Senior Application Security Analyst in Italy

Senior Application Security Analyst

Preferred Qualifications

Your role

As part of Oracle NetSuite’s Security Team, the Application Security Analyst is a crucial security point of contact for the NetSuite leadership and key collaborators. This role will be instrumental in building relationships between Security and Product Development teams to understand, prioritize and coordinate key security objectives around reducing risks and eliminating vulnerabilities in application development lifecycle.

The main focus of this role is to facilitate conversations between Application Security and Product Development around identifying vulnerabilities, monitoring and reporting on progress towards remediation to all collaborators. Thrive in this crucial role and come and join us.

What You’ll Do

• Partner with multi-functional teams to ensure remediation of identified vulnerabilities occurs within noted timeframes and in alignment with information security policies

• Perform vulnerability assessment procedures or have a deep interest in learning the following:

• Research and investigate new and emerging threats and vulnerabilities

• Analyze results of vulnerability assessments, including penetration tests and other verifications of application security effectiveness

• Act as a domain expert in application security vulnerability management

• Contribute to the aggregation and reporting of vulnerability metrics and information

• Partner with collaborators to develop an effective, consistent program for managing application security vulnerabilities and automate manual processes

• Feel comfortable voicing their own opinion while negotiating with key collaborators or explaining relevance of a particular finding

• Assist in supporting, mentoring, and development of analysts

Your Qualifications & Skills

• Bachelor’s Degree in computer engineering or relevant experience in STEM (Science, Technology, Engineering and Math)

• 2 years of experience in information security, cyber risk management or security advisory

• Knowledge on OWASP vulnerabilities and methodology

• Strong understanding of vulnerability concepts and attack methodologies

• Thorough understanding of project/program management techniques and methods

• Excellent written and verbal communication skills in English

• Highly self-motivated and directed

Nice to have

• Practical experience with identifying, analyzing, and communicating cyber threat and vulnerability information

• Experience with web application vulnerability scanning tools and code analysis tools such as Qualys, Burp Suite, and others

• Programming or scripting experience

• Recognized industry certification and/or continuing education programs are a major plus including CISSP, CEH, Security

Why Oracle NetSuite?

Innovation starts with inclusion at Oracle NetSuite. We are committed to creating a workplace where all kinds of people can be themselves and do their best work. It’s when everyone’s voice is heard and valued that we are inspired to go beyond what’s been done before. An Oracle NetSuite career can span industries, roles, countries and cultures, giving you the opportunity to tackle new roles and challenges, while blending work and life.

Oracle NetSuite is the world’s best cloud-based, multi-tenant ERP (Enterprise Resource Planning) service with unified financials, supply chain, order management, omnichannel e-commerce…all in one platform!

Detailed Description and Job Requirements

Develops and executes programs and processes to reduce information security risk and strengthen Oracle’s security posture.

Supports the strengthening of Oracle’s security posture, focusing on one or more of the following: risk management; regulatory compliance; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy; information security education, training and awareness (ISETA); digital forensics and similar focus areas.

Risk Management: Assesses the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in complex, business-critical environments. May conduct and document complex information security risk assessments. May assist in the creation and implementation of security solutions and programs.

Regulatory Compliance: assists in programs to establish, document and track compliance to industry and government standards and regulations, e.g. ISO-27001, PCI-DSS, HIPAA, FedRAMP, GDPR, etc. Researches and interprets current and pending governmental laws and regulations, industry standards and customer and vendor contracts to communicate compliance requirements to the business.

Threat and Vulnerability Management: May research, evaluate, track, and manage information security threats and vulnerabilities in situations where analysis of well-understood information is required.

Incident Management and response: Responds to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks.

Digital Forensics: May conduct data collection, preservation and forensic analysis of digital media independently, where a basic understanding of forensic techniques is required.

Other areas of focus may include duties managing Information Security Education, Training and Awareness programs. In a Corporate Security role, may manage the creation, review and approval of corporate information security policies.

Compiles information and reports for management.

Minimum of 5 years experience in information systems, business operations, or related fields, at least 2 years of which must be from at least one of the following: Information security risk management; information security program management; Industry/Government security compliance program management (ISO-27001, GDPR, HIPAA, FedRamp, etc.); threat and vulnerability management; incident management and response; security policy development and enforcement; privacy, information security education, training and awareness (ISETA), information security solutions development, etc. required.

Preferred but not required qualifications include: Bachelor-level university degree in a relevant field from an accredited university, or equivalent. CISSP, CISM, CISA , CIPP or other equivalent certification. Experience managing security incidents and vulnerabilities through their life cycle. Experience designing and developing automated process for responding to possible network intrusions. Knowledge of secure software design principles and the software development life cycle. Experience with at least 1 automation language or framework (Python, Ruby, SALT, Terraform, etc.) or vulnerability scanning tool (Qualys, Burp Suite, etc.).

Job: Information Security Engineering

Location: Spain

Other Locations: Italy

Job Type: Regular Employee Hire

Organization: Oracle