At Oracle Cloud Infrastructure (OCI), we build the future of the cloud for Enterprises. We act with the speed and attitude of a start-up along with the scale and customer focus of the leading enterprise software company in the world.

About the team:

EES Security and Compliance team defines and measures baseline standards using existing internal policies and industry standards such as CIS and SANS. The team creates tools to proactively detect gaps with baseline compliance that improve security operations (scan failure, asset management gaps, configuration drift, etc.) and drive resolution. Technical liaisons for EES teams to analyze and prioritize vulnerabilities, compliance gaps, and security programs. Provides solution guidance to optimize remediation efforts, assist with exception requests, and resolve any process inefficiencies.

Ideally, the candidate will possess several of the following skills:

• Security Compliance and Auditing: Knowledge of regulatory compliance requirements (e.g., GDPR, HIPAA, PCI, DSS, NIST) and experience with security auditing frameworks and processes
• Cloud Security: Familiarity with cloud security principles and best practices, including securing cloud infrastructure, services, and applications in platforms, OCI is a plus
• Patch management and vulnerability remediation experience for Linux and Windows systems using automation tools such as Ansible, Chef, and Puppet
• Security Architecture: Ability to assess, design, and implement security architectures, including network segmentation, secure access controls, and defense-in-depth strategies
• Forensics and Incident Response: Experience in conducting digital forensics investigations and leading incident response activities, including evidence collection, analysis, and containment
• Communication and Leadership: Strong leadership, interpersonal, and communication skills, with the ability to effectively communicate security-related concepts and findings to stakeholders at all levels of the organization
• Continuous Learning and Improvement: Commitment to continuous learning and professional development in the field of cybersecurity, staying updated with the latest threats, trends, and technologies

Qualifications:

• Bachelor's degree in Computer Science, Information Security, or a related field. Master's degree preferred
• 8 years of experience in information systems, business operations, or related fields,
• 3 years of experience in security operations, with a focus on incident detection, response, and vulnerability remediation
• Experience with at least 1 automation language or framework (Python, PowerShell, Terraform, etc.) or vulnerability scanning tool (Qualys, Nessus, etc.)
• Strong understanding of networking protocols, operating systems (Linux, Windows), MiddleTier, Database, and cloud computing environments
• Experience with security tools such as SIEM platforms, intrusion detection/prevention systems, and endpoint security solutions
• Relevant certifications such as CISSP, CISM, CISA, or GIAC certifications are preferred
• Excellent communication skills with the ability to effectively communicate technical concepts to both technical and non-technical stakeholders
• Proven leadership abilities with experience leading security projects and initiatives
• Ability to work independently and collaboratively in a fast-paced environment
• Strong analytical and problem-solving skills with a keen attention to detail