Oracle
Senior Principal Application Security Engineer, Oracle Payments
Oracle, Hartford, Connecticut, us, 06112
Job Description
Senior Principal Application Security Engineer, Oracle Payments
Location: United States
Travel: 25%
No visa sponsorship is available for this position.
You have a passion for payments and are driven to apply your creative problem-solving skills to complex challenges. You are a highly motivated self-starter that communicates efficiently across geographic and cultural boundaries and influence at all levels within a company. As a results and goal-oriented professional, you work independently in a sophisticated and dynamic environment.
Sound familiar? Here’s your chance to be part of a tight-knit global team at one of the world’s leading tech companies.
The Role
As part of the Oracle Payments Team, the Security Lead is responsible for reducing security assurance risk. You will lead the security practice to drive the culture in the organization and ensure that all activities are effective at avoiding, mitigating, finding and fixing vulnerabilities.
The SPOC is considered the security expert for the component team and as such, is the central security resource to the team. The SPOC is a key player and has significant responsibilities during each product release cycle. These security compliance activities are not a one-time occurrence but are ongoing and carry through every product release.
Career Level - IC5
Responsibilities
Essential Functions
As a member of the software engineering team, you will take an active role in the definition and evolution of standard practices and procedures. You will be responsible for defining and developing software for tasks associated with the developing, designing and debugging of software applications or operating systems.
Monitor, develop, and maintain enterprise security tooling program including Security Information and Event Management (SIEM), Endpoint Protection, and Web Application Firewalls in both an engineering and analyst capacity.
Participate in security project tasks on an as needed basis and interact directly with security organizations and multiple Lines of Business globally.
Work directly with system owners to implement security controls and configure security tools to meet a variety of requirements.
Build relationships with other compliance and regulatory teams to assess and incorporate security and compliance requirements into our development processes.
Lead the internal security review processes and provide guidance during design, development and release phases on security standards
Reduce risk by enhancing existing security tools and processes within the organization
Support for Reported Product Security Vulnerabilities - Have the skills to review code fixes of security bugs in their areas of responsibility
Technical Guidance for Ongoing Product Development - During the design phase, the Security Lead must ensure that product functional and design specifications include security considerations for every release
Security Community Activity Leadership - The Security Lead must coordinate the various security activities for the respective product family
Product Security Compliance - A major component of the Security Lead function is to identify and quantify security risks for management, especially product risks for customers and the consequential risks to the Oracle brand.
Participate in a Rotational On-Call schedule for Critical issues (we strive to make sure this is truly as rare as it can be)
Analyzes the impact that proposed features will have on the security of other components as well as the product overall.
Participates in design reviews of other components of the product to spot potential threats and risks to his/her component and the product overall.
Checks that core security modules are used (crypto, SSO, etc.); raises exceptions to GPS with explanation and justification if needed.
Uses threat analysis techniques to review and minimization of the threat landscape and attack surface for the component, ensuring entry points/APIs are properly secured.
Conducts periodic code reviews to ensure the component’s security status is consistent with the design and with the Secure Coding Standards.
Monitor internal SecAlert announcements and external security web sites/mailing lists for new developments and emerging threats that may impact the component.
Tracks and reviews third party code that is used by the component and ensures that it is approved for use and the current version updated with available security patches.
Ensures adequate code analysis and security testing of the component is completed.
Read security alerts from partner vendors and act as necessary for the component.
Apply latest Critical Patch Updates and security fixes for underlying Oracle components.
Verify that publicly known security bugs in old releases of the component are fixed in the current release.
Ensure that security bugs are addressed; grant access to security bugs as needed for people to fix them.
Provide support to the GPS ethical hacking team if a product assessment is scheduled.
Have the skills to review code fixes in their areas of responsibility to ensure the fixes meet OSSA requirements
Ability to act as the “security mentor” and primary contact to the development team.
Ability to work with Release Management and QA teams (for major releases Release Management may involve the SPOC to get Security Bugs resolved in a timely manner).
Identify training opportunities and mentor team on best practices.
Working knowledge of security assurance practices, including secure development practices, security testing and tools, existing security vulnerabilities, and emerging threats.
Excellent communication skills to facilitate reviews and discussions across various team.
The successful candidate will be able to demonstrate:
Related experience in an information security role, supporting security programs and security engineering/architecture in complex enterprise environments.
Hands on experience with enterprise security architecture, engineering and implementation (Networking, Endpoint, System Level Security) required.
Experience with at least one enterprise-scale of the following security platforms: SIEM, Antivirus, Endpoint Detection and Response
Strong experience in cloud computing and building secure environments in the cloud.
Experience in security aspects of multiple platforms, operating systems (Linux and Windows servers), software, communications, and network protocols
Understanding of networking protocols and infrastructure designs; including routing, network ports and protocols, host and network intrusion detection systems, encryption, load balancing, and other network infrastructure
Knowledge of security processes and technologies including threat detection, firewall functionality, security monitoring, and specific tools: SIEM, AV, IDS/IPS
Excellent communication skills, analytical ability, strong judgment and leadership skills, and the ability to work effectively with development management and staff.
Dedicated and self-driven desire to maintain knowledge of current security threats and countermeasures; enthusiastic team-member
Demonstrated solution-oriented business and compliance judgment.
Exceptional attention to detail.
Strong project management and organizational skills.
Excellent communicator both internally and externally, with ability to break down complex regulatory requirements into easy-to-understand and practical advice.
Travel Component: Approximately 25% travel within the United States and outside of the United States may be required to successfully fill this role.
Disclaimer:
Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.
Range and benefit information provided in this posting are specific to the stated locations only
US: Hiring Range: from $96,800 to $251,600 per annum. May be eligible for bonus, equity, and compensation deferral.
Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle’s differing products, industries and lines of business.
Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.
Oracle US offers a comprehensive benefits package which includes the following:
Medical, dental, and vision insurance, including expert medical opinion
Short term disability and long term disability
Life insurance and AD&D
Supplemental life insurance (Employee/Spouse/Child)
Health care and dependent care Flexible Spending Accounts
Pre-tax commuter and parking benefits
401(k) Savings and Investment Plan with company match
Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.
11 paid holidays
Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.
Paid parental leave
Adoption assistance
Employee Stock Purchase Plan
Financial planning and group legal
Voluntary benefits including auto, homeowner and pet insurance
The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.
About Us
As a world leader in cloud solutions, Oracle uses tomorrow’s technology to tackle today’s problems. True innovation starts with diverse perspectives and various abilities and backgrounds.
When everyone’s voice is heard, we’re inspired to go beyond what’s been done before. It’s why we’re committed to expanding our inclusive workforce that promotes diverse insights and perspectives.
We’ve partnered with industry-leaders in almost every sector—and continue to thrive after 40+ years of change by operating with integrity.
Oracle careers open the door to global opportunities where work-life balance flourishes. We offer a highly competitive suite of employee benefits designed on the principles of parity and consistency. We put our people first with flexible medical, life insurance and retirement options. We also encourage employees to give back to their communities through our volunteer programs.
We’re committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by calling +1 888 404 2494, option one.
Disclaimer:
Oracle is an Equal Employment Opportunity Employer*. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.
* Which includes being a United States Affirmative Action Employer
Senior Principal Application Security Engineer, Oracle Payments
Location: United States
Travel: 25%
No visa sponsorship is available for this position.
You have a passion for payments and are driven to apply your creative problem-solving skills to complex challenges. You are a highly motivated self-starter that communicates efficiently across geographic and cultural boundaries and influence at all levels within a company. As a results and goal-oriented professional, you work independently in a sophisticated and dynamic environment.
Sound familiar? Here’s your chance to be part of a tight-knit global team at one of the world’s leading tech companies.
The Role
As part of the Oracle Payments Team, the Security Lead is responsible for reducing security assurance risk. You will lead the security practice to drive the culture in the organization and ensure that all activities are effective at avoiding, mitigating, finding and fixing vulnerabilities.
The SPOC is considered the security expert for the component team and as such, is the central security resource to the team. The SPOC is a key player and has significant responsibilities during each product release cycle. These security compliance activities are not a one-time occurrence but are ongoing and carry through every product release.
Career Level - IC5
Responsibilities
Essential Functions
As a member of the software engineering team, you will take an active role in the definition and evolution of standard practices and procedures. You will be responsible for defining and developing software for tasks associated with the developing, designing and debugging of software applications or operating systems.
Monitor, develop, and maintain enterprise security tooling program including Security Information and Event Management (SIEM), Endpoint Protection, and Web Application Firewalls in both an engineering and analyst capacity.
Participate in security project tasks on an as needed basis and interact directly with security organizations and multiple Lines of Business globally.
Work directly with system owners to implement security controls and configure security tools to meet a variety of requirements.
Build relationships with other compliance and regulatory teams to assess and incorporate security and compliance requirements into our development processes.
Lead the internal security review processes and provide guidance during design, development and release phases on security standards
Reduce risk by enhancing existing security tools and processes within the organization
Support for Reported Product Security Vulnerabilities - Have the skills to review code fixes of security bugs in their areas of responsibility
Technical Guidance for Ongoing Product Development - During the design phase, the Security Lead must ensure that product functional and design specifications include security considerations for every release
Security Community Activity Leadership - The Security Lead must coordinate the various security activities for the respective product family
Product Security Compliance - A major component of the Security Lead function is to identify and quantify security risks for management, especially product risks for customers and the consequential risks to the Oracle brand.
Participate in a Rotational On-Call schedule for Critical issues (we strive to make sure this is truly as rare as it can be)
Analyzes the impact that proposed features will have on the security of other components as well as the product overall.
Participates in design reviews of other components of the product to spot potential threats and risks to his/her component and the product overall.
Checks that core security modules are used (crypto, SSO, etc.); raises exceptions to GPS with explanation and justification if needed.
Uses threat analysis techniques to review and minimization of the threat landscape and attack surface for the component, ensuring entry points/APIs are properly secured.
Conducts periodic code reviews to ensure the component’s security status is consistent with the design and with the Secure Coding Standards.
Monitor internal SecAlert announcements and external security web sites/mailing lists for new developments and emerging threats that may impact the component.
Tracks and reviews third party code that is used by the component and ensures that it is approved for use and the current version updated with available security patches.
Ensures adequate code analysis and security testing of the component is completed.
Read security alerts from partner vendors and act as necessary for the component.
Apply latest Critical Patch Updates and security fixes for underlying Oracle components.
Verify that publicly known security bugs in old releases of the component are fixed in the current release.
Ensure that security bugs are addressed; grant access to security bugs as needed for people to fix them.
Provide support to the GPS ethical hacking team if a product assessment is scheduled.
Have the skills to review code fixes in their areas of responsibility to ensure the fixes meet OSSA requirements
Ability to act as the “security mentor” and primary contact to the development team.
Ability to work with Release Management and QA teams (for major releases Release Management may involve the SPOC to get Security Bugs resolved in a timely manner).
Identify training opportunities and mentor team on best practices.
Working knowledge of security assurance practices, including secure development practices, security testing and tools, existing security vulnerabilities, and emerging threats.
Excellent communication skills to facilitate reviews and discussions across various team.
The successful candidate will be able to demonstrate:
Related experience in an information security role, supporting security programs and security engineering/architecture in complex enterprise environments.
Hands on experience with enterprise security architecture, engineering and implementation (Networking, Endpoint, System Level Security) required.
Experience with at least one enterprise-scale of the following security platforms: SIEM, Antivirus, Endpoint Detection and Response
Strong experience in cloud computing and building secure environments in the cloud.
Experience in security aspects of multiple platforms, operating systems (Linux and Windows servers), software, communications, and network protocols
Understanding of networking protocols and infrastructure designs; including routing, network ports and protocols, host and network intrusion detection systems, encryption, load balancing, and other network infrastructure
Knowledge of security processes and technologies including threat detection, firewall functionality, security monitoring, and specific tools: SIEM, AV, IDS/IPS
Excellent communication skills, analytical ability, strong judgment and leadership skills, and the ability to work effectively with development management and staff.
Dedicated and self-driven desire to maintain knowledge of current security threats and countermeasures; enthusiastic team-member
Demonstrated solution-oriented business and compliance judgment.
Exceptional attention to detail.
Strong project management and organizational skills.
Excellent communicator both internally and externally, with ability to break down complex regulatory requirements into easy-to-understand and practical advice.
Travel Component: Approximately 25% travel within the United States and outside of the United States may be required to successfully fill this role.
Disclaimer:
Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.
Range and benefit information provided in this posting are specific to the stated locations only
US: Hiring Range: from $96,800 to $251,600 per annum. May be eligible for bonus, equity, and compensation deferral.
Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle’s differing products, industries and lines of business.
Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.
Oracle US offers a comprehensive benefits package which includes the following:
Medical, dental, and vision insurance, including expert medical opinion
Short term disability and long term disability
Life insurance and AD&D
Supplemental life insurance (Employee/Spouse/Child)
Health care and dependent care Flexible Spending Accounts
Pre-tax commuter and parking benefits
401(k) Savings and Investment Plan with company match
Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.
11 paid holidays
Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.
Paid parental leave
Adoption assistance
Employee Stock Purchase Plan
Financial planning and group legal
Voluntary benefits including auto, homeowner and pet insurance
The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.
About Us
As a world leader in cloud solutions, Oracle uses tomorrow’s technology to tackle today’s problems. True innovation starts with diverse perspectives and various abilities and backgrounds.
When everyone’s voice is heard, we’re inspired to go beyond what’s been done before. It’s why we’re committed to expanding our inclusive workforce that promotes diverse insights and perspectives.
We’ve partnered with industry-leaders in almost every sector—and continue to thrive after 40+ years of change by operating with integrity.
Oracle careers open the door to global opportunities where work-life balance flourishes. We offer a highly competitive suite of employee benefits designed on the principles of parity and consistency. We put our people first with flexible medical, life insurance and retirement options. We also encourage employees to give back to their communities through our volunteer programs.
We’re committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by calling +1 888 404 2494, option one.
Disclaimer:
Oracle is an Equal Employment Opportunity Employer*. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.
* Which includes being a United States Affirmative Action Employer