Cloud Security Analyst

Position Overview 

This role will be responsible for the design and implementation of security for Oracle Cloud Security, the IaaS, PaaS and SaaS elements within it, and any associated automation tooling. 

The candidate will need to reference industry standard cloud security design patterns and apply them to existing DevOps processes in a fast-paced environment.  This role will leverage the candidate’s development expertise in the areas of CI/CD pipeline security, API integration, and automation.  Knowledge of more traditional security aspects like network security and operating systems will also be called upon. We are looking for someone who is passionate about security and is effective at engaging with peers to influence the right strategies that will protect the company’s information technology assets and data.

In addition, the role will be expected to maintain an Oracle CASB – a combined CASB and CSPM product.  The successful monitoring of Oracle security events and integration with SIEM/SOAR processes is crucial to the security of the Oracle environment.

 Qualifications

• Bachelor’s degree or equivalent experience

• Oracle Cloud Infrastructure (OCI) and/or Azure, AWS, or GCP compute, storage and network operational experience required

• Technical knowledge of Oracle ERP/EPM

• At least three years experience in security related technologies (i.e. antivirus, IDS/IPS, firewalls, SIEM, FIM, database monitoring, etc.)

• Excellent verbal and written communication skills required

• Familiarity with Information Security and regulatory frameworks and standards (i.e. CIS, NIST, MITRE, NERC ITIL, Cloud Security Alliance)

• Strong understanding of Linux operating system required

• Programming/Scripting Language experience strongly preferred (e.g. Python, Ruby, Perl, PowerShell)

• Experience with DevOps and Agile methodologies preferred

• Industry certification preferred (CISSP, CISA, GIAC, CCSP, Cloud provider certifications)

Job Responsibilities    

• Design and implement cloud security controls for Technology Organization in IaaS/PaaS and SaaS implementations
• Work with engineering and operations teams to implement threat detection signals, deploy new tooling and improve response capabilities both in cloud and on-prem environments
• Participate with developers to aide application security best practices within cloud environments
• Assess existing cloud implementations, identifying security issues and prioritizing fixes
• Use your experience with DevSecOps, CI/CD, containers and microservices to embed security into build and deployment processes
• Engage and empower Technology Organization personnel and other business units to understand and apply information security concepts to mitigate corporate risk
• Plan, coordinate and provide subject matter leadership on information security projects
• Help customers understand and apply information security concepts, processes and technologies
• Maintain current knowledge of information security concepts, technologies and practices
• Demonstrate company values of Safety First, Unquestionable Trust, Superior Performance, and Total Commitment 

Job Requirements  

• United States citizenship is required

• Awareness of energy industry trends, opportunities and challenges

• Strong technical consulting experience; ability to understand business requirements and present appropriate solutions

• Ability to work independently or within a team

• Demonstrated critical, independent thinking; demonstrated ability to conceive and present creative solutions

• Basic budgeting, accounting and financial skills preferred

• Must pass NERC CIP & Insider Threat Protection background checks

• Occasional travel to local and regional locations in pursuit of the job duties and requirements.   

Our LARGE COMPANY CONFIDENTIAL CLIENT is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.