About the role

We are looking for an engineer with knowledge of application security, to join the product development team at Oracle, Brisbane as Security Analyst. The role holder will be responsible for developing and maintaining an open-source Java vulnerability knowledgebase and associated curation frameworks and tools. You will be responsible for updating the vulnerability knowledgebase daily against the NIST NVD data-feeds, capturing additional details on vulnerabilities, performing further analysis etc. The knowledgebase is used for vulnerability detection in Java applications using open-source libraries and for alerting customers on the vulnerabilities. You shall be collaborating with the research and development engineers based in Brisbane, Australia as well as with development organisations at worldwide Oracle locations to deliver, maintain and support the vulnerability knowledgebase and associated frameworks and tools. This role is based in Brisbane and offered on a permanent basis.

 

What will you bring to the job?

• A Bachelor’s Degree or higher in Computer Science, Cyber Security or related disciplines would be ideal
• Good understanding of application security, CVE classification system (Common Vulnerabilities and Exposures) and OWASP top 10
• Ability to review vulnerabilities in open-source software written in Java
• Foundational skills in Python programming
• Familiar with SCM/software version control tools (e.g., Git)
• A strong interest in application security, willingness to learn and seek out information to solve challenging problems is essential
• Strong analytical skills combined with good communication skills and fluent English
• Eligibility to work in Australia without sponsorship is required

 

What additional skills and experience would make you a standout candidate?

Some of the below would make you a standout candidate for the role:

• Prior experience in a software development role
• Knowledge and experience of security testing tools
• DevSecOps and/or CI/CD experience
• Automation experience using Python 

Develops and executes programs and processes to reduce information security risk and strengthen Oracle’s security posture.

Risk Management: Assesses the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in complex, business-critical environments. May conduct and document basic information security risk assessments. May assist in the creation and implementation of security solutions and programs. Regulatory Compliance: assists in programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Assist with research and interpretation of current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business. Threat and Vulnerability Management: May research, evaluate, track, and manage information security threats and vulnerabilities in situations where analysis of well-understood information is required. Incident Management and response: Responds to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks. Digital Forensics: Assist with data collection, preservation and forensic analysis of digital media independently, where a basic understanding of forensic techniques is required. In a Corporate Security role, may assist with the creation, review and approval of corporate information security policies. Compiles information and reports for management.

Minimum of 2 years of related experience as a security engineer, analyst, consultant or developer required. Preferred but not required qualifications include: Bachelor-level university degree in a relevant field from an accredited university, or equivalent. Experience working in a large cloud infrastructure production service environment. Experience determining and communicating the root cause analysis and findings of security incident response investigations and performance troubleshooting activities. Experience collecting, analyzing, and correlating log sources from varied, disparate log sources. General knowledge of vulnerability scanning, penetration testing tools and practices.