Job description
Security Analyst As a member of the Software Assurance organisation, you will assist with the security program for the organisation, being responsible for internal security, interacting with multiple teams in developing new processes and procedures based on security standards. You will grow while assisting our team members to achieve outstanding results. You will join a collaborative atmosphere to enable buy-in into security processes and cross-team collaboration. You realise there are always opportunities for improvement, you take on feedback from team members and introspect to raise the bar for yourself and our organisation. You are comfortable with ambiguity, exploring new systems, and making the team shine. You will engage in technical discussions with security researchers, analysts, and engineers. You will be conducting and documenting very highly complex information security risk assessments, or creating and implementing security solutions and processes, or researching and interpreting current and pending governmental laws and regulations, industry standards and customer or vendor contracts to communicate compliance requirements to the business. Who We Are We are a world class team of high calibre application security researchers and analysts who thrive on new challenges. We are an inclusive and diverse team with a full spectrum of experience distributed globally. We have the resources of a large enterprise and the energy of a start-up, working on a critical greenfield software assurance project collaboratively with our cloud and mobile engineering teams. The Software Assurance organisation has the mission to make application security and software assurance, at scale, a reality. We are a dedicated team, leveraging each other’s insights and abilities to produce cutting edge solutions to difficult problems through automation and CI/CD. Join us to grow your career and create the future of software assurance at scale together. Responsibilities Assess Information Security risks associated with existing and new business operations, systems, applications, and procedures in a complex business-critical environment. Assist in security assessments, documentation, and implementation of security solutions, policies, processes, and programs. Assist IT teams with maintaining an operational state of compliance with IT standards to successfully support security researcher, analyst, and engineering work efforts. Review daily video feeds for unauthorised personnel, unauthorised use, or unacceptable behaviour to maintain compliance with the operating protocols. Track non-compliance with the operating protocols in the controlled access facility for reporting identified risks, impacts, remediation activities, and timelines to leadership. Assist in the maintenance and securing of the asset inventory and conduct daily audits to identify variances from the previous audit and/or the authoritative inventory, document findings, investigate with IT, and report to leadership. Conduct routine badge access audits to enforce access standards, monitor for anomalies, document findings, and report to leadership. Collaborate with facility resources and physical security to audit and maintain badge profiles to ensure compliance with policies and procedures. Monitor and maintain attendance in a monitored facility and report to leadership. Conduct user access audits across multiple technologies and coordinate remediation with technology owners to maintain compliance. Collaborate across multiple organisations on routine reviews of facility operating policies and procedures and append changes in the operating environment to the documentation. What You’ll Bring Bachelor’s degree with 2+ years of relevant work experience. Full-time in our Reading office. Experience performing risk assessments and/or security audits. Familiarity with NIST 800-53. Experience working in controlled access facilities and executing operating protocols. Ability to succeed through collaboration and working through other internal and external organizations and individuals. Ability to learn quickly and maintaining a positive, can-do attitude. Ability to apply independent and sound business judgment to solve complex issues. Works independently with minimal supervision required. Willingness to help with physical security duties. What We’ll Give You A team of very skilled and diverse personnel across the globe. Exposure to mind blowing large-scale cutting-edge systems. The resources of a large, global operation while still having the small, start-up feel of a smaller team day to day. Develop new skills and competencies working with our vast cloud product offerings. Ongoing extensive training and skills development to further your career aspirations. Incredible benefits and company perks. An organisation filled with intelligent, enthusiastic, and motivated colleagues. The opportunity to impact and improve our systems and delight our customers. An Oracle career can span industries, roles, Countries and cultures, giving you the opportunity to flourish in new roles and innovate, while blending work life in. Oracle has thrived through 40+ years of change by innovating and operating with integrity while delivering for the top companies in almost every industry. In order to nurture the talent that makes this happen, we are committed to an inclusive culture that celebrates and values diverse insights and perspectives, a workforce that inspires thought leadership and innovation. Oracle offers a highly competitive suite of Employee Benefits designed on the principles of parity, consistency, and affordability. The overall package includes certain core elements such as Medical, Life Insurance, access to Retirement Planning, and much more. We also encourage our employees to engage in the culture of giving back to the communities where we live and do business. At Oracle, we believe that innovation starts with diversity and inclusion and to create the future we need talent from various backgrounds, perspectives, and abilities. We ensure that individuals with disabilities are provided reasonable accommodation to successfully participate in the job application, interview process, and in potential roles. to perform crucial job functions. That’s why we’re committed to creating a workforce where all individuals can do their best work. It’s when everyone’s voice is heard and valued that we’re inspired to go beyond what’s been done before. Oracle is an Equal Employment Opportunity Employer * . All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law. * Which includes being a United States Affirmative Action Employer Risk Management: Assesses the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in complex, business-critical environments. May conduct and document basic information security risk assessments. May assist in the creation and implementation of security solutions and programs. Regulatory Compliance: assists in programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Assist with research and interpretation of current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business. Threat and Vulnerability Management: May research, evaluate, track, and manage information security threats and vulnerabilities in situations where analysis of well-understood information is required. Incident Management and response: Responds to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks. Digital Forensics: Assist with data collection, preservation and forensic analysis of digital media independently, where a basic understanding of forensic techniques is required. In a Corporate Security role, may assist with the creation, review and approval of corporate information security policies. Compiles information and reports for management. Risk Management: Assesses the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in complex, business-critical environments. May conduct and document basic information security risk assessments. May assist in the creation and implementation of security solutions and programs. Regulatory Compliance: assists in programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Assist with research and interpretation of current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business. Threat and Vulnerability Management: May research, evaluate, track, and manage information security threats and vulnerabilities in situations where analysis of well-understood information is required. Incident Management and response: Responds to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks. Digital Forensics: Assist with data collection, preservation and forensic analysis of digital media independently, where a basic understanding of forensic techniques is required. In a Corporate Security role, may assist with the creation, review and approval of corporate information security policies. Compiles information and reports for management.