Oracle Senior Security Engineer (Code Review) – Software Security (Join OCI-SDE) in Troy, Michigan
Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc.
As a member of the software engineering division, you will take an active role in the definition and evolution of standard practices and procedures. You will be responsible for defining and developing software for tasks associated with the developing, designing and debugging of software applications or operating systems.
Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Leading contributor individually and as a team member, providing direction and mentoring to others. BS or MS degree or equivalent experience relevant to functional area. 7 years of software engineering or related experience.
This is a remote/office based position which may be performed anywhere in the United States except for within the state of Colorado.
Oracle is an Affirmative Action-Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans status, age, or any other characteristic protected by law.
Senior Security Engineer (Code Review) – Software Security
*Cloud Engineering Infrastructure Development *
/At Oracle Cloud Infrastructure (OCI), we build the future of the cloud for Enterprises as a diverse team of fellow creators and inventors. We act with the speed and attitude of a start-up, with the scale and customer-focus of the leading enterprise software company in the world./
/Values are OCI’s foundation and how we deliver excellence. We strive for equity, inclusion, and respect for all. We are committed to the greater good in our products and our actions. We are constantly learning and taking opportunities to grow our careers and ourselves. We challenge each other to stretch beyond our past to build our future./
/You are the builder here. You will be part of a team of really smart, motivated, and diverse people and given the autonomy and support to do your best work. It is a dynamic and flexible workplace where you’ll belong and be encouraged./
We offer unique opportunities for smart, hands-on security engineers with the expertise and passion to solve difficult problems in distributed highly available services and virtual infrastructure. At every level, our engineers have a significant technical and business impact designing and building innovative new systems to power our customer’s business critical applications. Our customers run their businesses on our cloud, and our mission is to provide them with the most secure cloud services.
Who are we looking for?
We are looking for hands-on security engineers with expertise and passion in solving difficult security problems in distributed systems, multi-tenant services and large-scale infrastructures. If this is you, at Oracle Cloud you can help design and build innovative new systems from the ground up. These are exciting times in our space - we are growing fast, and working on ambitious new initiatives. A security-focused engineer at any level can make significant technical and business impact.
Provide governance on design and code review process; advise and be a consultant to engineering teams
Perform application architecture and security code reviews; ensure comprehensive security control coverage
Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST)
Review and validate automated testing results and prioritize actions based on overall risk
Perform manual source code review for security vulnerabilities; analyze source code to mitigate identified weaknesses and vulnerabilities within the system
Identify opportunities to automate and standardize information security controls
Write formal security assessment reports; identify and document all of the pertinent facts
o how the application is accessed, what is the operational context of the application code, and what sorts of weaknesses have been introduced to application code in the past
Create verification reports that detail the application security architecture and the results of the verification
Document remediation recommendations required to harden the code
Work with the development team to validate that the issues have been resolved
Perform application performance fine tuning; help identify and fix performance bottlenecks
Support suite of enterprise security tools (network/platform scanners, web application scanners, asset discovery scanners, and source code security scanners) used in identifying vulnerabilities in software products and custom code on the network
Bachelor’s or Master’s degree in Computer Science or related field
4 years of experience - performing security code reviews utilizing Static & Dynamic code scanning tools (HP Fortify, SonarQube, BurpSuite, WebInspect, IBM AppScan etc.
Expertise in application security and associated vulnerabilities
Experience using ALM and CICD tools like Bitbucket, TFS, Jenkins, uDeploy, BMC RLM or related tools in an agile methodology
Experience using commercial enterprise automated security testing tools such as AppScan Source, Fortify, Checkmarx, Veracode, Blackduck, Sonatype,
Knowledge of cloud computing concepts and DevOps tools (OpenShift, Kubernetes, Docker, Chef, etc.)
Job: *Product Development
Title: Senior Security Engineer (Code Review) – Software Security (Join OCI-SDE)
Location: United States
Requisition ID: 210004FX
- Oracle Jobs