DescriptionOracle Cloud Security Incident Response is looking for a Principal level analyst to join a global team of professionals that investigates suspected security incidents. We are seeking a well-rounded experienced analyst that is capable of investigating artifacts throughout the entire technology stack to identify, mitigate, timeline, and remediate threats to Oracle's assets. A strong candidate will have experience performing forensic investigations for Network, Hardware, Software, Cloud Services, and Applications. Exposure to many commercial SIEM, EDR, AV, and Scan technologies is a must however, the candidate must understand the fundamentals of computer forensics to reduce reliance on any vendor specific security tooling. If you are looking to uplevel your global impact and be part of a growing team of elite analysts, please apply.Career Level - IC4ResponsibilitiesResponsible for leading investigations of suspected security incidents while seamlessly collaborating across Oracle teams and organizations at a global level.Perform all aspects of the incident response lifecycle from containment/mitigation, through to reporting, recovery and remediation.Identify and develop indicators of compromise and implement them into security tooling for scoping and mitigation.Analyze host and network forensic artifacts for both windows and Linux systems to determine threat actor activityAbility to build scripts to automate collection, processing, analysis, and triage tasks. Leverage logs and live host artifacts to identify reconnaissance, privilege escalation, lateral movement and execution.Create timelines of attacker activity discovered throughout investigations to be included in final reports.Write technical reports and documentation for all findings of an investigation.Improve the incident response program by identifying gaps in coverage, tooling, training, documentation, compliance, and incident response capabilities.Mentor Junior analysts on next steps during investigations and develop training for any new analysis techniques discovered.Maintain current knowledge of threat attackers tactics techniques, and procedures and detection methods.Demonstrate excellent technical written and verbal communications to lead investigations.Independently work remotely utilizing VPN, remote desktop, email, chat, and video conferencing.