Security Architect

Security Architect at Oracle

As a Product Security architect, you will be performing security reviews and providing hands-on help to development teams to address security issues systematically. We're looking for passionate engineer who is able to consider business impact and risk to Oracle and its customers while dealing with any security issues. You will work a trusted partner with one or more SaaS product development teams, while simultaneously collaborating with your peers in evolving or creating new security patterns or standards to address any security issues/gaps in an efficient way. You will research the product security landscape and help steer product security architecture for solutions that will provide a competitive edge for Oracle SaaS.

This position requires strong product security and application security experience. It will be highly valuable to have past experience in working in or with product development teams.

Responsibilities

• Evaluate existing and proposed SaaS Service architectures and perform security architecture reviews, threat modeling, risk assessment and provide guidance on mitigating the security risks.
• Partner and collaborate with development teams for SaaS products and provide security expertise to product design conversations and implementation decisions.
• Work with product teams and peers in security operations to analyze and triage security issues in production and deploy any mitigation such as WAF policies.
• Review and assess security posture and CVEs in third party libraries or products.
• May perform source code review for vulnerability fixes by development teams.
• Keep up to date on emerging threats and standards and translate into actionable guidance including but not limited to crypto, AI Security, Identity, Web security, multi-tenant deployment.
• Evolve security processes and integrate security architecture into SDLC leveraging AI and automation, as appropriate.
• Engage in technical discussions, as needed and serve as a subject matter expert for security architecture and trusted advisor to executive leadership and key stakeholders.
• Define and influence secure-by-design architecture standards, security patterns, and reference implementations for SaaS Services.
• May train and mentor team members.

Qualifications

• 7+ years of information security experience including product security, application security, security testing/offensive security, security tools and security architecture.
• Experience in helping or leading a product security architecture and assurance effort in a large-scale IaaS/PaaS/SaaS Cloud Service Provider, or Fortune 500 company.
• Expert knowledge of modern vulnerability types and threats including intelligence, discovery, mitigation, remediation, and root cause.
• Understanding of security risks in AI based solutions including AI Agents, MCP, Generative AI and ML.
• Hands-on experience with at-least one programming languages such as Java, Python.
• Hands-on experience and knowledge of product development lifecycle in a large enterprise software company.
• Understanding of industry standard frameworks such as OWASP, MITRE, NIST, PCI, FedRAMP, etc.
• Ability to guide and engage individuals and development teams located across multiple geographies and or cultures.
• Knowledge of Oracle Cloud Infrastructure or Oracle SaaS Services is a plus.
• Excellent written and verbal communication skills, strong analytical and problem-solving skills.

Key skills/competency

• Product Security
• Application Security
• Threat Modeling
• Risk Assessment
• SaaS Security
• Cloud Security
• SDLC Security
• Vulnerability Management
• AI Security
• Java/Python Development