C

Security Operations Center Analyst - Day Shift - US GOV (JoinOCI- Ns2)

CLBPTS
Full-time
On-site
Reston, Virginia, United States

Develops and executes programs and processes to reduce information security risk and strengthen Oracle’s security posture.

Supports the strengthening of Oracle’s security posture, focusing on the following: incident response; threat and vulnerability management; risk management; security policy development and enforcement; digital forensics

Incident Management and response:  Responds to security events, identifying possible intrusions and responding in line with Oracle incident response playbooks.

Threat and Vulnerability Management:  May research, evaluate, track, and manage information security threats and vulnerabilities in situations where analysis of well-understood information is required.

Risk Management: Assesses the information security risk associated with existing and proposed business operational programs, systems, applications, practices and procedures in complex, business-critical environments.  May conduct and document complex information security risk assessments. May assist in the creation and implementation of security solutions and programs.

Digital Forensics:  May conduct data collection, preservation, and forensic analysis of digital media independently, where a basic understanding of forensic techniques is required.


Other areas of focus may include duties managing Information Security Education, Training and Awareness programs. In a Corporate Security role, may manage the creation, review and approval of corporate information security policies.

Minimum qualifications:  3 years of experience in information systems with at least 2 years in one of the following:  Information security risk management; information security program management; Industry/Government security compliance program management; threat and vulnerability management; incident management and response; security policy development and enforcement; privacy, information security education, training and awareness (ISETA), information security solutions development, etc.
Preferred but not required qualifications include:  Experience managing security incidents and vulnerabilities through their life cycle.  Experience designing and developing automated process for responding to possible network intrusions.  Experience with at least 1 automation language or framework (Python, Ruby, SALT, Terraform, etc.). Possess at least one of the following certifications: CEH, CFR, CCNA Cyber Ops, CCNA-Security, CySA+, GCIA, GCIH, GICSP, Cloud+, SCYBER, PenTest+