Security Architect

We are looking for an experienced Product Security/Application Security professional to help guide product security initiatives across Oracle SaaS products. This position is part of SaaS Product Security Architecture and Assurance team under SaaS Cloud Security organization which is responsible for securing enterprise-grade software services on behalf of our 25,000 customers, processing over 60 billion transactions per day.

As a Product Security architect, you will be performing security reviews and providing hands-on help to development teams to address security issues systematically. We're looking for a passionate engineer who is able to consider business impact and risk to Oracle and its customers while dealing with any security issues. You will work as a trusted partner with one or more SaaS product development teams, while simultaneously collaborating with your peers in evolving or creating new security patterns or standards to address any security issues/gaps in an efficient way. You will research the product security landscape and help steer product security architecture for solutions that will provide a competitive edge for Oracle SaaS.

This position requires strong product security and application security experience. It will be highly valuable to have past experience in working in or with product development teams.

Key Responsibilities:

• Work closely with development teams for SaaS products and provide security expertise and guidance
• Ensure compliance with Oracle Software Security Assurance (OSSA) Standards
• Analyze and triage security issues, risk, and deploy mitigations or fixes quickly
• Perform security design reviews for SaaS Products
• Review and assess security posture and CVEs in third party libraries or products
• Focus on specific SaaS products to understand detailed architecture and identify problem areas
• Perform source code reviews for vulnerability fixes
• Write code to demonstrate proof of concept for fixing security issues
• Propose systematic solutions to address industry trends and specific security challenges
• Influence and create new security standards, patterns, or processes
• Promote a DevSecOps culture while working with development teams

Qualifications:

• Bachelor's degree in Computer Science or related field
• 8+ years of experience in information technology, including 5+ years in product security
• Expert knowledge of modern vulnerability types and threats
• Hands-on experience with programming languages such as Java, Python, etc.
• Experience with industry standard frameworks (OWASP, MITRE, NIST, PCI, FedRAMP, etc.)
• Excellent written and verbal communication skills

Preferred Experience:

• Experience as a Security Lead or Lead Security Point of Contact (SPOC)
• Understanding of Oracle Software Security Assurance (OSSA) Standards
• Experience in developing or supporting cloud/enterprise security products