OCI Junior Penetration Testing Engineer-1900153A
The Oracle Cloud Infrastructure (OCI) team can provide you the opportunity to build and operate a suite of massive scale, integrated cloud services in a broadly distributed, multi-tenant cloud environment. OCI is committed to providing the best in cloud products that meet the needs of our customers who are tackling some of the world’s biggest challenges.
We offer unique opportunities for smart, hands-on engineers with the expertise and passion to solve difficult problems in distributed highly available services and virtualized infrastructure. At every level, our engineers have a significant technical and business impact designing and building innovative new systems to power our customer’s business critical applications.
Offensive Security – Junior Penetration Testing Engineer
Are you interested in building large-scale distributed infrastructure for the cloud? Oracle's Cloud Infrastructure team is building new Infrastructure-as-a-Service technologies that operate at high scale in a broadly distributed multi-tenant cloud environment. Our customers run their businesses on our cloud, and our mission is to provide them with best in class compute, storage, networking, database, security and an ever expanding set of foundational cloud-based services.
We're looking for hands-on security engineers with expertise and passion in solving difficult security problems in distributed, multi-tenant services and infrastructure. If this is you, at Oracle you can help design and build innovative new systems from the ground up. These are exciting times in our space - we are growing and working on ambitious new initiatives. A security-focused engineer at any level can have significant technical and business impact.
Within OCI, the Offensive Security team conducts penetration tests, hardware security research, and operates our red team. We ensure the security of software and hardware that run our cloud infrastructure, and strive to continuously improve our security stance. The OCI Offensive Security group works as a team. We don't try to fit people into predefined roles. We bring together the right people who can enhance the capability of the team, and build roles around the person's skills and interests. To get you excited, here is a list of some of the projects over the last year this team has worked on:
- Big iron - ExaLogic, ExaData, UltraSPARC, InfiniBand
- Firmware reverse engineering of various hardware components
- Developing custom fuzzing platforms for code-coverage analysis
- Several different hypervisors
- Linux and Windows kernel mode non-sense
- The list goes on and on!
As a Penetration Testing Engineer, you will be working closely with software engineers from the various cloud service teams to build a secure architecture that is fundamentally sound and efficient. Your influence over the design of the full system architecture is critical. You should be familiar with security at all levels of the software, hardware, and network stack; while being exceptionally deep in a few. Intellectual curiosity and an excitement for the challenges of securing complex, massive systems is a must. You should value simplicity and usability as well as security and work comfortably in a collaborative, agile environment.
Some of our people have qualifications like the ones listed below. Our ideal candidate is passionate about security and furthering their knowledge every day. You enjoy diving into complex source code audits to reveal subtle security vulnerabilities, writing new tools such as fuzzers in languages such as C/C++, Python, Ruby, Go or Java, tearing apart an undocumented file format or network protocol and coming up with novel techniques to solve unique and interesting security problems. We hope you like working at scale as much as we do much as we do, because Oracle has no shortage of it.
Things you'll do:
- Penetration testing
- Hardening of network, software and firmware
- Security tool development (e.g. scanning tools)
- Security metrics definition and delivery
- Consult across different software development teams
- Attack vector modeling
- Champion secure coding practices
- Bachelor’s or Master’s degree in Computer Science or related field
- Demonstrated history of vulnerability discovery (CVEs, etc.)
- Experience working in a large cloud or Internet software company preferred
- Strong application/product/software security background
- Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
- Excellent organizational, verbal and written communication skills
- Ability to succeed through collaboration and working through internal and external organizations and individuals
- Prior DevOps or continuous delivery and deployment experience preferred
- OSCP, OSCE, CREST and other industry certifications are a plus
Oracle is an equal opportunity employer. OCI empowers a diverse team, and we strive to involve as many perspectives as possible in our innovation process. All applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic other than merit.
Detailed Description and Job Requirements
Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc.
As a member of the software engineering division, you will apply basic to intermediate knowledge of software architecture to perform software development tasks associated with developing, debugging or designing software applications or operating systems according to provided design specifications. Build enhancements within an existing software architecture and occasionally suggest improvements to the architecture.
Duties and tasks are standard with some variation; displays understanding of roles, processes and procedures. Performs moderately complex problem solving with assistance and guidance in understanding and applying company policies and processes. BS degree or equivalent experience relevant to functional area. 1 year of software engineering or related experience.
Oracle is an Affirmative Action-Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans status, age, or any other characteristic protected by law.