Security Analyst

Do you have a passion for application security and working on one of the most important security challenges of current software development? We are looking for a Security Analyst with experience of using static analyzers. As a Security Analyst, you will work collaboratively with other engineers in the Security Tools engineering team to extend and support an in-house static application security testing tool. We value software analysts with initiative and agency who have a passion to learn, build and deploy production-quality application security software. About the role In this role of a Security Analyst you will be conducting and documenting a highly complex information security risk assessments, developing and implementing security processes. As a member of the Software Assurance central services team you will be responsible for the configuration and deployment of SAST tools, as well as reviewing and reporting vulnerability reports issued by SAST and SCA tooling. Upon finding vulnerabilities you will be required to deep dive into each of them individually, performing further analysis, in order to avoid false positives and ensure high accuracy of findings. You will be responsible for planning, developing processes, documenting them while interacting with a variety of teams across our Software Assurance organisation, train staff, and be the go-to person for such security processes. You foster the collaborative atmosphere to enable buy-in into security processes and cross-team collaboration. You are ambitious, yet humble – you realise there are always opportunities for improvement, you take on feedback from team members and introspect to raise the bar for yourself and your organization. You are comfortable with ambiguity. Your responsibilities also include contributing to the design, implementation, integration and testing of analysis support in the tool for a variety of languages including C/C++, Objective-C, Java, Python, and Go. This position will require 100% onsite work in our office in North Ryde. What You’ll Bring Bachelor's Degree in Computer Science, Software Engineering or related disciplines Good understanding of application security, CVE classification system (Common Vulnerabilities and Exposures) and OWASP top 10 Experience in program analysis, compilers, or web application security Have worked and understand report outputs through SAST and SCA tooling. Ability to review vulnerabilities in open-source software written in Java and/or GoLang, C/C++, Python. Foundational skills in Python programming Familiar with SCM/software version control tools (e.g., Git) A strong interest in application security, willingness to learn and seek out information to solve challenging problems is essential Eligibility to work in Australia without sponsorship is essential Ability to work as part of a team as well as independently Nice to Have Masters or PhD in Computer Science, Software Engineering in a field related to program analysis or application security Prior experience in a software development role Knowledge and experience of security testing tools DevSecOps and/or CI/CD experience Experience working with geographically distributed teams What We’ll Give You An organization filled with smart, enthusiastic, and supportive colleagues A team of very skilled and diverse personnel across the globe The resources of a large, global operation while still having the start-up feel of a small team Work You’ll Do Review and categorize software security analysis vulnerability findings Report and document vulnerability findings Identify duplications and false positive vulnerability reports Review commonly used software libraries to model their behaviour for SAST tools Partner with software development through ongoing security identification Partner with Site reliability engineering to help identify and work with them to improve automation mechanisms Seek out opportunities to improve systems and reporting mechanisms Who We Are We are a world-class team of high-caliber security software developers who thrive on new challenges. We are an inclusive and diverse team with a full spectrum of experience distributed globally. We have the resources of a large enterprise and the energy of a start-up, working on advancing the state-of-the-art for developers through SAST and SCA tools. The Security Tools organization has the mission to make application security, at scale, a reality. We are a dedicated team, leveraging each other's insights and abilities to produce cutting edge solutions for today's complex codebases. We value people who can use their Program Analysis and/or Data Analytics skills to further develop and enhance our tools, as well as support new language features or vulnerability types. Join us to grow your career and create the future of application security at scale together. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law. #J-18808-Ljbffr