Security Engineer 4

Minimum Qualification:

• 58+ years of experience in automation engineering, detection engineering, data engineering, or cloud/SaaS security.
• Strong programming and automation skills (Python/Go) with expertise in CI/CD, testing automation, and pipeline orchestration.
• Experience building telemetry ingestion and normalization pipelines (Kafka, Kinesis, Pub/Sub, Elastic, Snowflake, BigQuery).
• Hands-on experience with SIEM/SOAR integrations and detection content formats (Sigma/KQL/SPL/OSQuery/eBPF).
• Knowledge of applied AI/ML concepts for automation (anomaly detection, clustering, feature engineering).
• Familiarity with cloud-native logging (AWS/GCP/Azure) and API-driven telemetry.
• Ability to automate validation, noise reduction, and feedback loops for detections at scale.
  

Preferred Qualification:

• Experience building automated threat intelligence ingestion, normalization, and correlation pipelines.
• Background in automated detection tuning, false positive reduction, and statistical signal modeling.
• Exposure to SOC workflows, adversary simulation, and detection content quality engineering.
• Experience designing automated hunt pipelines or enrichment systems.
• Security knowledge (MITRE ATT&CK, ID-based attacks, adversary behavior) is a plus, not required.
• Certifications such as GCP/AWS Security, GIAC (GCDA, GCTI, GCFA) are helpful but not mandatory.
  

Responsibilities

• Automation-Driven Detection Engineering
• Build scalable pipelines to deploy, test, version, and validate detections using CI/CD and automated QA.
• Develop frameworks for continuous drift detection (schema drift, threshold decay, dependency failures) and self-healing.
• Automate data onboarding, normalization, and telemetry pipeline reliability.
• AI/ML Workflow Automation
• Apply ML to automate anomaly detection, noise reduction, alert triage, and risk scoring.
• Build automated feedback loops that retrain or recalibrate models based on precision/recall metrics.
• Prototype LLM/RAG-based assistants for playbook generation, hypothesis creation, and enrichment.
• Threat Intelligence & Enrichment Automation
• Automate ingestion and correlation of TI feeds (TIPs, OSINT, ISACs, vendors) into detection pipelines.
• Normalize and map TI data to ATT&CK for automated coverage tracking.
• Build enrichment pipelines that scale across millions of security events.
• Proactive Controls & Security Automation
• Implement automated preventive controls (rate limits, token binding, WAF workflows).
• Integrate SOAR workflows to reduce MTTR via automated investigation and remediation.
• Build systems that measure detection KPIs (FPR/FNR, time-to-detect, noise volume) automatically.
• Continuous Improvement & Innovation
• Lead automation maturity initiatives across Detection Engineering.
• Partner with data science teams to develop AI-supported detection content generation.
• Drive continuous reskilling for engineering teams in automation-first methodologies.
  

Qualifications

Career Level - IC4

About Us

As a world leader in cloud solutions, Oracle uses tomorrow's technology to tackle today's challenges. We've partnered with industry-leaders in almost every sectorand continue to thrive after 40+ years of change by operating with integrity.We know that true innovation starts when everyone is empowered to contribute. That's why we're committed to growing an inclusive workforce that promotes opportunities for all.Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing [HIDDEN TEXT] or by calling +1 888 404 2494 in the United States.Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.