Principal Security Data Analyst

Oracle’s Software Assurance organization has the mission to make application security and software assurance, at scale, a reality. We are a diverse and inclusive team of architects, researchers, and engineers, combining our unique perspectives and expertise to create secure and innovative solutions to complex challenges. With the resources of a large enterprise and the agility of a start-up, we are working on a greenfield software assurance project.

We are seeking a Security Data Analyst to join our team. This role will combine data analysis, security research, and development skills where you will be responsible for designing and developing a platform capable of analyzing large datasets for security and compliance requirements. You will leverage your expertise in cybersecurity to proactively identify and address emerging threats, ensuring that secure coding practices are seamlessly integrated into every stage of development.

What You’ll Bring

• Bachelor’s degree in computer science, Engineering, or a related field (or equivalent work experience).
• 5+ years of experience in software/platform development/engineering from front end (web), mobile, back end, ad tech, or analytics dataflows backgrounds.
• Extensive experience in dataflows, or similar roles in data management with proven experience building automated and scalable platforms for data-intensive applications.
• Experience with navigating and handling large data sets and the ability to design and implement scalable and maintainable systems.
• Strong background in API development and associated architectural patterns such as REST or gRPC.
• Programming experience in Python, Go, Java, or similar.
• Experience with data science concepts such as data preparation, exploration, modelling and the ability to apply this process when handling structured or unstructured data.
• Confident with using common data science tooling such as Jupyter notebooks, pandas, matplotlib, seaborn, numpy.
• API testing and security tools: Postman, Burp Suite, OWASP ZAP, etc.
• Strong knowledge of database management systems (DBMS) such as MySQL.
• Hands-on experience with security and compliance frameworks and standards.
• Knowledge of performance optimization techniques for mobile applications, including memory, CPU and network efficiency.
• Excellent problem-solving and analytical skills.
• Strong collaboration and communication skills, with the ability to work in cross functional teams and explain complex technical concepts to non-technical stakeholders.

Nice to Have:

• Experience with OCI cloud-based services.
• Experience with machine learning or AI in security applications.
• Experience in Agile methodologies and using project management tools like JIRA and confluence.
• Knowledge of Software Assurance programs.

Responsibilities:

• Architect and develop a secure, high-performance platform to ingest, parse, and analyze large volumes of API data stored in a MySQL database.
• Work closely with internal and client teams to analyze, define and implement data rules and data flows, translating these into an auditable tool.
• Scope and execute threat analysis to research, evaluate, track, and manage information security threats and vulnerabilities in data flows.
• Ensure the tooling is secure by collaborating with architects and security teams to implement best practices for compliance, data privacy, and protection, while integrating tools and frameworks to assess APIs against OWASP and other relevant security standards (NIST, ISO-27001, PCI-DSS, HIPAA, FedRAMP).
• Automate security and compliance controls into the platform for continuous monitoring and reporting.
• Execute MySQL queries to ensure data integrity and consistency.
• Create intuitive dashboards and reports for stakeholders.
• Create tools to help engineering teams identify security-related weaknesses.
• Stay up to date with the latest trends and technologies, contributing to ongoing improvements of platform architecture and best practices.
• Maintain clear, comprehensive documentation on the platform architecture, services, and technical decisions to support internal teams and future development.
• Mentor junior engineers and provide technical guidance.