Senior Security Engineer (Code Review) Software Security
Cloud Engineering Infrastructure Development
At Oracle Cloud Infrastructure (OCI), we build the future of the cloud for Enterprises as a diverse team of fellow creators and inventors. We act with the speed and attitude of a start-up, with the scale and customer-focus of the leading enterprise software company in the world.
Values are OCIs foundation and how we deliver excellence. We strive for equity, inclusion, and respect for all. We are committed to the greater good in our products and our actions. We are constantly learning and taking opportunities to grow our careers and ourselves. We challenge each other to stretch beyond our past to build our future.
You are the builder here. You will be part of a team of really smart, motivated, and diverse people and given the autonomy and support to do your best work. It is a dynamic and flexible workplace where youll belong and be encouraged.
Who are we looking for?
We are looking for hands-on security engineers with expertise and passion in solving difficult security problems in distributed systems, multi-tenant services and large-scale infrastructures. If this is you, at Oracle Cloud you can help design and build innovative new systems from the ground up. These are exciting times in our space - we are growing fast, and working on ambitious new initiatives. A security-focused engineer at any level can make significant technical and business impact.
- Provide governance on design and code review process; advise and be a consultant to engineering teams
- Perform application architecture and security code reviews; ensure comprehensive security control coverage
- Perform Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST)
- Review and validate automated testing results and prioritize actions based on overall risk
- Perform manual source code review for security vulnerabilities; analyze source code to mitigate identified weaknesses and vulnerabilities within the system
- Identify opportunities to automate and standardize information security controls
- Write formal security assessment reports; identify and document all of the pertinent facts
- how the application is accessed, what is the operational context of the application code, and what sorts of weaknesses have been introduced to application code in the past
- Create verification reports that detail the application security architecture and the results of the verification
- Document remediation recommendations required to harden the code
- Work with the development team to validate that the issues have been resolved
- Perform application performance fine tuning; help identify and fix performance bottlenecks
- Support suite of enterprise security tools (network/platform scanners, web application scanners, asset discovery scanners, and source code security scanners) used in identifying vulnerabilities in software products and custom code on the network
- Bachelors or Masters degree in Computer Science or related field
- 4+ years of experience - performing security code reviews utilizing Static & Dynamic code scanning tools (HP Fortify, SonarQube, BurpSuite, WebInspect, IBM AppScan etc.
- Expertise in application security and associated vulnerabilities
- Experience using ALM and CICD tools like Bitbucket, TFS, Jenkins, uDeploy, BMC RLM or related tools in an agile methodology
- Experience using commercial enterprise automated security testing tools such as AppScan Source, Fortify, Checkmarx, Veracode, Blackduck, Sonatype,
- Knowledge of cloud computing concepts and DevOps tools (OpenShift, Kubernetes, Docker, Chef, etc.)
As a member of the software engineering division, you will take an active role in the definition and evolution of standard practices and procedures. You will be responsible for defining and developing software for tasks associated with the developing, designing and debugging of software applications or operating systems.
Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Leading contributor individually and as a team member, providing direction and mentoring to others. BS or MS degree or equivalent experience relevant to functional area. 7 years of software engineering or related experience.
If you are a Colorado resident, Please Contact us or Email us at firstname.lastname@example.org to receive compensation and benefits information for this role. Please include this Job ID: 210004FW in the subject line of the email.
Innovation starts with inclusion at Oracle. We are committed to creating a workplace where all kinds of people can be themselves and do their best work. It’s when everyone’s voice is heard and valued, that we are inspired to go beyond what’s been done before. That’s why we need people with diverse backgrounds, beliefs, and abilities to help us create the future, and are proud to be an affirmative-action equal opportunity employer.
Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status, age, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.