Oracle Application Security Lead

The Oracle Application Security Lead is responsible for ensuring the security and integrity of Oracle-based systems and applications within the organization. The role is responsible for implementing and maintaining robust security controls across Oracle-based environments, ensuring compliance, risk management, and proactive threat mitigation. This senior position requires expertise in Oracle security technologies, application security concepts, and security governance to implement and maintain robust security controls across the Oracle ecosystem.

KEY RESPONSIBILITIES:

Security Architecture & Design

Develop and implement security frameworks aligned with NIST, ISO 27001, CIS standards for Oracle PaaS, SaaS, and IaaS.

Conduct security design reviews and establish database security baselines (Oracle 11g, 12c, 19c, 21c).

Vulnerability Management

Lead vulnerability assessments and penetration testing for Oracle databases.

Implement Oracle Database Vault, Transparent Data Encryption (TDE), and Data Masking.

Configure and maintain Oracle Audit Vault and Database Firewall.

Identity & Access Management

Design and enforce Role-Based Access Control (RBAC) for Oracle applications.

Implement Oracle Identity Management solutions (Oracle Access Manager & Oracle Identity Governance).

Perform user access reviews and establish secure authentication methods (e.g., multi-factor authentication).

Compliance & Governance

Ensure adherence to regulatory requirements (SOX, HIPAA, GDPR, PCI DSS).

Develop and maintain security policies, standards, and documentation.

Conduct quarterly security audits and generate compliance reports for senior management.

Security Monitoring & Incident Response

Configure security monitoring for Oracle databases using Oracle Audit Vault.

Develop security alerts for unusual activities and lead forensic investigations for incidents.

Provide post-incident analysis and remediation strategies.

Security Patching & Updates

Develop Oracle Critical Patch Update (CPU) strategies and validate patches before deployment.

Maintain patch compliance and coordinate security maintenance windows.

Assess security implications of Oracle version upgrades.

Risk Management

Awareness of current Oracle Security best practices, risks, and vulnerabilities including resources and tools to identify, measure, and manage risks

Management of Oracle based risks from identification to remediation

Familiar with risk management strategies and best practices

REQUIREMENTS:

Professional Experience:

8+ years in IT security, with at least 5 years focused on Oracle technologies.

Certifications:

Oracle Certified Professional (required)

CISSP, CISM, or GSEC preferred.

Technical Expertise:

Advanced knowledge of Oracle Database security features (12c, 19c, 21c).

Experience with Oracle Audit Vault, Database Firewall, and Advanced Security Options.

Proficiency in SQL, PL/SQL, and Oracle WebLogic Server security architecture.

Familiarity with SIEM systems and privileged access management solutions.