Oracle North Ryde, New South Wales, AustraliaSecurity AnalystDo you have a passion for application security and working on one of the most important security challenges of current software development?
We are looking for a Security Analyst with experience of using static analyzers.
As a Security Analyst, you will work collaboratively with other engineers in the Security Tools engineering team to extend and support an in-house static application security testing tool.
We value software analysts with initiative and agency who have a passion to learn, build and deploy production-quality application security software.About the roleIn this role of a Security Analyst you will be conducting and documenting a highly complex information security risk assessments, developing and implementing security processes.
As a member of the Software Assurance central services team you will be responsible for the configuration and deployment of SAST tools, as well as reviewing and reporting vulnerability reports issued by SAST and SCA tooling.
Upon finding vulnerabilities you will be required to deep dive into each of them individually, performing further analysis, in order to avoid false positives and ensure high accuracy of findings.You will be responsible for planning, developing processes, documenting them while interacting with a variety of teams across our Software Assurance organisation, train staff, and be the go-to person for such security processes.
You foster the collaborative atmosphere to enable buy-in into security processes and cross-team collaboration.
You are ambitious, yet humble – you realise there are always opportunities for improvement, you take on feedback from team members and introspect to raise the bar for yourself and your organization.
You are comfortable with ambiguity.
Your responsibilities also include contributing to the design, implementation, integration and testing of analysis support in the tool for a variety of languages including C/C++, Objective-C, Java, Python, and Go.This position will require 100% onsite work in our office in North Ryde.What You'll BringBachelor's Degree in Computer Science, Software Engineering or related disciplinesGood understanding of application security, CVE classification system (Common Vulnerabilities and Exposures) and OWASP top 10Experience in program analysis, compilers, or web application securityHave worked and understand report outputs through SAST and SCA tooling.Ability to review vulnerabilities in open-source software written in Java and/or GoLang, C/C++, Python.Foundational skills in Python programmingFamiliar with SCM/software version control tools (e.g., Git)A strong interest in application security, willingness to learn and seek out information to solve challenging problems is essentialEligibility to work in Australia without sponsorship is essentialAbility to work as part of a team as well as independentlyNice to HavePrior experience in a software development roleKnowledge and experience of security testing toolsDevSecOps and/or CI/CD experienceExperience working with geographically distributed teamsWhat We'll Give YouAn organization filled with smart, enthusiastic, and supportive colleaguesA team of very skilled and diverse personnel across the globeThe resources of a large, global operation while still having the start-up feel of a small teamWork You'll DoReview and categorize software security analysis vulnerability findingsReport and document vulnerability findingsIdentify duplications and false positive vulnerability reportsReview commonly used software libraries to model their behaviour for SAST toolsPartner with software development through ongoing security identificationPartner with Site reliability engineering to help identify and work with them to improve automation mechanismsSeek out opportunities to improve systems and reporting mechanisms#J-18808-Ljbffr