Apply on Employer Site

Oracle · 1 day ago

Senior Principal Offensive Security Engineer (OCI)

Nashville, TN

Full-time

Onsite

Senior Level, Lead/Staff

$120K/yr - $252K/yr

6+ years exp

Oracle is a world leader in cloud solutions, and they are seeking a Senior Principal Offensive Security Engineer to join their Cloud Infrastructure team. This role involves conducting security assessments, vulnerability research, and developing security tools to ensure the integrity of Oracle's cloud services.

Data GovernanceData ManagementEnterprise SoftwareInformation TechnologySaaSSoftware

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

You enjoy diving into complex source code audits to reveal subtle security vulnerabilities

Writing new tools such as fuzzers in languages such as C/C++, Python, Ruby, Go or Java

Tearing apart an undocumented file format or network protocol

Coming up with novel techniques to solve unique and interesting security problems

Review new services, including their integration points with existing services

Guide security projects beyond the scope of performing assessment work

Identify and disclose vulnerabilities to 3rd party vendors

Design complex systems and services that improve quantity or quality of offensive security output

You'll reviews new features of moderate complexity in existing systems, identifying areas of new risk created; work with service teams to explore and recommend mitigations; and collaborate across service teams and security stakeholders

Review new services, including their integration points with existing services

Guide security projects beyond the scope of performing assessment work: identifying and disclosing vulnerabilities to 3rd party vendor or design of complex systems and services that improve quantity or quality of offensive security output

You'll drive organization wide improvement in the form of engineering practices, security architecture, operation practices or development practices

You'll reviews new services and their integration points with other services; guides security assessments of our most complex or important products, and is independently capable of balancing business and security risk; and apply your expertise in business-critical security area to advance the business relative to the industry

Qualification

Vulnerability discoverySecurity engineeringApplication securityThreat modelingCloud platform experienceSecurity community contributionLinux OS InternalsProgramming languagesCommunicationCollaborative track recordOrganizational skills

Required

6+ years of experience in vulnerability discovery / security engineering / application security

Threat modeling experience of microservice architectures

Experience working in a large cloud or software company

Extensive research or experience with multiple classes of security bugs

Evidence of contribution to the security community in the form of conducting training / thought leadership / conference talks / publications

Improve security throughout the organization, identifying areas of risk or opportunities for improvement and piloting them

Be a subject matter expert in at least one business-critical area (e.g. cryptography, hardware security, operating systems, authentication protocols, fuzzing, DoS mitigation, networks, distributed systems)

Collaborative track record working between internal teams and external organizations

Excellent organizational, verbal and written communication skills

Intermediate knowledge of Linux OS Internals

Advanced knowledge of one programming language and ability to read two high level programming language such as Java

Preferred

Undergraduate or Graduate degree in Electrical Engineering, Computer Science, or another related field or equivalent work experience

Hands-on experience developing services on a public cloud platform (e.g., AWS, Azure, Oracle)

Building continuous integration/deployment pipelines with robust testing and deployment schedules

Experience working with internal customers and translating requests into prioritized work or features

Expertise in applying risk identification techniques to develop security solutions

Experience and understanding of Cryptographic algorithms, standards, implementation and application

Experience and understanding of threat modeling, penetration testing, reverse engineering and attacks on software

Experience working with large enterprise customers

Active TS/SCI Clearance

Benefits

Medical, dental, and vision insurance, including expert medical opinion

Short term disability and long term disability

Life insurance and AD&D

Supplemental life insurance (Employee/Spouse/Child)

Health care and dependent care Flexible Spending Accounts

Pre-tax commuter and parking benefits

401(k) Savings and Investment Plan with company match

Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.

11 paid holidays

Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.

Paid parental leave

Adoption assistance

Employee Stock Purchase Plan

Financial planning and group legal

Voluntary benefits including auto, homeowner and pet insurance