Oracle Security Operations Engineer in Bristol, United Kingdom
Security Operations Engineer
Security Operations Engineer
The Oracle Cloud Infrastructure (OCI) team can provide you the opportunity to build and operate a suite of massive scale, integrated cloud services in a broadly distributed, multi-tenant cloud environment.
OCI is committed to providing the best in cloud products that meet the needs of our customers who are tackling some of the world’s biggest challenges.
We offer unique opportunities for smart, hands-on engineers with the expertise and passion to solve difficult problems in distributed highly available services and virtualized infrastructure. At every level, our engineers have a significant technical and business impact designing and building innovative new systems to power our customer’s business critical applications.
Are you interested in securing large-scale distributed infrastructure for the cloud? Oracle’s Cloud Infrastructure team is building its next generation Cloud IaaS/PaaS/SaaS technologies that operate at high scale in a broadly distributed multi-tenant environment. Our customers run their businesses on our cloud, and our mission is to provide them with best and most secure in class, foundational cloud networking services.
* SC clearance required
Our team designs, engineers and operates the security for our premier cloud services. We are reimagining the traditional enterprise thinking of security and creating an environment suitable for the most demanding and security conscience customers in the world.
We are looking for diversely skilled, high performing Cloud Security Engineers to help us to continue to push the boundaries of what can be accomplished in both the current and the next generation of Oracle cloud services. The ideal candidates will have proven experience across a combination of security disciplines including; Security Operations & Monitoring, Threat Hunting and Detection Development, Security Incident Response, Digital Forensics, Threat and Vulnerability Management and SIEM Systems Engineering.
Develop and deploy security detections, dashboards and reports on a variety of SIEM and Security platforms for identifying threats, suspicious activity and intrusions.
Triage and investigate triggered detections by conducting analysis across a variety of application, network and host-based security logs sources both via various SIEM interfaces (Splunk, Elasticsearch, SUMO) and through in-depth live analysis of potentially compromised hosts.
Assist with defining, developing and implementing new processes and procedures for improving operations across all supported security functions; Detections & Analytics, Incident Response, Digital Forensics, TVM and SIEM Engineering.
Conduct complete end-to-end system forensic analysis of compromised hosts in support of high severity intrusion incidents; Perform Memory and Disk Acquisition, Live Analysis, Memory Forensics, Disk Forensics, Network Forensics, Forensic Report Writing whilst maintaining chain of custody.
Develop internal security, triage, investigation and forensic tooling in support of automating and streamlining workloads across all supported security functions and for overall improvement of our security detective capabilities.
Command complex and high severity security incidents, involving engagement across multiple business units, to a clear and complete resolution.
Design, develop, deploy and manage a complete security infrastructure pipeline to include SIEM and log management infrastructure and tooling (Splunk, ELK, ArcSight) as well as log data ingestion, aggregation, indexing, filtering and parsing.
Co-ordinate end-to-end TVM engagements; leverage industry standard scanning and vulnerability identification tooling, collaborate with Offensive Security teams and perform Attack Vector Modelling to effectively identify, confirm, evaluate and remediate critical vulnerabilities.
Qualifications & Experience:
BSc in Information Security, Cyber Security, Digital Forensics, Computer Science / Engineering or a demonstrable equivalent.
3 years minimum experience across two or more of the following related disciplines; Information Security, Incident Response, Digital Forensics, Security Operations, Security Engineering, Site Reliability \ SIEM Engineering, Threat & Vulnerability Management.
Proven ability to write clear concise and efficient code and scripts for automating and streamlining security, triage, investigation and forensic tasks using Python, BASH, Go, Perl.
An exceptionally strong and deep technical understanding and comfort of working with Linux systems and Linux internals.
Proven ability to communicate clearly, effectively and professionally with all levels of the organization; Strong written and verbal communications skills will be important to be successful in this role
A clear understanding of Security Incident Response processes and procedures realised through previous professional experiences of commanding complex and high severity security incidents to clear resolution through all phases of the incident response life cycle.
A clear and demonstrable understanding of, and the ability to emulate, various advanced adversary tactics and methods; to include reconnaissance, exploitation, privilege escalation, persistence, lateral movement and exfiltration.
Ability to distil various advanced adversary tactics and methods, offensive security findings and vulnerability findings into high confidence and high-fidelity detections for deployment across multiple SIEM platforms (Splunk, ELK); Proficiency and experience in writing complex detections in Elasticsearch QueryDSL very desirable.
Demonstrable ability to plan and conduct complete end-to-end system forensic engagements; Including the ability to perform Memory and Disk Acquisition, Live System Analysis, Memory Forensics, Disk Forensics, Network Forensics, Forensic Report Writing.
Ability to demonstrate experience with the following forensics tools would be favourable; X-Ways, Volatility, fmem, LiME, TSK, FTK, DD, DFF, Bulk-Extractor, Foremost\Scalpal, Wireshark, Xplico, Capstone.
Ability to demonstrate experience with building, deploying and managing the following SIEM and log management platforms would be favourable; Splunk, ArcSight, Elasticsearch\ELK Stack.
Previous experience working as part of a large global security operations and Incident Response team in a large cloud or Internet software company desirable.
Detailed Description and Job Requirements
Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc.
As a member of the software engineering division, you will assist in defining and developing software for tasks associated with the developing, debugging or designing of software applications or operating systems. Provide technical leadership to other software developers. Specify, design and implement modest changes to existing software architecture to meet changing needs.
Duties and tasks are varied and complex needing independent judgment. Fully competent in own area of expertise. May have project lead role and or supervise lower level personnel. BS or MS degree or equivalent experience relevant to functional area. 4 years of software engineering or related experience.
As part of Oracle's employment process candidates will be required to successfully complete a pre-employment screening process. This will involve identity and employment verification, professional references, education verification and professional qualifications and memberships (if applicable).
Job: Product Development
Location: GB-GB, UK-Bristol
Job Type: Regular Employee Hire
- Oracle Jobs