Oracle IT Security Analyst 4 in Quincy, Massachusetts

Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs.

Researches attempted efforts to compromise security protocols. Maintains security systems for routers and switches. Administers security policies to control access to systems. Maintains the company s firewall. Uses applicable encryption methods. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information.

Leading contributor individually and as a team member, providing direction and mentoring to others. Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Prefer 8 years relevant experience and BA/BS degree.

Your primary responsibility is to safeguard Aconex internal and customer data, computer networks, systems, applications and staff members by:

  1. Planning and carrying out security measures to monitor and protect sensitive data, systems, and network devices from infiltration and cyber-attacks

  2. Aiding in the design of system, application and network architecture that protect company s assets

  3. Work with other security specialists to help mitigate damages during attacks

You will also be responsible for identifying any issues that could pose future vulnerabilities, and work with managers to help change the architecture. You should have a deep understanding of various hardware and software vulnerabilities, and other tactics used to gain access to sensitive data (e.g. phishing, social engineering, etc.).

Primary Responsibilities:

  • Implement Protections Select, install, and use security related products, including firewalls, data encryption technologies, SIEM, IDS, FIM, HIDS, DAM, FAM, MDM, DLP, etc. to protect organizations sensitive data.

  • Uncover Vulnerabilities Conduct periodic scans of networks (both internal and external) and Aconex web applications, to find vulnerabilities. This includes managing 3rd party penetration testing for compliance requirements and to highlight weaknesses that might be exploited by a malicious party.

  • _Monitor, Monitor, Monitor _- Constantly monitor organization s networks and systems for security breaches and/or intrusions. Select, install and manage services that helps notify the SOC team of intrusions and irregular system behaviour.

  • Security Breaches - Develop strategies to respond to and recover from a security breach, including educating the workforce on information security. Lead incident response activities for the North America region in order to minimize a breach impact, including alerting the Incident Response Team once a breach has been verified.

  • Forensic Investigation - Lead technical forensic investigations to determine how a breach happened and the extent of the damage, including managing 3rd party forensics consultants, notifying the proper authorities and regularity bodies, and preparing final reports for management, customers and end users.

  • _Improve Information Security Strategy _Improve, plan and carry out organization s information security strategy, including developing standards, best practices, and security enhancements recommendations.

Additional Responsibilities:

  • Deliver sound know-how and know-what for information security and business continuity projects

  • Design, develop and maintain information security documentation

  • Collaboration with regional business units to ensure practical plans are in place

  • Manage and monitor progress of remediation activities and related action items

  • Support, facilitate and engage with auditors and business teams during audits

  • Conduct risk assessments on assets, projects and processes

  • A level of pre-sales involvement and customer care will be part of the role

Required Skills & Experience:

  • Prior role as an Information Security Engineer or Security Analysis for a SaaS, cloud provider, or online entity

  • Experience in building and managing secure and compliant systems

  • Detailed technical knowledge of operating system security

  • Hands on experience with security systems, including firewalls, IDS, HIDS, endpoint protection, authentication systems, SIEM, and encryption technologies

  • Experience with network, system, application and security monitoring tools

  • Thorough understanding of the latest security principles, techniques, and protocols

  • Familiarity with web related technologies (Web applications, Web Services, Service Oriented Architectures)

  • Direct experience with at least one of the following standards, ISO 27001, SSAE 16 SOC 2, NIST 800-53, PCI, HIPPA CSA or COBIT

Desired Skills and Experience:

  • Understanding of the NIST 800-53 controls and/or FedRAMP

  • Department of Defence Security Requirements Guide (SRG)

  • Working knowledge of corporate Information Security

  • Experience as a system administrator supporting multiple platforms and applications

  • Experience working in agile software development environments

  • A strong multi-tasker with a keen eye for detail

  • Organized and thrive in fast-paced, high-stress scenarios

  • Ability to communicate security issues to peers, management, customers, and end-users

  • Fundamental understanding of the OWASP (Open Web Application Security Project) top 10

  • Experience with Risk Management frameworks and risk assessment tools

  • Excellent problem solving skills and ability to work under pressure

Oracle Aconex is a Global Business Unit of Oracle. Together, Oracle and Aconex provides an end-to-end offering for project management and deliverythat enables customers to effectively plan, build, and operate construction projects.

Job: *Information Technology

Organization: *Oracle

Title: IT Security Analyst 4

Location: United States

Requisition ID: 180014M9

Other Locations: US-CO,Colorado-Denver