Information Security Sr. Manager - Threat and Vulnerability Management

Oracle Cloud Infrastructure

The Oracle Threat and Vulnerability Management (TVM) team proactively identifies, assesses, prioritizes, and relentlessly drives the remediation of security weaknesses and vulnerabilities at scale across the total enterprise. The TVM team performs security assessments, vulnerability research, guides and advises mitigation strategies, and coordinates the response to zero-day and other urgent vulnerabilities. We ensure the security of the software and hardware that runs our cloud and non-cloud infrastructure and strive for continuous improvement. As a team, we defend our customers and ensure Oracle meets or exceeds all applicable security and regulatory requirements in all markets.

Values our foundation and how we deliver excellence. We strive for equity, inclusion, and respect for all. We are committed to the greater good in our products and our actions. We are constantly learning and taking opportunities to grow our careers and ourselves. We challenge each other to stretch beyond our past to build our future. You can learn more about us by visiting https://cloud.oracle.com/cloud-infrastructure.

Are you interested in building large-scale distributed security systems and tools for the cloud? Do you enjoy all aspects of security, from end user devices and traditional information technology (IT), to hyperscale cloud and multicloud services, to hardware and operational technology (OT)? A security-focused leader can have significant technical and business impact. This is a unique opportunity to work with smart people to solve complex and industry-wide problems in distributed systems, security, and multi-tenant Infrastructure-as-a-Service (IaaS) at massive scale. The biggest challenges for the team is the dynamic and fast growth of the business, driving us to improve our systems, tools, and automation to scale to our security expertise several orders of magnitude greater than what we can support today. We understand that software is living and needs investment. The challenge is making the right tradeoffs, communicating those decisions effectively, and crisp execution. Come shape the future of one of the largest cloud services on earth with us!

Our ideal candidate is a hardworking and hands-on leader concerned with both security and building the best team possible, a passionate leader about security and furthering their knowledge every day as well as that of their team, and has previous experience working in the cloud or hardware industry.

This role is for a hands-on leader to drive day-to-day vulnerability assessments, deviation reviews, and remediation activities across cloud and non-cloud environments.

Responsibilities

• Leading a diverse set of personalities and talent
• Understanding the importance of a healthy and supportive team culture
• Support a culture of accountability, integrity, and high expectations
• Effectively communicate to anyone in the organization, from the most technical operator to senior leadership
• Maintain awareness of known vulnerabilities and work towards applying appropriate mitigations
• Guide and mentor security analysts and engineers as they perform vulnerability assessments
• Provide direction and advice on emerging threats, weaknesses, and security practices that may impact the security posture of Oracle
• Manage and lead the performance of vulnerability assessments and deviation reviews
• Be able to critically examine an organization and system through the perspective of a threat actor and articulate risks in clear, detailed terms
• Guide effective remediations and fixes in our cloud (including public, private, distributed, hybrid, and multi) and on-premise platforms and products

Qualifications

• 3+ years people management or technical lead experience
• 5+ years of software or systems engineering experience
• Must possess or have the ability to obtain and maintain a Security Check (SC) clearance (required).

• Strong overall business and communication skills, including executive presentation skills and eye for business
• Strong leadership and people management skills
• Understanding the importance of a balanced work approach to encourage team culture
• Strong knowledge of data structures, algorithms, operating systems, and distributed systems fundamentals
• Strong understanding of databases, NoSQL systems, storage and distributed persistence technologies
• Prior experience with distributed systems, cloud computing, and IaaS
• Prior experience with security
• Understanding of security vulnerabilities and mitigation strategies
• Programming and debugging fundamentals in languages/interfaces, such as Python, Java, Go, etc.

Preferred Qualifications

• Hands-on experience developing or securing services on a public cloud platform (e.g., AWS, Azure, GCP, OCI)
• Proven ability to drive culture and behavioral change within engineering organizations
• Strong knowledge of compliance program security controls, like ISO 27001, SOC 2, HITRUST, FedRAMP, and UK Cyber Essentials as applied to cloud SaaS, PaaS, and IaaS operations.
• Experience building continuous integration/deployment pipelines with robust testing and deployment schedules
• Experience working with internal customers and translating requests into prioritized work or features
• Expertise in applying risk identification techniques to develop security solutions
• Experience and understanding of cryptographic algorithms, standards, implementation and application
• Experience and understanding of threat modeling, penetration testing, reverse engineering and attacks on software
• Experience working with large enterprise customers
• The ideal candidate posseses or has the ability to obtain and maintain a Developed Vetting (DV) clearance.