Principal Security Engineer (Vulnerability Management)

Do you have a passion for high scale services and working with some of Oracle's most critical customers? We are seeking an experienced, passionate, and talented cyber security engineer with a deep interest in vulnerability management and cloud security. This position is designed for technical security engineers adept at navigating the complexities of cloud security and leading efforts to increase security posture. In this key role, you will critically assess security architecture decisions, and lead the charge in secure planning, development, and coordination. Your expertise will guide the team through intricate cloud security challenges, ensuring our defences are both robust and adaptable.

Who We Are

We are a world-class team of high calibre application security researchers and engineers who thrive on new challenges. We are an inclusive and diverse team with a full spectrum of experience distributed globally. We have the resources of a large enterprise and the energy of a start-up, working on a critical Greenfield software assurance project collaboratively with our cloud and mobile engineering teams. The Software Assurance organization has the mission to make application security and software assurance, at scale, a reality. We are a dedicated team, leveraging each other’s insights and abilities to produce cutting edge solutions to difficult problems through automation and CI/CD. Join us to grow your career and create the future of software assurance at scale together.

What You’ll Bring

• A minimum of 8 years of experience in the cybersecurity field, with a focus on vulnerability management, cloud security, and security architecture analysis.
• Strong understanding of vulnerability management processes, remediation workflows, and validation of security findings.
• Experience designing and managing security metrics, dashboards, and reporting for technical and leadership audiences.
• Proven expertise in cloud architecture and security principles, and a thorough understanding of risk management frameworks.
• Hands-on experience integrating data from security tools.
• Proficiency in developing and implementing security policies and procedures within cloud environments to safeguard against potential threats.
• Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff.
• Excellent organizational, presentation, verbal, and written communication skills.
• Must be legally authorized to work in the UK without the need for employer sponsorship, now or at any time in the future.

Work You’ll Do

As a member of our team, your days will be dynamic and filled with impactful work. You’ll be at the forefront of developing strategies to protect cloud-based systems and services. Your role is pivotal in navigating the evolving landscape of cloud security, where each day brings new challenges and opportunities for innovation. Each project presents a new set of challenges, whether it’s tailoring security solutions for Oracle’s critical customers, or navigating the complexities of global compliance requirements. Additional responsibilities include:

• Develop and refine new or updated vulnerability management and other technical policies and procedures.
• Design, develop, and maintain security metrics and KPIs to measure the effectiveness, maturity, and progress of technical security programs.
• Partner with the SOC, Oracle Cloud Infrastructure (OCI), Offensive Security, and other stakeholders to prioritize and validate the impact of suspected vulnerabilities.
• Advise customers on mitigation strategies and compensating controls while providing accurate and timely reporting that informs remediation progress.
• Validate remediation actions to ensure vulnerabilities are fully resolved.
• Engage in cloud security architecture, design and implementation, providing expert guidance to ensure secure development and deployment practices.
• Focus on continuous process improvement while developing and refining security protocols and response strategies, ensuring they align with current best practices and regulatory requirements.
• Collaborate with OCI and other internal teams to enhance customer security posture.
• Play a key role in design consultations, facilitating meaningful involvement of the security team in project lifecycles and decision-making processes.
• Stay current on emerging threats, vulnerabilities, and industry trends.

Nice to Have

• Experience automating metrics pipelines using scripting, APIs, or business intelligence platforms.
• Familiarity with regulatory frameworks (e.g., NIST, ISO 27001, CIS) and how they influence security metrics.
• Prior experience working closely with IT operations, application teams, and others to support remediation and reporting efforts.

What We’ll Give You

• A team of very skilled and diverse personnel across the globe.
• Ability to work in a flexible work from home arrangement.
• Exposure to mind blowing large-scale cutting-edge systems.
• The resources of a large, global operation while still having the small, start-up feel of a smaller team day to day.
• Develop new skills and competencies working with our vast cloud product offerings.
• Ongoing extensive training and skills development to further your career aspirations.
• Incredible benefits and company perks.
• An organization filled with smart, enthusiastic, and motivated colleagues.
• The opportunity to impact and improve our systems and delight our customers.