Security Analyst 3

POSITION CONTEXT

Behind every mission-critical Cloud service is a sophisticated SaaS architecture supporting the largest companies in the world, employing the most advanced software engineering. We are proud to support those services and team with customers who depend on them, continually innovating and challenging the status quo. Our team environment is progressive, flexible, professionally challenging, rewarding, and fun.
We are looking for experienced security engineers to join our efforts in reshaping the cloud services landscape across industry verticals to revolutionize the delivery of Cloud Services to the world’s most critical organizations. The SaaS Cloud Security (SCS) organization is responsible for securing enterprise-grade software services on behalf of our 25,000 customers, processing over 60 billion transactions per day.
We are hiring Security analyst in Bangalore, India that can work in the areas of monitoring, detection and response to protect the Oracle SaaS environment. The team will be able to collectively cover the breadth and depth of: monitoring for Indicators of Compromise, being up to date with latest industry trends and Threat Intelligence, and escalating identified incidents for the attack remediation, evidence collection and forensics efforts.

RESPONSIBILITIES/TASKS

Monitoring of the MCS and Oracle SaaS security posture.
Ensure the confidentiality, availability and integrity of Oracle Cloud data and systems.
Respect and protect customer data.
Monitor security controls to detect and prevent infiltration of company systems and exfiltration of company data by adversaries.
Correlate data from disparate log sources to determine a baseline and generate alerts based on behavior based indicators.
Provide management with monitoring reports and trend analysis.
Triage security events and determine whether they must be escalated to SCS Detection and Response Team.
Support incident response efforts as an Oracle Cloud SOC Analyst through the monitoring of system events, utilization of security tools and application of SOC policies and procedures
Provide excellent customer service to Oracle Cloud Operations teams reporting policy violations, potential incidents, and requesting secrity solution support.
Perform other duties asassigned.

DESIRED QUALIFICATIONS:

University degree from an accredited college or university or equivalent experience or certifications.
Experience in information security and technical aspects.
Five or more years of experience in utilizing enterprise security solutions including but not limited to SIEM, security detection and response tools, and endpoint security products.
Ability to analyze attacker tactics, techniques, and procedures (TTPs)
Strong log analysis, deduction, analytical, and problem solving skills.
Self-starter and self-sufficient, doesn’t need to be micro-managed.
Excellent team player, willing to share knowledge and skills with peers.
Knowledge of Information Security standards and access controls such as ISO27001/2, PCI DSS, andother international standards.
Possess the ability to adjust and adapt to changing priorities in a dynamic environment.
Strong technical experience with Linux or similar Unix platforms (Oracle Linux, CentOS, RHEL, Solaris,BSD), macOS, and Windows.
Strong knowledge of Oracle systems and software.
Strong organizational skills and detail-orientation essential.
Strong presentation, written and verbal communication skills.
Knowledge of virtualization and scripting.

Detailed Description and Job Requirements
Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs.

Researches attempted efforts to compromise security protocols. Maintains security systems for routers and switches. Administers security policies to control access to systems. Maintains the company*s firewall. Uses applicable encryption methods. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information.

Oracle is an Affirmative Action-Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans status, age, or any other characteristic protected by law.

Supports the strengthening of Oracle’s security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas.
Risk Management: Assesses the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in complex, business-critical environments. May conduct and document complex information security risk assessments. May assist in the creation and implementation of security solutions and programs.
Regulatory Compliance: assists in programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business.
Threat and Vulnerability Management: May research, evaluate, track, and manage information security threats and vulnerabilities in situations where analysis of well-understood information is required.
Incident Management and response: Responds to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks.
Digital Forensics: May conduct data collection, preservation and forensic analysis of digital media independently, where a basic understanding of forensic techniques is required.
Other areas of focus may include duties managing Information Security Education, Training and Awareness programs. In a Corporate Security role, may manage the creation, review and approval of corporate information security policies.
Compiles information and reports for management.