Job Description

To address increasing demands for Automation using AI, advanced application/cloud security and to further elevate the technical capabilities of Oracle's Fusion Security Team, we are opening a requisition for an IC5 Senior Principal Security Engineer. This critical role is intended strictly for an individual contributor (IC) who will provide hands-on expertise in the secure development of Fusion Applications, implement cutting-edge security protocols, and collaborate on delivery execution--without direct people management responsibilities.

Key requirements for this role include:

Minimum of 10+ years of relevant experience in security engineering, application security, or related fields, Deep experience in application security, with a proven track record of identifying and mitigating complex vulnerabilities in enterprise-scale products, Expert knowledge of secure design principles, with the ability to influence architecture and drive security-by-design initiatives, Thorough understanding of secure coding practices across modern programming languages and frameworks, and the capability to mentor engineering teams in their adoption, In-depth knowledge of Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and broader Application Security Testing (AST) processes, including integrating these practices into CI/CD pipelines, Demonstrated ability to collaborate across development, operations, and security teams to ensure the effective implementation and enforcement of security controls, Exposure to AI development and the unique security challenges of AI-powered applications, including threat modeling and secure deployment of AI/ML models.

Desirable qualifications:

Industry-recognized security certifications such as CISSP, OSWE, or equivalent and certifications on AI will be considered an additional advantage.
Adding this senior-level IC expertise will:


Increase our execution speed on security-critical deliverables, Enhance our ability to identify and mitigate emerging security threats, Support the technical growth and mentorship of the team, Strengthen reliability and security of our products, Bolster customer trust and confidence in Oracle's cloud offerings, and Positively impact Oracle's cloud revenue by making our services more attractive to security-conscious customers.

As a member of the software engineering division, you will take an active role in the definition and evolution of standard practices and procedures. Define specifications for significant new projects and specify, design and develop software according to those specifications. You will perform professional software development tasks associated with the developing, designing and debugging of software applications or operating systems.

Responsibilities:

Lead the design, development, and implementation of advanced security features and controls within Oracle Fusion Applications. Perform in-depth security reviews of application architectures and collaborate with engineering teams to integrate secure design principles early in the development lifecycle. Conduct threat modeling and risk assessments to identify, prioritize, and mitigate security risks in new and existing products. Drive adoption of secure coding practices by reviewing code, providing detailed feedback, and mentoring developers in secure software development. Evaluate, implement, and optimize application security testing (AST) processes, including SAST, DAST, and other automated or manual assessment methods. Collaborate with cross-functional teams (engineering, product management, operations) to ensure security requirements are embedded throughout the software development process. Proactively monitor and investigate emerging security threats, vulnerabilities, and trends relevant to cloud applications and AI/ML solutions. Design and execute vulnerability management strategies, working closely with teams to address findings and facilitate timely remediation. Provide technical leadership in the security community of practice, sharing best practices, research, and guidance through documentation, presentations, and training. Ensure compliance with relevant security standards, frameworks, and Oracle internal security policies. Participate in security incident response activities related to application security, including analysis, root cause investigation, and lessons learned. * Continuously explore and evaluate innovative security technologies and practices to strengthen product security posture.