Oracle
,
Bristol, Bristol
Security Incident Response Engineer
Overview
Job Description
Security Incident Response Engineer Preferred Qualifications Security Incident Response Engineer The Oracle Cloud Infrastructure (OCI) team can provide you the opportunity to build and operate a suite of massive scale, integrated cloud services in a broadly distributed, multi-tenant cloud environment. OCI is committed to providing the best in cloud products that meet the needs of our customers who are tackling some of the world's biggest challenges. We offer unique opportunities for smart, hands-on engineers with the expertise and passion to solve difficult problems in distributed highly available services and virtualized infrastructure. At every level, our engineers have a significant technical and business impact designing and building innovative new systems to power our customer's business critical applications. Are you interested in securing large-scale distributed infrastructure for the cloud? Oracle's Cloud Infrastructure team is building its next generation Cloud IaaS/PaaS/SaaS technologies that operate at high scale in a broadly distributed multi-tenant environment. Our customers run their businesses on our cloud, and our mission is to provide them with best and most secure in class, foundational cloud networking services. *** SC clearance required** Our team designs, engineers and operates the security for our premier cloud services. We are reimagining the traditional enterprise thinking of security and creating an environment suitable for the most demanding and security conscience customers in the world. We are looking for diversely skilled, high performing Cloud Security Engineers to help us to continue to push the boundaries of what can be accomplished in both the current and the next generation of Oracle cloud services. The ideal candidates will have proven experience across a combination of security disciplines including; Security Operations & Monitoring, Threat Hunting and Detection Development, Security Incident Response, Digital Forensics, Threat and Vulnerability Management and SIEM Systems Engineering. Responsibilities: * Develop and deploy security detections, dashboards and reports on a variety of SIEM and Security platforms for identifying threats, suspicious activity and intrusions. * Triage and investigate triggered detections by conducting analysis across a variety of application, network and host-based security logs sources both via various SIEM interfaces (Splunk, Elasticsearch, SUMO) and through in-depth live analysis of potentially compromised hosts. * Assist with defining, developing and implementing new processes and procedures for improving operations across all supported security functions; Detections & Analytics, Incident Response, Digital Forensics, TVM and SIEM Engineering. * Conduct complete end-to-end system forensic analysis of compromised hosts in support of high severity intrusion incidents; Perform Memory and Disk Acquisition, Live Analysis, Memory Forensics, Disk Forensics, Network Forensics, Forensic Report Writing whilst maintaining chain of custody. * Develop internal security, triage, investigation and forensic tooling in support of automating and streamlining workloads across all supported security functions and for overall improvement of our security detective capabilities. * Command complex and high severity security incidents, involving engagement across multiple business units, to a clear and complete resolution. * Design, develop, deploy and manage a complete security infrastructure pipeline to include SIEM and log management infrastructure and tooling (Splunk, ELK, ArcSight) as well as log data ingestion, aggregation, indexing, filtering and parsing. * Co-ordinate end-to-end TVM engagements; leverage industry standard scanning and vulnerability identification tooling, collaborate with Offensive Security teams and perform Attack Vector Modelling to effectively identify, confirm, evaluate and remediate critical vulnerabilities. Qualifications & Experience: * BSc or MSc in Information Security, Cyber Security, Digital Forensics, Computer Science / Engineering or a demonstrable equivalent. * 5 years minimum experience across two or more of the following related disciplines; Information Security, Incident Response, Digital Forensics, Security Operations, Security Engineering, Site Reliability \ SIEM Engineering, Threat & Vulnerability Management. * Proven ability to write clear concise and efficient code and scripts for automating and streamlining security, triage, investigation and forensic tasks using Python, BASH, Go, Perl. * An exceptionally strong and deep technical understanding and comfort of working with Linux systems and Linux internals. * Proven ability to communicate clearly, effectively and professionally with all levels of the organization; Strong written and verbal communications skills will be important to be successful in this role * A clear understanding of Security Incident Response processes and procedures realised through previous professi