Principal Security Analyst, Threat And Vulnerability Management

Senior Security Analyst

We are looking for a senior Security Analyst for Oracle Threat and Vulnerability Management. This role is ideal for a technically strong security professional with a passion for data-driven risk management. You will leverage analytical platforms (e.g., Jupyter, Apache Spark) to collect, analyze, and correlate security signals, uncovering actionable insights to better identify, prioritize, and mitigate emerging threats and vulnerabilities across the enterprise.

Our ideal candidate is an inquisitive and curious analyst who combines deep technical knowledge with advanced data analysis skills. You are passionate about using data to drive smarter, faster decisions in threat detection, vulnerability management, and risk assessment. You're comfortable navigating large, complex data sets and translating technical findings into actionable business recommendations.

Responsibilities:

• Collect, normalize, and analyze diverse security signals from endpoints, infrastructure, applications, and external intelligence sources to assess potential risks.
• Lead and perform security risk assessments across critical systems, applications, and processes using data-driven methodologies.
• Use advanced analytics tools such as Jupyter and Spark to sift through large datasets, uncover patterns, and quantify risk profiles and threat trends.
• Translate analytical outcomes into prioritized, actionable mitigation strategies, collaborating with engineering and operations teams to ensure timely remediation.
• Help drive enhancements to the vulnerability management lifecycle, including detection, validation, risk scoring, and reporting.
• Develop visualizations and reports to effectively communicate findings, risks, and recommendations to technical and executive stakeholders.
• Identify opportunities to automate repetitive tasks related to data collection, analysis, and reporting; partner with development/engineering for tool integration.
• Work cross-functionally with threat intelligence, incident response, and risk management teams to ensure alignment and comprehensive coverage.

Qualifications:

• 8+ years of professional experience in security operations, threat/vulnerability management, or a similar cybersecurity discipline.
• Strong hands-on experience with analytical and scripting tools such as Python, Jupyter Notebooks, and Apache Spark.
• Proven ability to process and analyze large-scale security data sets to drive actionable threat/risk insights.
• Deep knowledge of vulnerability assessment tools, threat modeling, risk scoring methodologies, and common attack techniques (e.g., MITRE ATT&CK).
• Familiarity with enterprise networking, system administration, and major OS security concepts (Windows, Linux, cloud platforms).
• Excellent written and verbal communication skills; able to clearly articulate complex technical issues to technical and non-technical audiences.

Preferred Qualifications:

• Hands-on experience developing or securing services on a public cloud platform (e.g., AWS, Azure, GCP, OCI).
• Industry certifications such as CISSP, OSCP, GIAC, or equivalents.
• Proven ability to drive culture and behavioral change within engineering organizations.
• Ability to effectively communicate and influence secure product and network design in a collaborative environment.
• Experience with security operations and security alert triage processes.
• Knowledge of compliance program security controls, like ISO/IEC 27001, SOC 2, PCI-DSS, HITRUST, FedRAMP, and UK Cyber Essentials.
• Knowledge of risk assessment frameworks, like ISO/IEC 27005, ISO 31000, FAIR, and NIST 800-30.
• Knowledge of incident response frameworks and methodologies, including frameworks like NIST 800-61 and MITRE ATT&CK.
• Experience building continuous integration/deployment pipelines with robust testing and deployment schedules.
• Experience and understanding of cryptographic algorithms, standards, implementation and application.
• Experience and understanding of threat modeling, penetration testing, reverse engineering and attacks on software.
• Experience working in large, complex global enterprise environments.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, and protected veterans' status or any other characteristic protected by law.