Oracle Penetration Tester 4 in Troy, Michigan
Performs penetration testing and attack simulations on business critical infrastructure including internal servers, networks and applications to identify and resolve security flaws.
Performs penetration testing and attack simulations for business critical infrastructure including internal servers, networks and applications to identify and resolve security flaws. May also lead and supervise others competing these tasks. Self-scoping assessments. Researches and experiments with various methods attackers could use to exploit information security vulnerabilities. Develops standard methodologies and techniques for conducting penetration testing, including developing standard tool-sets and automating testing. Oversees and directs security testing activities within specific Oracle Lines of Businesses. Completes threat assessment reports that outline penetration test findings and presents findings to management. Verifies and automates exploits by developing scripts for colleagues to utilize.
Minimum 8 years combined experience from at least three of the following: security testing, systems development, systems administration, network administration, scripting, and security testing automation required. Preferred but not required qualifications include: BS or MS in Computer Science, Computer Security or Computer Engineering. Holds relevant industry certifications such as OSCP/ CREST CRT, CREST CCT Inf/App, OSCE, CISSP, GSEC, GPEN, GCFW, GWAPT, GAWN or equivalent. Has Common Vulnerabilities and Exposures (CVEs). Has contributed to an open source project.
This is a remote/office based position which may be performed anywhere in the United States except for within the state of Colorado.
Oracle is an Affirmative Action-Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans status, age, or any other characteristic protected by law.
Product Security Role
Who We Are
At Oracle Data Cloud (ODC) we unlock hidden potential with data. In the fast-paced world of digital advertising, ODC has built its legacy on finding the signal through the noise. Whatever corner of the industry you’re in: brands, agencies, publishers, or technology platforms, we bring together data and technology that helps you better understand your audience, where to best engage them, and how to measure it all.
What We’re Looking For
ODC is looking for a Principal Product Security Engineer that has deep experience with a variety of programming languages, an in depth understanding of software development processes and experience securing products in an Agile development environment. This individual will report to the Director of Offensive Security of Oracle Data Cloud.
In an average day, you will review code for security flaws, commit enhancements to new or existing code, sit with development teams and engineers, and help to educate developers about security best practices according to Oracle standards and guidelines. It is important to be comfortable writing and checking in code, analyzing output from SAST/DAST tooling, also have a strong understanding of software security vulnerabilities. As such, this is a technical role and involves hands-on application of software security.
You are passionate about security, like learning new things and are comfortable making decisions in situations of uncertainty.
Demonstrate initiative by suggesting modifications to existing tools or technologies or developing new tools that improve security for the business.
Experience working in an Agile/SAFe development environment and communicating the value of security to developers or other engineers.
Use your deep technical experience to guide discussions, designs and planning in a collaborative environment with multiple stakeholders.
Strong background in software security, including assessments, patching, filtering, SDLC and best practices.
Understanding of CVEs, vulnerabilities, triage, and prioritization.
Ability to identify configuration flaws, and how adversaries might leverage them.
Experience securing REST APIs and web services.
Experience using and implementing SAST / DAST tools such as Fortify, Veracode, Checkmarx, or other similar tools.
Familiarity with software library vulnerability scanning and tracking tools such as BlackDuck, Whitesource, and so on.
Automation and cloud
Experience working in large scale cloud environments such as AWS, OCI, and others.
Background with data including Spark, Hadoop, and traditional databases such as MySQL.
Use your experience with DevSecOps, CI/CD, Containers and microservices to insert security into our build and deployment processes. We are looking for individuals who know how to use tools like CloudFormation, Terraform, GitLab, Docker and Kubernetes.
Comfortable implementing security on high-volume, low-latency Internet solutions. We have real-time API’s that receive over 10 billion requests per day from our partners and clients.
Security research and metrics
Background training or coaching engineering teams in security best practices.
Have experience writing code to automate security processes or build security tooling.
Ability to define and produce metrics.
Assist other teams in making product security operational.
You are comfortable juggling multiple projects and can self-prioritize as needed.
Keep up to date with existing and emerging security technologies that can be adopted at ODC.
Come Join Our Team
It’s not every day you find an organization with more than 1,500 people that acts like a start-up. When you join Oracle Data Cloud, you’re more than just an employee – you are part of a team. If you are the type of person who likes being hands on, wants to help secure software and are deeply passionate about security we want to talk to you.
Benefits and Perks
Comprehensive Medical/Dental/Vision, 401k match, ESPP, Equity, Casual work environment, Flexible schedules, Game / break rooms, Maternity & Paternity programs, Collaborative offices, Referral programs and Training opportunities.
Job: *Information Security Engineering
Title: Penetration Tester 4
Location: United States
Requisition ID: 210009AX