SaaS Security Testing Services team is looking for Security Testing and Tools Engineers with various degree of experience in AppSec/Product Security field (Senior/Principle level) in Oracle India Development Center under the Oracle SaaS Cloud Security (SCS) organization. Oracle SaaS a.k.a. Oracle Cloud applications, built on machine learning, offer the most complete application suite with the best technology, enabling fast innovation with a modern UX and customer-first approach and one of the top strategic cloud services for Oracle. The SCS organization is responsible for securing enterprise-grade software services on behalf of our 25,000 customers, processing over 60 billion transactions per day. You will get the opportunity to join our efforts to reshape not only future of security testing and automation for Fusion App SaaS Services at Oracle – but influence the security testing landscape across all the SaaS offerings.
You will have the opportunity to work in a cloud-scale environment using the latest security technologies/tools and collaborate with the best minds in the industry, to collectively stay ahead and respond to increasing threats to cloud services. SaaS STS team will actively engage in conducting white box/grey box application security testing - complementing what the development teams do in a more holistic and more integrated setting through the security automation and tooling. SaaS STS team responsibilities will include implementation of Static Code Analysis, Dynamic App Security Testing/Fuzz Testing, Interactive / manual App security testing, facilitate automation of security verifications in CI/CD pipeline and evidence gathering for compliance audits.
This position requires technical security knowledge and Cloud/DevSecOps or product development experience.
You will be part of the SaaS Security Testing Services team in IDC.
You will work with Fusion Apps and other SaaS Services development teams to identify gaps in security testing and implement scalable solutions to improve security testing
You will implement automated security processes and security tooling in CI/CD pipeline.
You will work with individual SaaS development teams to enable them with necessary tools and procedures for collecting necessary security testing evidence for PCI and other regulatory compliance audits of their respective products.
You will work with development teams and provide remediation guidance to address any security findings
You will evaluate and deploy new security tools and technologies to handle ever changing security threats landscape and support hyper-scale SaaS growth.
4+ years of work experience in software development or testing role.
Experience in security testing tools including static analysis, web application testing, software composition analysis, infrastructure and network testing, and manual security testing required, 2 years minimum preferred
Experience in product development or Security QA or penetration testing of Enterprise software, SaaS, IaaS or PaaS cloud services, 2 years minimum preferred
Experience in automating security processes and security tooling in CI/CD pipeline especially for Microservices based architecture including Containers and Kubernetes.
Experience with agile methodologies and DevSecOps environments
In depth knowledge of security vulnerabilities including a detailed understanding of the OWASP top 10, secure design and secure coding principles
Ability to prioritize and handle concurrent assignments or projects.
Excellent team player, willing to share knowledge and skills with peers and team members
Strong presentation, written and verbal communication skills
Bachelor’s degree in Computer Science or related field
Security certifications such as CISSP or CSSLP is a plus