Want to take your career to the next level while having fun and working in a small, agile, and smart team? Do you like breaking and securing code?
We are hiring at all levels: junior, senior, principal, and architect. Also, for different projects of different skill sets.
We have an agile environment and start up culture backed by a strong enterprise. We are the product security team, protect multiple Oracle cloud services, and build a secure ecosystem where developers can build secure services.
We work at the intersection of software development and security. Our team works very close to the code. We build mechanisms, processes, and automation to eradicate attack classes by default. Some activities we do are: doing security code reviews, design reviews, grey box reviews, building security libraries, embedding security tools in the CI/CD, triaging findings from sast/dast tools, training developers, etc...
We are mostly a Java shop, but we also have many services in Python, JavaScript, TypeScript, and infrastructure as code such as Kubernetes, SlatStack, Docker, etc..
As an application security engineer, you will focus on ensuring the security of multiple services by working directly with our security teams, collaborating with our engineering teams, and promoting good development security practices throughout Oracle.
You will help developers understand security concepts and security practices. You will help the security team remain a trusted partner of the development organization by being friendly but uncompromising when it comes to getting security right.
Hiring in our offices in Barcelona or Madrid.
Responsibilities :
* Conduct security code reviews
* Implement appropriate security protections to solve both individual vulnerabilities and entire vulnerability classes
* Build and manage tools to help identify issues, both in the IDE and in CI/CD to scale out the team through automation
* Build libraries that prevent security issues by design
* Identify areas where our processes can be improved, and where possible implement those improvements
* Identify, reproduce, and report security issues
* Collaborate with software engineers to make our software better, helping them balance product and security risk decisions
* Work together to educate engineers and product teams on the importance of security.
* Perform proactive research to stay current on security issues, and share that knowledge ith the rest of the security and engineering teams
* Collaborate with application security management on program direction, team growth, and on addressing systemic security issues
Minimum Qualifications:
1. Programming experience with