Security Engineer 3-20000XUM Applicants are required to read, write, and speak the following languages: English
Preferred Qualifications
Senior Vulnerability Management AnalystAs part of Oracle+NetSuite’s Security Team, the Senior Vulnerability Management professional is a key player in identifying, analyzing, reporting and driving remediation of security vulnerabilities across several NetSuite product lines.
Responsibilities
Manage and continuously improve a global vulnerability assessment program, which includes identification, analysis, response, negotiation and reporting/presentation of cyber threat and vulnerabilities
Provide the project team and key stakeholders with regular updates on the progress, key blockers, dependencies, ownership, target dates
Partner with remediation team to ensure remediation of identified vulnerabilities occurs within noted timeframes and in adherence with corporate security policies
Facilitate resolution of issues and roadblocks, escalate repetitive project delays in a timely, strategic manner utilizing project management techniques and methods
Research and evaluate threats and vulnerabilities to assist in prioritization of remediation actions
Work with other vulnerability management team and security team members to ensure alignment across projects and processes and seek for their guidance if necessary
Develop and report on vulnerability metrics and KPIs on a regular basis
Partner with stakeholders to streamline, standardize and mature vulnerability management program and tooling
Develop templates, procedures, and guidelines for vulnerability management
Qualifications
5+ years of relevant work experience in information security or security assurance/compliance
Thorough understanding of project/program management techniques and methods
Strong knowledge of technology and security topics including network security, application security, infrastructure hardening and security baselines, web server, and database security
Strong knowledge of industry standards regarding vulnerability management
Knowledge of industry and regulatory requirements (i.e., PCI, ISO, etc.)
Demonstrated ability to develop and deliver concise and effective communication
Excellent problem-solving, and decision-making skills
Highly self-motivated and directed
Familiarity with tools like Qualys, Elasticsearch, Jira, Confluence
Recognized industry certification and/or continuing education programs are a major plus including CISSP, Security+
Detailed Description and Job Requirements
Responsible for the planning, design and build of security architectures; oversees the implementation of network and computer security and ensures compliance with corporate security policies and procedures.Responsible for basic planning, design and build of security systems, applications, environments and architectures; oversees the implementation of security systems, applications, environments and architectures and ensures compliance with information security standards and corporate security policies and procedures. Assist in development of incident response capabilities, training, and tool validation. May research, evaluate, track, and manage information security threats and vulnerabilities in situations where analysis of well-understood information is required and where computer programming/scripting knowledge is required. May participate in an incident management team, responding to security events in line with Oracle incident response playbooks. Investigates purported intrusions and breaches, and oversees root cause analysis. Coordinates incidents with other business units and may assist the Incident Commander during serious incidents. Participates in developing new methods, and playbooks, as well as basic scripts, applications, and tools. Research industry trends and constantly assess current controls and threat posture of new and existing products and services. Recommend and implement new security controls across Oracle’s line of business (LOB). Improve current processes and workflows to minimize manual efforts.Minimum of 5 years related experience in an information security role, supporting security programs and security engineering/architecture in complex enterprise environments. Hands on experience with enterprise security architecture, engineering and implementation required. Knowledge of compliance program security controls, like ISO 27001, SOC 2, HITRUST, and FedRAMP, as applied to cloud SaaS, PaaS and IaaS operations. Familiarity with SDLC principles and scripting & programming languages (such as Terraform, Python, Ruby, etc.). Preferred but not required qualifications include: Bachelor-level university degree in a relevant field from an accredited university, or equivalent. Experience in developing secure, scalable cloud architectures and distributed systems. Experience with high-level software design and development and the design, use, and deployment of automation and orchestration frameworks. Demonstrable scripting or programming experience.
Job: Information Security Engineering
Location: PH-Philippines
Job Type: Regular Employee Hire
Organization: Oracle
