Oracle
Senior Principal Offensive Security Engineer (OCI)
Oracle, Nashville, Tennessee, United States, 37247
Senior Principal Offensive Security Engineer (OCI)
Base pay range: $120,100.00/yr - $251,600.00/yr Job Description The Oracle Cloud Infrastructure (OCI) Offensive Security team provides OCI with the capabilities to ensure our systems and services meet the security objectives we communicate to customers. The team performs security assessments, vulnerability research, static and dynamic analysis, penetration testing, red-teaming, and security tool development. We ensure the security of the software and hardware that runs our cloud infrastructure and strive for continuous improvement. We bring together the right people who enhance team capability and build roles around each team member's skills and interests. We value equity, inclusion, and respect for all and are committed to learning and growth. Learn more at https://cloud.oracle.com/cloud-infrastructure. Are you interested in building large-scale distributed security systems and tools for the cloud? This role offers huge upside potential, high visibility, and fast career growth. We are growing fast, maturing, and working on results-oriented initiatives. A security-focused leader can have significant technical and business impact. This is a unique opportunity to work with smart people to solve complex problems in distributed systems, security, and multi-tenant Infrastructure-as-a-Service (IaaS) at massive scale. Our ideal candidate is a hardworking and hands-on engineer who cares about security and improves their knowledge daily. We seek hands-on cloud hackers with expertise in identifying and exploiting complex security problems in distributed, multi-tenant services and infrastructure. Our customers run their businesses on our cloud, and our mission is to provide them with a best-in-class and ever-expanding set of cloud-based services. This role is for a hands-on cloud hacker on the Offensive Security Team. The team is targeting candidates in the U.S. who can work ONSITE in Nashville, TN (priority) or Austin, TX (secondary). Relocation assistance is provided. This is not a remote position. Must be a U.S. Citizen or Permanent Resident of the United States. Visa sponsorship is not available for this position. Responsibilities
You enjoy diving into complex source code audits to reveal subtle security vulnerabilities Writing new tools such as fuzzers in languages such as C/C++, Python, Ruby, Go or Java Tearing apart an undocumented file format or network protocol Coming up with novel techniques to solve unique and interesting security problems Reviewing new services and their integration points with existing services Guiding security projects beyond the scope of performing assessment work Identifying and disclosing vulnerabilities to 3rd party vendors Designing complex systems and services that improve the quantity or quality of offensive security output Reviewing features of moderate complexity in existing systems, identifying new risk areas, and working with service teams to mitigate them Driving organization-wide improvements in engineering practices, security architecture, operation practices, or development practices Collaborating across service teams and security stakeholders on security assessments Balancing business and security risk while applying expertise in a business-critical security area to advance the business Qualifications
6+ years of experience in vulnerability discovery / security engineering / application security Threat modeling experience of microservice architectures Experience working in a large cloud or software company Extensive research or experience with multiple classes of security bugs Evidence of contribution to the security community (training, thought leadership, conference talks, publications) Ability to improve security throughout the organization by identifying risks or opportunities and piloting improvements Subject matter expert in at least one business-critical area (e.g., cryptography, hardware security, operating systems, authentication protocols, fuzzing, DoS mitigation, networks, distributed systems) Collaborative track record between internal teams and external organizations Excellent organizational, verbal, and written communication skills Intermediate knowledge of Linux OS internals Advanced knowledge of at least one programming language and ability to read two high-level languages (e.g., Java) Preferred Qualifications
Undergraduate or graduate degree in Electrical Engineering, Computer Science, or related field, or equivalent work experience Hands-on experience developing services on a public cloud platform (e.g., AWS, Azure, Oracle) Experience building CI/CD pipelines with robust testing and deployment schedules Experience translating customer requests into prioritized work or features Expertise in applying risk identification techniques to develop security solutions Experience with cryptographic algorithms, standards, implementation, and application Experience with threat modeling, penetration testing, reverse engineering and attacks on software Experience working with large enterprise customers Active TS/SCI clearance Qualifications
Disclaimer:
Certain US customer or client-facing roles may require compliance with applicable requirements, such as immunization and occupational health mandates. Range and benefit information provided in this posting are specific to the stated locations only US: Hiring range in USD from: $120,100 - $251,600 per year. May be eligible for bonus, equity, and compensation deferral. Oracle maintains broad salary ranges for its roles to account for variations in knowledge, skills, experience, market conditions and locations. Candidates are typically placed into the range based on factors including internal peer equity. Oracle US offers a comprehensive benefits package including medical, dental, vision, disability insurance, life insurance, 401(k) with company match, paid time off, holidays, sick leave, parental leave, and more. About Us: Oracle is an Equal Employment Opportunity Employer. Oracle does not discriminate on the basis of race, color, religion, sex, national origin, age, disability, or any other legally protected status. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law. Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology Industries: IT Services and IT Consulting We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr
Base pay range: $120,100.00/yr - $251,600.00/yr Job Description The Oracle Cloud Infrastructure (OCI) Offensive Security team provides OCI with the capabilities to ensure our systems and services meet the security objectives we communicate to customers. The team performs security assessments, vulnerability research, static and dynamic analysis, penetration testing, red-teaming, and security tool development. We ensure the security of the software and hardware that runs our cloud infrastructure and strive for continuous improvement. We bring together the right people who enhance team capability and build roles around each team member's skills and interests. We value equity, inclusion, and respect for all and are committed to learning and growth. Learn more at https://cloud.oracle.com/cloud-infrastructure. Are you interested in building large-scale distributed security systems and tools for the cloud? This role offers huge upside potential, high visibility, and fast career growth. We are growing fast, maturing, and working on results-oriented initiatives. A security-focused leader can have significant technical and business impact. This is a unique opportunity to work with smart people to solve complex problems in distributed systems, security, and multi-tenant Infrastructure-as-a-Service (IaaS) at massive scale. Our ideal candidate is a hardworking and hands-on engineer who cares about security and improves their knowledge daily. We seek hands-on cloud hackers with expertise in identifying and exploiting complex security problems in distributed, multi-tenant services and infrastructure. Our customers run their businesses on our cloud, and our mission is to provide them with a best-in-class and ever-expanding set of cloud-based services. This role is for a hands-on cloud hacker on the Offensive Security Team. The team is targeting candidates in the U.S. who can work ONSITE in Nashville, TN (priority) or Austin, TX (secondary). Relocation assistance is provided. This is not a remote position. Must be a U.S. Citizen or Permanent Resident of the United States. Visa sponsorship is not available for this position. Responsibilities
You enjoy diving into complex source code audits to reveal subtle security vulnerabilities Writing new tools such as fuzzers in languages such as C/C++, Python, Ruby, Go or Java Tearing apart an undocumented file format or network protocol Coming up with novel techniques to solve unique and interesting security problems Reviewing new services and their integration points with existing services Guiding security projects beyond the scope of performing assessment work Identifying and disclosing vulnerabilities to 3rd party vendors Designing complex systems and services that improve the quantity or quality of offensive security output Reviewing features of moderate complexity in existing systems, identifying new risk areas, and working with service teams to mitigate them Driving organization-wide improvements in engineering practices, security architecture, operation practices, or development practices Collaborating across service teams and security stakeholders on security assessments Balancing business and security risk while applying expertise in a business-critical security area to advance the business Qualifications
6+ years of experience in vulnerability discovery / security engineering / application security Threat modeling experience of microservice architectures Experience working in a large cloud or software company Extensive research or experience with multiple classes of security bugs Evidence of contribution to the security community (training, thought leadership, conference talks, publications) Ability to improve security throughout the organization by identifying risks or opportunities and piloting improvements Subject matter expert in at least one business-critical area (e.g., cryptography, hardware security, operating systems, authentication protocols, fuzzing, DoS mitigation, networks, distributed systems) Collaborative track record between internal teams and external organizations Excellent organizational, verbal, and written communication skills Intermediate knowledge of Linux OS internals Advanced knowledge of at least one programming language and ability to read two high-level languages (e.g., Java) Preferred Qualifications
Undergraduate or graduate degree in Electrical Engineering, Computer Science, or related field, or equivalent work experience Hands-on experience developing services on a public cloud platform (e.g., AWS, Azure, Oracle) Experience building CI/CD pipelines with robust testing and deployment schedules Experience translating customer requests into prioritized work or features Expertise in applying risk identification techniques to develop security solutions Experience with cryptographic algorithms, standards, implementation, and application Experience with threat modeling, penetration testing, reverse engineering and attacks on software Experience working with large enterprise customers Active TS/SCI clearance Qualifications
Disclaimer:
Certain US customer or client-facing roles may require compliance with applicable requirements, such as immunization and occupational health mandates. Range and benefit information provided in this posting are specific to the stated locations only US: Hiring range in USD from: $120,100 - $251,600 per year. May be eligible for bonus, equity, and compensation deferral. Oracle maintains broad salary ranges for its roles to account for variations in knowledge, skills, experience, market conditions and locations. Candidates are typically placed into the range based on factors including internal peer equity. Oracle US offers a comprehensive benefits package including medical, dental, vision, disability insurance, life insurance, 401(k) with company match, paid time off, holidays, sick leave, parental leave, and more. About Us: Oracle is an Equal Employment Opportunity Employer. Oracle does not discriminate on the basis of race, color, religion, sex, national origin, age, disability, or any other legally protected status. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law. Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology Industries: IT Services and IT Consulting We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr