Principal Secuirity Engineer - Oracle Cloud Infrastructure
Profile:
Product Security Architecture assists the engineering organization and partners to build secure products, services, and features. We develop strong Product Security practices, partner with product owners, engineers and executives to ensure new products and features meet the highest security standards. Security is reflected every day in the services we build, our company operates and how we engage with service teams and partners. We are trusted advisers and guide the organization to deliver the most secure cloud in the industry.
Job Description:
Are you interested in securing a large-scale distributed cloud infrastructure and platforms? Oracle's Cloud team is building new IaaS and PaaS technologies that operate at high scale in a broadly distributed and rapidly growing multi-tenant cloud environment. Our mission is to provide our cloud customers with the most secure cloud products and services.
We're looking for hands-on security engineers with expertise and passion in solving difficult security problems in distributed systems, multi-tenant services and large-scale infrastructures. If this is you, at Oracle Cloud you can help design and build innovative new systems from the ground up. These are exciting times in our space - we are growing fast, and working on ambitious new initiatives. A security-focused engineer at any level can make significant technical and business impact.
As a Principal Security Engineer you will work closely with engineers from the various cloud service teams to lead building secure architecture that is fundamentally sound and efficient. Your influence and innovation in design of the full system architecture is critical. You should be familiar with security at all levels of the software, hardware, and network stack; while being exceptionally deep in a few. Intellectual curiosity and an excitement for the challenges of securing complex, massive systems are a must. You should value simplicity and usability as well as security and work comfortably in a collaborative, agile environment.
Things you’ll do:
- Consult software development teams in design and architecture of secure systems. Collect, identify, and develop best practices, patterns, and anti-patterns for specific security-related problems.
- Perform threat modeling exercises and propose technical controls for critical systems, conduct and facilitate technology security reviews including Secure SDLC testing requirements & Identify, prioritize, and help implement security improvements that maximize security while keeping developers productive
- Serve as security thought leader for all application security automation. Architect, design, prototype, support, and evaluate security-focused tools and services including project leadership. Assist with triage of findings from security tools. Develop and refine rules and checks for security automation.
- Research new security technologies
- Identify and understand inherent, systemic high-risk security issues that could lead to security incidents. Architect, design, prototype, support, and validate scalable security solutions to eliminate systemic issues, including project leadership.
Qualifications:
- Bachelor’s degree, Master’s degree preferred, (or equivalent experience) in Computer Science or related field
- 8+ years of experience in security engineering or related field
- Strong sense of ownership, urgency, and drive
- Demonstrable teamwork skills and resourcefulness
- Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid “analysis paralysis”)
- Sharp analytical abilities and proven design skills
- Experience working in a large cloud or Internet software company
- Principal security engineer is expected to have experience in multiple security domains, to develop scalable solutions for complex business problems, including project leadership.
- Experience with multiple programming languages (such as, Java, C++, Ruby, Python, Go, etc.)
- Experience in several of the areas:
- Security design and threat modeling
- Security consulting and development of best practices, patterns and anti-patterns, secure-by-default solutions
- Research of new security technologies
- Automation: from prototyping new security tools, evaluating/validating existing security tools, automation, to supporting and improving existing product security tools: SAST, DAST, IAST, RASP, SCA, etc.
- Systemic security issues: identifying, root cause analysis, designing security solutions, including project leadership
- Web application security experience:
- Experience with web application vulnerabilities and mitigations beyond the OWASP Top 10
- Expert in web browser security
- Experience with federation protocols (SAML, OAuth)
- Network security experience:
- Building network security architectures for complex global networks
- Network and web related protocols such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS,
- Routing protocols, such as BGP and route reflecto