• Principal Security Engineer (Code Review) - Software Security (Join OCI-SecGroup)

    OracleBedford, MA 01730

    Job #1440176371

  • Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc.

    As a member of the software engineering division, you will take an active role in the definition and evolution of standard practices and procedures. You will be responsible for defining and developing software for tasks associated with the developing, designing and debugging of software applications or operating systems.

    Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Leading contributor individually and as a team member, providing direction and mentoring to others. BS or MS degree or equivalent experience relevant to functional area. 7 years of software engineering or related experience.

    This is a remote/office based position which may be performed anywhere in the United States except for within the state of Colorado.

    Oracle is an Affirmative Action-Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans status, age, or any other characteristic protected by law.

    Principal Security Engineer (Code Review) - Software Security

    *Cloud Engineering Infrastructure Development *

    /At Oracle Cloud Infrastructure (OCI), we build the future of the cloud for Enterprises as a diverse team of fellow creators and inventors. We act with the speed and attitude of a start-up, with the scale and customer-focus of the leading enterprise software company in the world./

    /Values are OCI's foundation and how we deliver excellence. We strive for equity, inclusion, and respect for all. We are committed to the greater good in our products and our actions. We are constantly learning and taking opportunities to grow our careers and ourselves. We challenge each other to stretch beyond our past to build our future./

    /You are the builder here. You will be part of a team of really smart, motivated, and diverse people and given the autonomy and support to do your best work. It is a dynamic and flexible workplace where you'll belong and be encouraged./

    Who are we looking for?

    We are looking for hands-on security engineers with expertise and passion in solving difficult security problems in distributed systems, multi-tenant services and large-scale infrastructures. If this is you, at Oracle Cloud you can help design and build innovative new systems from the ground up. These are exciting times in our space - we are growing fast, and working on ambitious new initiatives. A security-focused engineer at any level can make significant technical and business impact.

    Responsibilities

    • Provide governance on design and code review process; advise and be a consultant to engineering teams

    • Perform application architecture and security code reviews; ensure comprehensive security control coverage

    • Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST)

    • Review and validate automated testing results and prioritize actions based on overall risk

    • Perform manual source code review for security vulnerabilities; analyze source code to mitigate identified weaknesses and vulnerabilities within the system

    • Identify opportunities to automate and standardize information security controls

    • Write formal security assessment reports; identify and document all of the pertinent facts

    o how the application is accessed, what is the operational context of the application code, and what sorts of weaknesses have been introduced to application code in the past

    • Create verification reports that detail the application security architecture and the results of the verification

    • Document remediation recommendations required to harden the code

    • Work with the development team to validate that the issues have been resolved

    • Perform application performance fine tuning; help identify and fix performance bottlenecks

    • Support suite of enterprise security tools (network/platform scanners, web application scanners, asset discovery scanners, and source code security scanners) used in identifying vulnerabilities in software products and custom code on the network

    Qualifications

    • Bachelor's or Master's degree in Computer Science or related field

    • 7 years of experience - performing security code reviews utilizing Static & Dynamic code scanning tools (HP Fortify, SonarQube, BurpSuite, WebInspect, IBM AppScan etc.

    • Expertise in application security and associated vulnerabilities

    • Development experience with modern JavaScript frameworks, Python, JSON, Lambda

    • Experience using ALM and CICD tools like Bitbucket, TFS, Jenkins, uDeploy, BMC RLM or related tools in an agile methodology

    • Experience using commercial enterprise automated security testing tools such as AppScan Source, Fortify, Checkmarx, Veracode, Blackduck, Sonatype,

    • Knowledge of cloud computing concepts and DevOps tools (OpenShift, Kubernetes, Docker, Chef, etc.)

    Job: *Product Development

    Organization: *Oracle

    Title: Principal Security Engineer (Code Review) - Software Security (Join OCI-SecGroup)

    Location: United States

    Requisition ID: 210004FX