastructure in order to inform product management and individual customers of potential risk, including by the use of ethical hacking, penetration testing, vulnerability assessment, and web application security testing.
Required Education and Experience
Minimum 3 years of professional work experience
Bachelor's degree in Journalism, Communications, Technical Marketing, Computer Science, Computer Engineering, or a related technical discipline, or equivalent practical experience.
A master's degree or Ph.D.
3-year experience applying web-based application attacks and defenses including at least those covered by the OWASP Top 10
3-years of experience using UNIX/Linux command shells including script development
3-years of experience constructing HTTP traffic manually
2-years of experience developing software using a secure software development lifecycle
2-years of experience communicating clearly and effectively verbally and in writing to both technical and business audiences
Coursework in computer science, mathematics, or engineering Experience with Java web frameworks
Awareness of penetration testing methods
Understanding of HTTP and DNS
Experience in at least one of Haskell, OCaml, F#, ML, Scala, Clojure, Common Lisp, Scheme, Opa, or Erlang
Experience authoring applications using several different web-based application frameworks Successful completion of web security challenges such as those on HackThisSite.org, OWASP s Web Goat, or Google s Gruyere.
Excellent technical aptitude and a desire to learn constantly.
History of responsible vulnerability disclosure
Some knowledge of Systems-Theoretic Accident Modeling and Processes (STAMP)
Familiarity with security technologies, processes, and concepts such as symmetric and asymmetric cryptography, TLS, Authentication, and Authorization, Static Code Analysis
Job: *Product Development
Title: Senior Security Engineer (JoinOCI-SecGroup)
Location: United States
Requisition ID: 20000M2L