Senior Application Security Engineer - Incident Investigation Oracle Oracle offers a comprehensive and fully integrated stack of cloud applications and cloud platform services. View company pageAs a Senior Application Security Engineer with a focus on Incident Investigation, you will be part of the Product Security team and work closely with NetSuite's SOC. You will be the Application Security expert in incident investigations, deep diving through logs and code to provide the best context to Incident Responders and the best remediation path to product teams. Your contributions will be key to securing multiple cloud services and promoting good security practices throughout Oracle.What You'll DoLead incident investigations, coordinating different teams and making sure there's a steady pace to the remediation of the events.Find new and strengthen existing detections by participating in and leading threat hunts.Participate in and lead purple team exercises on various applications to strengthen our detection and response capabilitiesDetermine the best strategy to remediate active security incidents in collaboration with Development and Security teams.Implement signature-based detections and mitigations within WAF and RASP solutions to secure our web applications.Build and manage tools/automation to improve our current workflows.Provide support to NetSuite's SOC with Application Security specific knowledge.Improve NetSuite's Incident Detection/Response mechanisms and streamline our internal processes.Cross-train and learn within and across focus groups.Perform proactive research to keep-up with the latest attacks and TTPs, and translate this into actionable input for our detection and response mechanisms.Collaborate with Application Security management on program direction, team growth, and addressing systemic security issues.Your Qualifications & Skills4+ years in the field of Software Development, Security Engineering or Incident Response .Experience using Logging tools like OpenSearch or Elastic.Knowledge on how to operate/implement a WAF.Application security and/or Software Development expertise.Incident Response expertise or desire to learn.Strong ethics and understanding of ethics in information security.Capable of working independently while supporting a team environment.Ability to efficiently manage multiple tasks.Strong communication skills in English both to technical and executive audiences.Nice to haveCapable of designing, improving and implementing complex workflows. [PB1]Familiarity with application security projects (e.g. OWASP Top 10), tools (e.g. ZAP, Burp), and how to build safer software.Recognized industry certification and/or continuing education programs are a major plus.Experience or familiarity with other Appsec activities: threat modeling, pen-testing, bug bounty, code reviews, capture the flag (CTF)...Contributions to open-source projects.Why Oracle NetSuite?Innovation starts with inclusion at Oracle NetSuite. We are committed to creating a workplace where all kinds of people can be themselves and do their best work. It's when everyone's voice is heard and valued that we are inspired to go beyond what's been done before. An Oracle NetSuite career can span industries, roles, countries and cultures, giving you the opportunity to tackle new roles and challenges, while blending work and life.Oracle NetSuite is the world's best cloud-based, multi-tenant ERP (Enterprise Resource Planning) service with unified financials, supply chain, order management, omnichannel e-commerce...all in one platform!We offer more than just a job!Agile environment – Start-up culture backed by a strong enterpriseEnglish-speaking environment and international teamStrong professionals around you that will help to accelerate your growthHigh-impact learning culture: free access to online learning platforms and regular in-house training sessionsPrivate medical insurance and life insuranceMany other benefits depending on the countryOracle NetSuite is an Equal Employment Opportunity Employer. We ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits of employment.#LI-Hybrid #LI-FF1As a world leader in cloud solutions, Oracle uses tomorrow's technology to tackle today's problems. True innovation starts with diverse perspectives and various abilities and backgrounds.When everyone's voice is heard, we're inspired to go beyond what's been done before. It's why we're committed to expanding our inclusive workforce that promotes diverse insights and perspectives.We've partnered with industry-leaders in almost every sector—and continue to thrive after 40+ years of change by operating with integrity.Oracle careers open the door to global opportunities where work-life balance flourishes. We offer a highly competitive suite of employee benefits designed on the principles of parity and consistency. We put our people first with flexible medical, life insurance and retirement options. We also encourage employees to give back to their communities through our volunteer programs.We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by calling +1 888 404 2494, option one.Disclaimer:Oracle is an Equal Employment Opportunity Employer*. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.* Which includes being a United States Affirmative Action EmployerExplore more InfoSec / Cybersecurity career opportunities Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.#J-18808-Ljbffr
