Software Developer 4

Join OCI's Edge Security team as a Principal Software Engineer focused on building and scaling Oracle Cloud Infrastructure's Web Application Firewall (WAF) platform. You will lead the design and development of highly available, cloud-scale services that protect customer applications from web-based threats, automate security enforcement, and deliver advanced traffic inspection and policy management capabilities across OCI's global infrastructure.

In this role, you will drive the architecture of distributed systems that power WAF features such as threat detection, rule evaluation, bot mitigation, API protection, and security analytics. You will partner closely with security engineers, product managers, and platform teams to deliver secure, performant, and reliable services while helping define the long-term technical vision for OCI's application security portfolio.

What you'll do

• Lead the architecture and delivery of cloud-scale backend services that power OCI's Web Application Firewall (WAF) platform.

• Design and evolve highly available policy management, rule evaluation, traffic inspection, bot mitigation, API protection, and security analytics services.

• Build scalable distributed systems that process and analyze high volumes of HTTP/HTTPS traffic while maintaining low latency and high reliability.

• Drive engineering excellence through software architecture reviews, design documentation, code quality standards, and operational best practices.

• Partner closely with Security Engineering, Product Management, SRE, and OCI platform teams to define and deliver next-generation application security capabilities.

• Establish robust observability through metrics, logging, tracing, alerting, and performance monitoring to ensure service health and customer visibility.

• Lead automation initiatives across the software development lifecycle, including CI/CD, testing frameworks, deployment automation, and Infrastructure-as-Code.

• Drive reliability, scalability, and operational readiness through capacity planning, incident response, root cause analysis, and continuous improvement.

• Mentor engineers, influence technical strategy across organizations, and help raise the engineering bar through design reviews and technical leadership., + Deliver core WAF capabilities that protect OCI customers from application-layer attacks while maintaining performance and availability.

• Launch customer-facing security features that provide visibility, protection, automation, and policy control at cloud scale.

• Improve the scalability, reliability, and operational maturity of OCI's application security platform.

• Raise engineering quality and technical standards through mentorship, architectural leadership, and continuous improvement initiatives.

Ways of working

• Security, privacy, and reliability by design with secure development practices embedded throughout the software lifecycle.

• Data-driven decision making supported by clear metrics, SLOs, operational reviews, and measurable customer outcomes.

• Collaborative engineering culture focused on design reviews, code reviews, technical excellence, knowledge sharing, and continuous learning.

Responsibilities

• Lead the architecture and delivery of cloud-scale backend services that power OCI's Web Application Firewall (WAF), API Security, and application protection capabilities.

• Design and evolve scalable policy management, rule evaluation, threat detection, bot mitigation, traffic inspection, and security analytics platforms with a focus on reliability, performance, and extensibility.

• Build highly available distributed systems that inspect and process large volumes of HTTP/HTTPS traffic while maintaining low latency and a seamless customer experience.

• Drive the technical strategy for application security services, partnering with Security Engineering, Product Management, Edge Infrastructure, and Platform teams to deliver new capabilities.

• Establish operational excellence through SLOs/SLAs, incident response processes, runbooks, root cause analysis, and continuous service improvement.

• Lead automation initiatives across the software development lifecycle, including CI/CD pipelines, testing frameworks, deployment automation, Infrastructure-as-Code, and developer productivity tooling.

Disclaimer:

Certain U.S. based or U.S. customer or client-facing roles may be required to comply with applicable requirements, such as immunization/occupational health mandates, and/or drug testing requirements.

• 7-10+ years building production software systems, including experience developing large-scale distributed services in cloud or SaaS environments.

• Strong proficiency in one or more of the following languages: Java, Go, Python, C++, or Rust.

• Deep expertise in distributed systems design, including scalability, resiliency, concurrency, fault tolerance, service communication, and API design.

• Strong understanding of HTTP/HTTPS, REST APIs, TLS, reverse proxies, caching, load balancing, and web application architectures.

• Experience building customer-facing platform services with strict requirements around availability, performance, and operational excellence.

• Proven experience with cloud-native technologies, including containers, Kubernetes, CI/CD pipelines, Infrastructure-as-Code, and automated testing frameworks.

• Strong software engineering fundamentals, including design patterns, performance optimization, code quality, and secure software development practices.

• Experience building observability solutions using metrics, distributed tracing, centralized logging, dashboards, and alerting systems.

• Demonstrated ability to lead complex technical initiatives and influence architecture decisions across multiple engineering teams.

• Excellent communication and collaboration skills with a track record of working effectively across engineering, security, product, and operations organizations.

Preferred Qualifications

• Experience building or operating Web Application Firewall (WAF), API Security, Bot Management, CDN, Edge Computing, or related security products.

• Knowledge of common web application attack vectors, including OWASP Top 10 vulnerabilities, credential abuse, automated attacks, and API threats.

• Experience with rule engines, policy evaluation systems, threat detection platforms, or traffic inspection technologies.

• Background building high-throughput analytics, telemetry, or event-processing pipelines for real-time security insights.

• Experience operating globally distributed services across multiple regions and availability domains.

• Familiarity with modern security architectures, Zero Trust principles, identity and access management, and secure service-to-service communication.

• Experience with compliance, audit readiness, and security-by-design development practices.

• Contributions to open-source software, security tooling, or cloud infrastructure projects are a plus.

Oracle uses Artificial Intelligence in our recruiting process. Read more about it in our Recruiting Privacy Policy (https://www.oracle.com/legal/privacy/recruiting-privacy-policy/) .

Range and benefit information provided in this posting are specific to the stated locations only

CA: Hiring Range in CAD from: $93,900 to $143,900 per annum.

US: Hiring Range in USD from: $99,600 to $234,600 per annum. May be eligible for bonus, equity, and compensation deferral.

Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle's differing products, industries and lines of business.

Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.

Oracle US offers a comprehensive benefits package which includes the following:

1. Medical, dental, and vision insurance, including expert medical opinion

2. Short term disability and long term disability

3. Life insurance and AD&D

4. Supplemental life insurance (Employee/Spouse/Child)

5. Health care and dependent care Flexible Spending Accounts

6. Pre-tax commuter and parking benefits

7. 401(k) Savings and Investment Plan with company match

8. Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.

9. 11 paid holidays

10. Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.

11. Paid parental leave

 Oracle offers integrated suites of applications plus secure, autonomous infrastructure in the Oracle Cloud. For more information about Oracle (NYSE: ORCL), please visit us at www.oracle.com.

Our mission is to help people see data in new ways, discover insights, unlock endless possibilities.