Are you interested in securing a large-scale distributed SaaS environment? Oracle's SaaS Cloud Security team is building new technologies that operate at high scale in our broadly distributed multi-tenant cloud environment. The Detections and Response Team plays a key role in enabling Oracle's Security vision, minimizing security incident-based losses and disruptions, facilitating efficient recovery from such incidents, and ensuring the implementation of controls to mitigate associated risk.

The SaaS Cloud Security organization is responsible for securing enterprise-grade software services on behalf of our 25,000 customers, processing over 60 billion transactions per day.  

We are building a global team of analysts that can work autonomously to carry out activities in the areas of detection and response to protect the Oracle SaaS environment.  The team will be able to, collectively cover, the breadth and depth of: monitoring for Indicators of Compromise, being up to date with latest third-party Threat Intelligence, responding to identified incidents including attack remediation, evidence collection and forensics.  The team will also support the continual improvement of processes and technology used for maximizing automation of detection and response for SaaS.

 

Key Responsibilities

• Write Threat Intelligence briefings and reports for executive leadership.

• Help build cyber threat profiles adapted to SaaS products and environments through threat modelling initiatives.

• Help define Threat Hunting use cases. 

• Create repeatable processes for continuous testing and monitoring of IOCs following a proven methodology you help define.
• Research industry trends, identify ongoing security threats, analyze new security testing tools, and provide recommendations on the need and usefulness of services and/or products.
• Evaluate and recommend new and emerging security solutions and technologies to issues.
• Effectively communicate security concepts with both technical and non-technical individuals.
• Participate in Red/Blue team activities.

• Manage external and internal partnerships.

• Manage open source and commercial feeds through a curation and prioritization process for detection pipeline, aiming low false positive rate.

• Proactively monitor private and public threat landscape and translate into actionable intelligence and threat use cases.

• Perform continuous open source research on specific threats including threat actors, campaigns, vulnerabilities and attack surface exposure evaluation.

 

Required Qualifications
• Bachelor’s Degree in Computer Science, Information Assurance, Security, Management Information Systems, Risk Management or equivalent work experience acceptable.

•  3-6+ years of related cybersecurity work experience in the areas of Cyber Threat Intelligence (CTI), architecture, engineering, SIEM, Red Team, pen testing, SOC (monitoring, incident response, digital forensics).
• 2+ years Python scripting experience.

• Threat Intelligence related experience including at least two of the following: 

o Writing Threat Intelligence briefings for executive leadership audience;

o Threat modelling exercises for threat profile evaluation; 

o Campaign tracking and trending evaluation;

o Building actionable threat use cases based on individual research and analysis;

o Threat actors research.

• Understanding of typical intrusion life-cycle, including privilege escalation, persistence, and lateral movement techniques.

• Understanding of MITRE ATT&CKTM knowledge base.
• Experience with Threat Intelligence and SOAR Platforms to enable automation of threat intelligence feeds curation.

• Python scripting experience. 

• Strong and hands-on experience/knowledge with Linux and Windows Operating Systems.

• Experience with problem solving and troubleshooting complex issues with an emphasis on root cause analysis.

• Understanding of traditional and microservice Application security architectures e.g. OWASP Top 10 web application security risks, database security, authentication schemes.
• Excellent customer service skills required.
• Knowledge of operational security tools and practices (e.g. SIEM, IDS, firewalls, and 3rd-party security products).
• Ability to both work independently with minimal direction and to collaborate effectively with local and remote teams with a strong customer focus.
• Excellent written and verbal communications, including presentation skills, are important to be successful in this role.
• Proven ability to effectively communicate with all levels of the organization, as well as with external parties.

 

Preferred Qualifications
• Advanced degree in computer science or related field.

• Exerpience gathering and defining Priority Intelligence Requirements (PIR’s)

• 8+ years of experience within the security department of a large cloud or Internet software company. 

• 2+ years of experience as a Threat Intelligence Analyst.

• Ideal candidate should possess at least two of the following certifications: 

o SANS GIAC Cyber Threat Intelligence (GCTI)

o SANS GIAC Network Forensic Analyst (GNFA)

o SANS GIAC Certified Forensic Analyst (GCFA) 

o SANS GIAC Certified Forensic Examiner (GCFE) 

o SANS GIAC Certified Incident Handler (GCIH)

o SANS GIAC Certified Intrusion Analyst (GCIA)

o SANS GIAC Reverse Engineering Malware (GREM)

o Certified Information Systems Security Professional (CISSP)

o Offensive Security Certifeid Professional (OSCP)

Team Culture 

You thrive on collaboration. You make the people around you better. You love to collaborate with peers, engineers, operations, product managers, executives, and designers and inspire them to do their best.

You are passionate and experienced as a security leader.  You engage with your peers, the industry and experts to stay current on research, threats, and innovation to drive the right directions and strategies from a security infrastructure perspective.

You are customer focused.  Our success is based on customer satisfaction (internal and external) and how we build customer empathy in our culture, in our execution and our results.

You make people successful.  It is not about the “I”, it is about the “team” and making your team and the organization successful.  As leaders we focus on making our team members as productive and empowered as possible to ensure optimized execution and results.

You are open and transparent.  We are a team: open, honest and share openly with ourselves and our customers to build trust.

You seek learning and feedback.  You are self-critical, you proactively seek out feedback.  We lead by example and share feedback and learnings in a safe and productive way that focuses on improvements, root cause analysis and never blame as the desired result.

You make things happen.  You own and are accountable for delivering the execution to the overall strategy and missions of the organization.
And finally, you want to be part of creating dramatic and impactful change at a company that is committed to driving security innovation and world class engineering in the SaaS Cloud security space.

Detailed Description and Job Requirements 

Assist in execution of security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs.

Researches attempted efforts to compromise security protocols. 

Advices and assists in maintaining a healthy security posture of Oracle SaaS Cloud security space.

Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information.

Leading contributor individually and as a team member, providing direction and mentoring to others. 

Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization.

As part of Oracle's employment process candidates will be required to successfully complete a pre-employment screening process. This will involve identity and employment verification, professional references, education verification and professional qualifications and memberships (if applicable).

 

Develops and executes programs and processes to reduce information security risk and strengthen Oracle’s security posture.

Supports the strengthening of Oracle’s security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas. Risk Management: Brings advanced level skills to assess the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in very complex, business-critical environments. May conduct and document very complex information security risk assessments. May assist in the creation and implementation of security solutions and programs. Regulatory Compliance: Brings advanced level skills to manage programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business. Participates in industry forums monitoring developments in regulatory compliance. Threat and Vulnerability Management: Brings advanced level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required. Incident Management and response: Brings advanced level skills to respond to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks. May operate as Incident Commander on serious incidents. Digital Forensics: Brings advanced level skills to conduct data collection, preservation and forensic analysis of digital media independently, where an advanced understanding of forensic techniques is required. Other areas of focus may include duties providing advanced level skills and knowledge to manage Information Security Education, Training and Awareness programs. In a Corporate Security role, may manage the creation, review and approval of corporate information security policies. Mentors and trains other team members. Compiles information and reports for management.

Minimum of 8 years experience in information systems, business operations, or related fields, at least 5 years of which must be from at least one of the following: Information security risk management; information security program management; Industry/Government security compliance program management (ISO-27001, GDPR, HIPAA, FedRamp, etc.); threat and vulnerability management; incident management and response; security policy development and enforcement; privacy, information security education, training and awareness (ISETA), information security solutions development, etc. required. Strong knowledge of: Cloud architecture and security principles. Risk Management Frameworks. *nix and Windows system administration. Experience with: Logging and log analysis. Identity management principles and technology. Preferred but not required qualifications include: Bachelor-level university degree in a relevant field from an accredited university, or equivalent. CISSP, CISM, CISA, CIPP or other equivalent certification. Comprehensive knowledge of security design for networks, databases, infrastructure, and cloud computing. Experience writing security incident and vulnerability reports for leadership and other stakeholders. Ability to effectively communicate and influence secure product and network design in a collaborative environment. Comprehensive knowledge of digital forensics. Strong knowledge of web technologies, middleware, database, OS, firewalls, network communication protocols and methods. Knowledge of encryption technologies and architectures. Expert level experience in evaluating and assessing security threats across a variety of environments and industries. Expert level understanding of secure networking principles, routers, switches and load balancers.