Offensive Security Engineer

Job Description

Responsible for advanced security testing of Oracle applications and services (primarily SaaS-related) including but not limited to covert red team operations, security research and white box penetration testing, exploit development, and black box penetration testing.

Responsibilities

This team is responsible for ensuring the protection of Oracle's SaaS applications and services.

Oracle SaaS (a.k.a. Oracle Cloud applications), built on machine learning, offers the most complete application suite with the best technology, enabling fast innovation with a modern UX and customer-first approach and one of the top strategic cloud services for Oracle.

The SCS organization is responsible for securing enterprise-grade software services on behalf of our 25,000 customers, processing over 60 billion transactions per day. You will have the opportunity to work in a cloud-scale environment using the latest security technologies/tools and collaborate with the best minds in the industry, to collectively stay ahead of and respond to increasing threats to cloud services. And you will actively engage in conducting proactive security research and white box penetration testing, including the development of working proof of concept exploits; reactive security research based on industry trends as well as security incidents related to Oracle; covert red team operations; black box penetration tests; and other types of work involving collaboration with various security and engineering teams within Oracle SaaS.

About You

Successful applicants will possess the knowledge necessary to conduct ethical hacking activities on:

• SaaS applications
• SaaS host and network environments
• Web applications
• APIs
• Java-based technologies
• Databases
• AI/ML technologies
• Internally facing tools

The team that is hiring will have members who may possess different sets of advanced offensive security skills. Some of the advanced skills needed include:

• Red team custom implant development primarily in a Linux environment (non-Linux OS environments also present but less numerous)
• Red team campaign execution
• Red team infrastructure support (i.e., Terraform, Ansible, cloud products, etc.)
• Security research and code review
• Proof of concept exploit/malware development

Minimum Qualifications

• 5+ years of experience in offensive security, with at least 3 years of recent experience with red team operations or security research
• BS in Computer Science, or equivalent experience
• Deep familiarity with Linux and attack tooling is required
• Ability to work in a collaborative, cross-functional team environment
• In depth knowledge of security vulnerabilities including a detailed understanding of the OWASP top 10, secure design and secure coding principles
• Ability to prioritize and handle concurrent assignments or projects
• Excellent team player, willing to share knowledge and skills with peers and team members
• Strong presentation, written and verbal communication skills
• Experience with security testing tools including static analysis, web application testing, infrastructure and network testing, and manual security testing required

Preferred Qualifications

• Proficient in multiple programming and scripting languages including any of the following: Java, C#, C, Go, Rust, Scala, Ruby, Python, Bash/sh, Powerscript, JavaScript, or other object-oriented languages
• Experience leading red team campaigns from start to finish with high success rate and low detection rate
• Experience in building covert command and control (C2) implants designed to evade host-based and network-based detection capabilities
• Proven ability (i.e., published CVEs, etc.) to discover and exploit complex security vulnerabilities and vulnerability chains to achieve remote code execution (RCE)
• Experience with AI red teaming or penetration testing
• Advanced security certifications relevant to white box penetration testing and red team operations such as: OSCP, OSCE, OSWE, OSEP, OSED, OSEE, OSCE3, CRTP, CRTE, CRTM, GXPN

About Us

Only Oracle brings together the data, infrastructure, applications, and expertise to power everything from industry innovations to life-saving care. And with AI embedded across our products and services, we help customers turn that promise into a better future for all. Discover your potential at a company leading the way in AI and cloud solutions that impact billions of lives.

True innovation starts when everyone is empowered to contribute. That’s why we’re committed to growing a workforce that promotes opportunities for all with competitive benefits that support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.

We’re committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing accommodation-request_mb@oracle.com or by calling 1-888-404-2494 in the United States.

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

Key skills/competency

• Red Teaming
• Penetration Testing
• Exploit Development
• Security Research
• SaaS Security
• Cloud Security
• Linux
• OWASP Top 10
• Vulnerability Assessment
• Ethical Hacking