• Join the security team building world-class security into product offerings • Work on security operations, monitoring, and alerting stack • Participate in on-call and respond to security incidents • Conduct application security testing and security reviews for applications and infrastructure • Improve security of codebase, product, and customers' on-premise deployments • Perform proactive research to detect new attack vectors and threat modeling

Role Description Oracle is seeking a Senior Manager, Security Evaluations to lead our global security evaluation strategy and team of specialists. This leader will drive certification initiatives across Oracle products and services, ensuring alignment with evolving global security standards while enabling business growth, customer trust, and market access. This is a highly strategic and technical leadership role requiring deep, recent experience working with external certification and regulatory ecosystems, including standards bodies and government schemes such as: - FIPS - Common Criteria - NESAS - Other related international frameworks The successful candidate will serve as Oracle's senior representative to industry and regulatory organizations, partnering with Oracle engineering, product management, compliance, and leadership to influence certification requirements and integrate certification planning into product roadmaps. The successful candidate will remotely manage a globally distributed team of five specialists across Europe, Canada, and the U.S. Candidate would also oversee relationships with Oracle business units that rely on the team’s regulatory compliance expertise. Qualifications - Deep experience with external certification and regulatory ecosystems - Experience with standards bodies and government schemes - Ability to influence certification requirements - Experience managing a distributed team Requirements - Strong leadership skills - Technical expertise in security evaluations - Excellent communication and collaboration abilities Benefits - Flexible medical options - Life insurance - Retirement options - Opportunities for community involvement through volunteer programs Company Description Only Oracle brings together the data, infrastructure, applications, and expertise to power everything from industry innovations to life-saving care. And with AI embedded across our products and services, we help customers turn that promise into a better future for all. True innovation starts when everyone is empowered to contribute. That’s why we’re committed to growing a workforce that promotes opportunities for all. Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

Role Description Lumen Security Advisory Services is hiring a Cloud Security & Vulnerability Management consultant to join a team that delivers customer-facing security assessments and vulnerability management engagements across cloud environments and customer premises. The primary focus is cloud security posture assessment, where the team evaluates customer environments against industry compliance frameworks, identifies vulnerabilities and misconfigurations, and helps customers understand their security posture and build practical remediation strategies. A secondary focus is vulnerability management, where the team deploys and manages scanning platforms in customer environments, configures and tunes the platform alongside customers, develops patching strategies aligned to customer needs, and guides remediation prioritization and planning. This is a hands-on consulting role on a small, fast-moving team. You'll work directly with customers, run assessments using commercial and custom-built tooling, and contribute improvements to shared platforms and codebases. Main Responsibilities - Cloud Security (Primary Focus) - Deliver cloud security posture assessments across AWS, Azure, and Microsoft 365 environments - Evaluate customer environments against CIS Benchmarks, cloud provider security frameworks and best practices, and customer-specific compliance standards - Use custom-developed assessment frameworks and cloud-native security tooling to identify misconfigurations and security gaps - Perform cloud resource inventory and exposure analysis - Prioritize findings by risk and develop clear remediation guidance - Vulnerability Management - Deploy and manage vulnerability scanning platforms in customer environments - Configure and tune scanning platforms alongside customers, including patching strategy development - Analyze scan results, prioritize findings by severity and business impact, and guide remediation planning - Understand vulnerability types, severity frameworks (e.g., CVSS, vendor-specific), and how to communicate risk to customers - Consulting & Delivery - Participate in customer-facing activities: kickoff calls, technical interviews, working sessions, and findings presentations - Contribute to assessment reports and remediation roadmaps for technical and executive audiences - Communicate technical risk clearly to non-technical stakeholders - Tooling & Platform Development - Contribute to a custom-built cloud security assessment platform (AWS native services) - Develop and maintain custom security checks and automated compliance scanning tools - Work with AWS and Azure cloud infrastructure components - Write and maintain scripts for assessment automation and reporting Qualifications - Hands-on experience with at least one major cloud platform (AWS preferred; Azure, M365 also valued) - Understanding of cloud security posture management (CSPM) concepts and the differences between platform-level tools (e.g., Wiz) and assessment-focused tooling - Familiarity with compliance frameworks such as CIS Benchmarks, SOC2, PCI-DSS, or NIST - Understanding of vulnerability management concepts: vulnerability types, severity scoring, remediation prioritization - Strong communicator able to explain technical findings to both engineers and executives - Comfortable writing Python and working in Git - Experience with AI-assisted development and automation tools such as GitHub Copilot, Microsoft Copilot Studio and agent building, Power Automate, and Claude - Willingness to learn new tools and platforms quickly Requirements - 3–5 years’ experience in cloud security, vulnerability management, security consulting, or a related technical security role Certifications - Relevant certifications (AWS, Azure, CISSP, or similar), however, demonstrated experience matters more Compensation This information reflects the anticipated base salary range for this position based on current national data. Minimums and maximums may vary based on location. Individual pay is based on skills, experience and other relevant factors. - $67,703 - $90,270 in these states: AL, AR, AZ, FL, GA, IA, ID, IN, KS, KY, LA, ME, MO, MS, MT, ND, NE, NM, OH, OK, PA, SC, SD, TN, UT, VT, WI, WV, WY - $71,088 - $94,784 in these states: CO, HI, MI, MN, NC, NH, NV, OR, RI - $74,474 - $99,297 in these states: AK, CA, CT, DC, DE, IL, MA, MD, NJ, NY, TX, VA, WA Benefits - Lumen offers a comprehensive package featuring a broad range of Health, Life, Voluntary Lifestyle benefits and other perks that enhance your physical, mental, emotional and financial wellbeing.

• Coordinate the deployment, configuration, testing, monitoring, and ongoing maintenance of security technologies, including SIEM, EDR, DLP, WAF, CASB, Secure Web Gateway, URL filtering, email security, and application/vulnerability scanning platforms. • Lead small-to-medium-sized security initiatives from requirements gathering through design, testing, pilot execution, and implementation. • Support proof-of-concept evaluations and product assessments to ensure proposed solutions align with security strategy, standards, and industry best practices. • Act as a service or tool owner by identifying enhancements, maintaining operational runbooks, and recommending improvements for tools under your responsibility. • Develop and maintain procedures, workflows, architecture diagrams, and operational playbooks that support security monitoring and engineering activities. • Investigate and triage security events using technologies such as SIEM, EDR, DLP, WAF, CASB, Secure Web Gateway, and email security solutions. • Detect, respond to, and support investigations of security incidents while documenting root-cause analysis and lessons learned. • Follow established incident response procedures and playbooks, escalating critical findings appropriately and efficiently. • Apply analytical and adversarial thinking to identify, protect, detect, respond to, and recover from common cyber threats and attack vectors. • Perform and support secure baseline reviews, infrastructure scanning, endpoint scanning, application vulnerability assessments, penetration testing validation, and AI red-teaming exercises. • Review vulnerability findings for accuracy and completeness while partnering with stakeholders to prioritize remediation efforts based on risk. • Escalate critical vulnerabilities, zero-day threats, and high-priority risks while supporting rapid mitigation efforts. • Contribute to continuous improvements in vulnerability management workflows through automation and the integration of security testing into CI/CD pipelines. • Conduct security risk assessments for internal initiatives, product enhancements, vendors, and productivity tools. • Perform STRIDE-based threat modeling for internal projects and AI-enabled solutions, producing actionable recommendations and clear risk reports. • Apply a risk-based approach to evaluating Agentic AI technologies and AI-related security risks. • Conduct vendor risk assessments within OneTrust and support broader third-party risk management activities. • Identify opportunities to strengthen controls, improve processes, and enhance security outcomes across teams. • Stay informed on emerging threats, technologies, and industry best practices, sharing relevant insights with colleagues and stakeholders.