Applicants are required to read, write, and speak the following languages: English
Cloud Native Environment (CNE) is a strategic component built on top of the Oracle Cloud Infrastructure (OCI), Oracles second generation IaaS for providing critical cloud services to multiple Oracle Global Business Unit (GBU) applications.
CNE provides a microservice-driven platform, software delivery toolchain, and a continuous integration/continuous delivery operations model to support high margin, highly elastic, and highly available SaaS applications. The CNE Offensive Security team is part of the overall CNE Security group, which actively collaborates with a variety of internal and partner organizations to ensure the CNE environment is secure in all aspects of the software development lifecycle, application deployment and operations.
Security Penetration Tester is a key individual contributor role with accountability for researching, detecting, and exploiting security vulnerabilities in the GBU CNE platform and Oracle SaaS applications deployed there. Successful candidate will be leveraging adversarial testing and assurance techniques and devise novel approaches to solving unique security challenges of a native cloud environment.
Performing application testing and security assessments at the application and service levels Executing manual penetration tests and validation of vulnerability scan results Conducting Security research to remain up to date on the latest Cloud Native security threats Providing assessment reports of findings and consult with developers on mitigation strategies Writing new fuzzing and testing tools for assessments of proprietary frameworks and protocols Reverse-engineering undocumented file formats and protocols as part of assessments
Advanced knowledge in system exploits, network exploitation, mobile platform and application hacking, web application exploitation Proficiency in programming and/or scripting languages (e.g. C/C++, Python, Java, Go, Ruby, JS etc). Prior experience in Threat modeling Experience with Linux and Bash shell scripting Knowledge of network and web-related protocols (e.g., TCP/IP, UDP, DHCP, DNS, HTTP, HTTPS, routing protocols) Ability to conduct independent security research Hands-on experience with fuzz testing to identify vulnerabilities and security risks in different Protocols and interfaces Knowledge of cloud-based security principles; cloud security vulnerabilities and their best practices Hands-on experience in Kali, Metasploit, Bugtraq or similar pentesting platforms and relevant tools Bachelors degree in Computer Science/ IT or equivalent experience 5+ years of experience in vulnerability discovery / security engineering / application security
Experience in pentesting DevSecOps/Containers/Kubernetes/Microservices is strongly preferred Hardware security (hardware hacking) Experience with multiple operating systems/programming platforms Familiarity with microservices architecture Experience with Cloud Native technologies like Docker, Kubernetes, etc
OSCP, OSCE, CCSP, and/or other comparable certifications Oracle Cloud Infrastructure Architect Professional Cloud Solutions Architect Certified
Detailed Description and Job Requirements
Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc.
As a member of the software engineering division, you will assist in defining and developing software for tasks associated with the developing, debugging or designing of software applications or operating systems. Provide technical leadership to other software developers. Specify, design and implement modest changes to existing software architecture to meet changing needs.
Duties and tasks are varied and complex needing independent judgment. Fully competent in own area of expertise. May have project lead role and or supervise lower level personnel. BS or MS degree or equivalent experience relevant to functional area. 4 years of software engineering or related experience.