Principal Security Engineer @ Oracle

Responsibilities displayed in the job posting

Key responsibilities:

• As a security authority you will collaborate with multi-functional teams to drive security improvements, innovation, and best practices into the OCI’s products and services.
• Will conduct threat modeling, security architecture reviews, risk assessment, and provide guidance on mitigating the identified issues.
• Build and maintain technical security standards and patterns for OCI.
• Stay up-to-date on the latest advancements in cloud security and apply them to improve OCI’s security posture.
• Provide experienced security guidance to service teams to ensure products, services, and feature are secure by default.
• Lead OCI-wide cloud security initiatives to improve overall cloud security posture.
• Provide mentorship to junior engineers on the team.

Qualifications:

• A minimum of 8+ years of experience with at least 5+ years in Cloud Security or Application Security or Product Security.
• Or a BS or MS in Computer Science/Engineering with a focus in Cybersecurity, or a related field with a minimum of 8 years of experience in the field is required.
• Experience in architecture, design, deployment, and handling of standard security practices and policies is required.

Preferred qualifications includes,

• Experience as a security leader for a cloud product or set of cloud services, with expertise in IaaS, PaaS.
• Experience with architecture security reviews for products or services operating in a cloud environment.
• Expertise in concepts of Multi-tenancy, Cloud Security and Virtualization, Access Management, OAuth, Cloud SSO, Identity Provisioning, Identity Governance etc.
• Expertise in Encryption, Key management, Cybersecurity fundamentals (e.g., access controls, common software vulnerabilities, and security standard methodologies), Deployment Methodologies, and Security Standards Compliance Certification (STIG, FedRAMP, PCI-DSS), etc.
• Very good understanding of concepts related to Docker, Container, Serverless Computing, and Kubernetes.
• Ability to craft large scalable systems for cloud customers with focus on security.
• Network security, VPN/Firewalls and software-defined networking experience is a plus.
• Experience operating within and supporting a security assurance and assessment program
• Excellent written and verbal communication skills, strong analytical and problem-solving skills.