Principal Security Engineer

Job Description

As a Principal Security Engineer at Oracle, you will develop and execute programs and processes aimed at reducing information security risk and strengthening Oracle’s overall security posture.

Responsibilities

This role supports the enhancement of Oracle’s security posture with a focus on one or more critical areas:

• Risk management
• Regulatory compliance
• Threat and vulnerability management
• Incident management and response
• Security policy development and enforcement
• Privacy
• Information security education, training, and awareness (ISETA)
• Digital forensics

Risk Management

Leverage advanced skills to assess information security risk across existing and proposed business operational programs, systems, applications, practices, and procedures within highly complex, business-critical environments. This includes conducting and documenting very complex information security risk assessments and assisting in the creation and implementation of security solutions and programs.

Regulatory Compliance

Apply advanced skills to manage programs for establishing, documenting, and tracking compliance with industry and government standards and regulations, such as ISO-27001, PCI-DSS, HIPAA, FedRAMP, and GDPR. You will research and interpret current and pending governmental laws, industry standards, and contracts to communicate compliance requirements to the business, and participate in industry forums to monitor developments in regulatory compliance.

Threat and Vulnerability Management

Utilize advanced skills to research, evaluate, track, and manage information security threats and vulnerabilities, often requiring in-depth analysis of ambiguous information.

Incident Management and Response

Bring advanced skills to respond to security events, identify possible intrusions, and respond in alignment with Oracle's incident response playbooks. This may include operating as an Incident Commander on serious incidents.

Digital Forensics

Conduct data collection, preservation, and forensic analysis of digital media independently, requiring an advanced understanding of forensic techniques.

Additional Focus Areas

Other areas of focus may include providing advanced skills and knowledge to manage Information Security Education, Training, and Awareness programs. In a Corporate Security role, you may manage the creation, review, and approval of corporate information security policies.

You will also mentor and train other team members and compile information and reports for management.

Qualifications

This is a Career Level - IC4 position, indicating an experienced individual contributor role.

Compensation and Benefits (US Specific)

The US hiring range is from $104,200 - $223,400 per year, with eligibility for bonus and equity. Oracle offers a comprehensive benefits package including medical, dental, and vision insurance, short-term and long-term disability, life insurance, 401(k) Savings and Investment Plan with company match, flexible vacation, 11 paid holidays, paid sick leave (72 hours annually, up to 112-hour cap), paid parental leave, adoption assistance, and an Employee Stock Purchase Plan.

About Oracle

Oracle integrates data, infrastructure, applications, and expertise to drive industry innovations and life-saving care, embedding AI across products and services to create a better future. The company fosters an inclusive workforce, offering competitive benefits and encouraging community involvement. Oracle is an Equal Employment Opportunity Employer committed to accessibility.

Key skills/competency

• Information Security Risk Management
• Regulatory Compliance (ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR)
• Threat and Vulnerability Assessment
• Incident Response & Management
• Digital Forensics
• Security Policy Development
• Information Security Education
• Mentorship & Training
• Security Solutions Implementation
• Advanced Security Analysis