Oracle Oracle offers a comprehensive and fully integrated stack of cloud applications and cloud platform services. As a Senior Application Security Engineer with a focus on Incident Investigation, you will be part of the Product Security team and work closely with NetSuite's SOC. You will be the Application Security expert in incident investigations, deep diving through logs and code to provide the best context to Incident Responders and the best remediation path to product teams. Your contributions will be key to securing multiple cloud services and promoting good security practices throughout Oracle.
What You'll Do
Lead incident investigations, coordinating different teams and making sure there's a steady pace to the remediation of the events.
Find new and strengthen existing detections by participating in and leading threat hunts.
Participate in and lead purple team exercises on various applications to strengthen our detection and response capabilities.
Determine the best strategy to remediate active security incidents in collaboration with Development and Security teams.
Implement signature-based detections and mitigations within WAF and RASP solutions to secure our web applications.
Build and manage tools/automation to improve our current workflows.
Provide support to NetSuite's SOC with Application Security specific knowledge.
Improve NetSuite's Incident Detection/Response mechanisms and streamline our internal processes.
Cross-train and learn within and across focus groups.
Perform proactive research to keep-up with the latest attacks and TTPs, and translate this into actionable input for our detection and response mechanisms.
Collaborate with Application Security management on program direction, team growth, and addressing systemic security issues.
Your Qualifications & Skills
4+ years in the field of Software Development, Security Engineering or Incident Response.
Experience using Logging tools like OpenSearch or Elastic.
Knowledge on how to operate/implement a WAF.
Application security and/or Software Development expertise.
Incident Response expertise or desire to learn.
Strong ethics and understanding of ethics in information security.
Capable of working independently while supporting a team environment.
Ability to efficiently manage multiple tasks.
Strong communication skills in English both to technical and executive audiences.
Nice to have
Capable of designing, improving and implementing complex workflows.
Familiarity with application security projects (e.g. OWASP Top 10), tools (e.g. ZAP, Burp), and how to build safer software.
Recognized industry certification and/or continuing education programs are a major plus.
Experience or familiarity with other Appsec activities: threat modeling, pen-testing, bug bounty, code reviews, capture the flag (CTF).
Contributions to open-source projects.
Why Oracle NetSuite?
Innovation starts with inclusion at Oracle NetSuite. We are committed to creating a workplace where all kinds of people can be themselves and do their best work. It's when everyone's voice is heard and valued that we are inspired to go beyond what's been done before.
Oracle NetSuite is the world's best cloud-based, multi-tenant ERP (Enterprise Resource Planning) service with unified financials, supply chain, order management, omnichannel e-commerce...all in one platform!
We offer more than just a job!
Agile environment – Start-up culture backed by a strong enterprise.
English-speaking environment and international team.
Strong professionals around you that will help to accelerate your growth.
High-impact learning culture: free access to online learning platforms and regular in-house training sessions.
Private medical insurance and life insurance.
Many other benefits depending on the country.
#J-18808-Ljbffr