Austin, TX, USA
24 days ago
Oracle NetSuite Principal Security Engineer, Threat and Vulnerability Management

NOTE: This position will be located at our Austin, TX Headquarters. This is a flex position requiring 3 days a week in office. There is NO sponsorship for this role.

Overview

As part of OracleNetSuite’s Threat and Vulnerability Management Team, the Principal Security Engineer plays a crucial role in the identification, analysis, reporting, and remediation of security vulnerabilities across several NSGBU product lines.

Responsibilities

Continuously monitor emerging threats and vulnerability disclosures to proactively identify and assess potential impacts on the organization Thoroughly analyze and prioritize vulnerabilities based on risk and potential impact to the organization, providing actionable recommendations to stakeholders Document findings and risks in executive summaries to facilitate clear communication with stakeholders Collaborate with engineering and operations teams to develop and implement effective remediation strategies, ensuring vulnerabilities are addressed in a timely manner Lead the integration of automated vulnerability scanning and management tools to streamline processes and improve the team’s overall efficiency Provide guidance and mentorship to junior security engineers and analysts, fostering a culture of continuous learning within the team Create and present reports on vulnerability status, trends, and metrics to senior management and other stakeholders, highlighting areas for improvement and progress Develop templates, procedures, and guidelines for vulnerability management

Qualifications

Bachelor’s degree in Computer Science, Information Security, or a related field 8+ years of experience in information security or security assurance/compliance, with a strong focus on vulnerability management Expertise in vulnerability assessment tools (Qualys, Nessus, Rapid7) and issue tracking tools (Jira, Confluence) Strong knowledge of technology and security topics, including network security, infrastructure hardening, security baselines, web server security, application security, and database security Strong understanding of security frameworks (NIST, OWASP) Knowledge of industry and regulatory requirements (PCI, ISO) Familiarity with scripting languages (Python, Bash) for automation of vulnerability management processes Strong analytical and problem-solving skills, with a proactive approach to identifying and addressing security issues Excellent communication and interpersonal skills, with the ability to convey complex technical information to diverse audiences Highly self-motivated and directed Ability to travel 10% of the time

Career Level - IC4

Confirm your E-mail: Send Email