Senior Cloud Security Engineer

Location: Agadir 

#LI-Onsite

The Local Government Global Industry Unit (LGGIU) is an organization within Oracle that is building modern SaaS solutions for a future-forward government and we are seeking security specialists who have a genuine excitement and interest in being part of a collaborative team dedicated to providing industry leading cyber security and compliance to the public sector.

Responsibilities:

Responsibilities

• Responsible for basic planning, design and build of security systems, applications, environments and architectures; oversees the implementation of security systems, applications, environments and architectures and ensures compliance with information security standards and corporate security policies and procedures.
• Assist in development of incident response capabilities, training, and tool validation.
• May research, evaluate, track, and manage information security threats and vulnerabilities in situations where analysis of well-understood information is required and where computer programming/scripting knowledge is required.
• May participate in an incident management team, responding to security events in line with Oracle incident response playbooks. Investigates purported intrusions and breaches, and oversees root cause analysis.  Coordinates incidents with other business units and may assist the Incident Commander during serious incidents. 
• Participates in developing new methods, and playbooks, as well as basic scripts, applications, and tools.
• Research industry trends and constantly assess current controls and threat posture of new and existing products and services.
• Recommend and implement new security controls across Oracle’s line of business (LOB).
• Improve current processes and workflows to minimize manual efforts.

Qualifications

• Application security experience, preferably in a large multi-team, geo-diverse corporate environment.
• Professional, hands-on experience in securing SaaS workloads in public cloud platforms, preferably in Oracle Cloud Infrastructure.
• Strong understanding of application security concepts and best practices (e.g. Principle of Least Privilege, Defense In Depth, Separation of Duties, etc.).
• Strong understanding of secure development life cycle best practices.
• Proficiency in developing small utility applications in a high-level language such as Python, Java or equivalent.
• Solid understanding of architecture, networking, and modern cloud security controls (WAF, Bastion, IAM, Network Isolation, KMS, etc).
• Experience with cyber threats, malicious cyber threat actor motivations, and capabilities.
• Experience with modern, containerized cloud-native application design, deployment, and operations.
• Experience with threat research, vulnerability analysis, risk assessment, CVSS scoring, and Common Vulnerabilities and Exposures (CVE).
• Experience with cloud security analysis, threat modeling, and offense security methods and techniques.
• Experience with securing Linux, Container Runtimes, Kubernetes, and CI/CD pipelines.
• Ability to read and understand source code in Java, Python, Golang, or equivalent languages.
• Ability to effectively interact with non-technical staff in articulating technical material in business terms.
• Ability to engage with other internal and external groups to get and share information to improve processes and security posture.
• Strong communication, presentation, documentation, and analytical skills.
• Demonstrated experience in solving complex challenges.
• Intellectually curious and therefore remain abreast of new technologies and developments relating to cloud security in the local government sector.