Security Engineer 4

DescriptionWhat you'll do (key responsibilities) Security research & threat modelingInvestigate emerging TTPs, business-logic abuse patterns, and identity/OAuth attack paths.Build and maintain adversary playbooks mapped to MITRE ATT&CK; drive coverage roadmaps.Detection engineering (detection-as-code)Ship high-quality detections using Sigma/KQL/SPL/OSQuery/eBPF, versioned as code with CI/CD.Instrument cloud/SaaS telemetry pipelines; reduce noise via tuning, suppression, and risk scoring.AI-assisted analyticsApply ML for anomaly detection, clustering, and outlier triage; prototype LLM/RAG assistants for playbook generation, enrichment, and hypothesis-driven hunts.Partner with data teams to productionize models with feedback loops (precision/recall tracked).Threat intelligence integrationBuild ingestion/enrichment pipelines (TIPs, OSINT, ISACs, vendor feeds); normalize IOCs/TTPs.Correlate TI with detections & hunts; drive proactive hardening and hypothesis creation.Proactive controls & response accelerationRecommend/implement preventive controls (authz hardening, rate limits, token binding, WAF rules).Automate response (SOAR/runbooks), shrinking MTTD/MTTR with measurable impact.Metrics & continuous improvementOwn coverage and efficacy KPIs (FPR/FNR, time-to-detect, time-to-close, alert fatigue).Run post-incident detection reviews and continuously up-level our catalog.Minimum qualifications 5–8+ years in security engineering/detection engineering/threat research for cloud/SaaS.Applied AI/ML experience for security (feature engineering, anomaly detection, basic model evaluation).Strong detection content skills (Sigma/KQL/SPL/OSQuery/eBPF) and detection-as-code practices (Git, tests, CI/CD).Demonstrated threat hunting experience (hypothesis-led, telemetry-driven) at scale.Hands-on with SIEM/SOAR and cloud-native telemetry (e.g., AWS/GCP/Azure, Kubernetes, API logs).Solid programming for automation/data wrangling (Python/Go) and comfort with SQL.Working knowledge of MITRE ATT&CK, adversary emulation, and identity-centric threats (SSO/OIDC/OAuth).Preferred qualifications Built TI pipelines/TIP integrations; mapping intel → detections/hunts/playbooks.Experience tuning detections to reduce false positives without losing recall; risk-based alerting.ResponsibilitiesResponsible for advanced planning, design and build of security systems, applications, environments and architectures; oversees the implementation of security systems, applications, environments and architectures and ensures compliance with information security standards and corporate security policies and procedures.Provides technical advice and direction to support the design and development of secure architectures.May participate in an incident management team, bringing advanced-level skills to respond to security events in line with Oracle incident response playbooks. Investigates purported intrusions and breaches, and oversees root cause analysis.  Coordinates incidents with other business units and may act as Incident Commander of serious incidents. Develops new methods, and playbooks, as well as sophisticated scripts, applications, and tools, and trains others in their use.May participate in an incident management team, responding to security events in line with Oracle incident response playbooks. Investigates purported intrusions and breaches, and oversees root cause analysis.  Coordinates incidents with other business units and may act as incident commander of serious incidents. Participates in developing new methods, playbooks throughout Oracle.Evaluates existing and proposed technical architectures for security risk, provides technical advice to support the design and development of secure architectures and recommends security controls to mitigate those risks. Evaluations of internal security architecture may include design assessment, risk assessment, and threat modeling.Brings advanced-level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required, and where computer programming/scripting knowledge is required.Work with Senior management to develop and implement a multi-year security roadmapFocus on operational and strategic level tasks, and provide counsel and guidance to the junior level security operations engineers in the department.QualificationsCareer Level - IC4