Principal Security Pentester - OASE

Job Description

Who are we?

Oracle Analytics organization plays a meaningful role in delivering and supporting best-of-breed cloud solutions to Oracle customers.

The Service Excellence team at Oracle Analytics Cloud (OAC) is on the verge of redefining the development paradigms at software giant. With the world moving towards the Cloud, Oracle is at the forefront with tremendous portfolio of Cloud offerings.

However, this transformation happens not just at the product level, but also in the process of developing, deploying, and operating these products in the Cloud. Using a combination of ground breaking technologies, continuous process improvements and innovative business transformation methodologies, a small group of us are inventing on the Service Excellence philosophy.

Position Overview :

A unique opportunity to join a rapidly growing outstanding organization, working in the Oracle Analytics Security team tasked with enabling Oracle's large-scale business to seamlessly operate in multiple Cloud Environments. This mission is achieved by helping the Oracle Analytics lines of business scale up and out and meet regulatory demands in global markets.

To help combat emerging threats, Oracle employs an innovative Assume Breach strategy and leverages highly niche groups of security experts to strengthen threat detection, response and defense for its enterprise cloud services.

Responsibilities displayed in the job posting

Role & Responsibilities

We are looking for hands-on Security Engineer with hacker (Red, Black-box) and cloud pen-testing expertise with passion in identifying and exploiting complex Security problems in distributed, multi-tenant services and infrastructure to help keep our services secure.

Oracle Cloud Infrastructure (OCI) provides Infrastructure-as-a-Service. We operate distributed systems at a high scale, worldwide. These are the foundation of our cloud environments. Our customers run their businesses on our cloud, and our mission is to provide them with an outstanding and ever-expanding set of cloud-based services from Oracle Analytics.

Within Oracle Analytics Service Excellence org, our Security team conducts penetration testing, hacking, vulnerability discovery / security engineering / Application Security, security reviews, research, and serves as red team. We ensure the security of software and hardware that run our cloud services strive to continuously improve our security stance.

These are exciting times in our space. We are growing fast, still at an early stage and working on ambitious new initiatives. A security-focused engineer at any level can have significant technical and business impact. Come shape the future of one of the largest cloud services on earth with us.

Qualifications :

Some of our people have qualifications like the ones listed below. Our ideal candidate is passionate about security and fostering their knowledge every day. You enjoy diving into complex source code, audits to reveal subtle security vulnerabilities, writing new tools such as fuzzers in languages such as Python, Go or Java, tearing apart an undocumented file format or network protocol and coming up with novel techniques to solve outstanding and exciting security problems. We hope you like working at scale as much as we do much as we do, because Oracle has no shortage of it. Come join us today!

General Qualifications

The candidate must have knowledge and experience with :

Oracle Cloud Infrastructure (OCI) and / or AWS, Azure, or GCP compute, storage, and network operational experience.

Methodical approaches to fixing and solving complex technical problems

Issue tracking and teamwork (Jira and Confluence).

Producing documentation in support of developed work (KBs, run books, help guides).

Linux / Unix system administration including system level knowledge of Linux on OCI Gen 2, creating and completing scripts.

Networking and TCP / IP fundamentals.

Applying agile methodologies.

Working with remote, global teams as well as individuals.

Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff as we as team environment

Working independently and in a self-directed manner.

Preferred Qualifications

proven experience in Security engineering / application / penetration (Red / Black-box) / vulnerabilities

Strong application / product / software security background

Vulnerability discovery across Cloud services

Extensive research or experience with multiple classes of security bugs

Emergent threat testing

Understand internet networking services, such as DNS, HTTP, etc.

Programming and scripting languages (Python, Java, bash are our preferred)

Using Ci / CD scripting tools such as Ansible, Puppet, or Chef.

Containers and orchestration (Docker, Kubernetes).

Oracle Database, MySQL or other RDBMS.

Used Kali Linux, BurpSuite, Postman, Nmap.Nessus, Wireshark

Top 3 abilities / technologies in the ideal candidate :

Demonstrated competence in managing large scale cloud Security projects

Security lifecycle, Security Pen-testing, hacking

Strong sense of ownership, accountability and drive

Career Level - IC4

Responsibilities

Responsible for advanced planning, design and build of security systems, applications, environments and architectures; oversees the implementation of security systems, applications, environments and architectures and ensures compliance with information security standards and corporate security policies and procedures.

Provides technical advice and direction to support the design and development of secure architectures.

May participate in an incident management team, bringing advanced-level skills to respond to security events in line with Oracle incident response playbooks. Investigates purported intrusions and breaches, and oversees root cause analysis. Coordinates incidents with other business units and may act as Incident Commander of serious incidents. Develops new methods, and playbooks, as well as sophisticated scripts, applications, and tools, and trains others in their use.

May participate in an incident management team, responding to security events in line with Oracle incident response playbooks. Investigates purported intrusions and breaches, and oversees root cause analysis. Coordinates incidents with other business units and may act as incident commander of serious incidents. Participates in developing new methods, playbooks throughout Oracle.

Evaluates existing and proposed technical architectures for security risk, provides technical advice to support the design and development of secure architectures and recommends security controls to mitigate those risks. Evaluations of internal security architecture may include design assessment, risk assessment, and threat modeling.

Brings advanced-level skills to research, evaluate, track, and manage information security threats and vulnerabilities in situations where in-depth analysis of ambiguous information is required, and where computer programming / scripting knowledge is required.

Work with Senior management to develop and implement a multi-year security roadmap

Focus on operational and strategic level tasks, and provide counsel and guidance to the junior level security operations engineers in the department.

Disclaimer :

Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.

Range and benefit information provided in this posting are specific to the stated locations only

CA : Hiring Range in CAD from : $76,700 to $167,600 per annum.

US : Hiring Range in USD from : $109,200 to $223,400 per annum. May be eligible for bonus and equity.

Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle's differing products, industries and lines of business.

Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.

Oracle US offers a comprehensive benefits package which includes the following :

Medical, dental, and vision insurance, including expert medical opinion

Short term disability and long term disability

Life insurance and AD&D

Supplemental life insurance (Employee / Spouse / Child)

Health care and dependent care Flexible Spending Accounts

Pre-tax commuter and parking benefits

401(k) Savings and Investment Plan with company match

Paid time off : Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.

11 paid holidays

Paid sick leave : 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.

Paid parental leave

Adoption assistance

Employee Stock Purchase Plan

Financial planning and group legal

Voluntary benefits including auto, homeowner and pet insurance

The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.

This job requires proficiency in the English language. Oracle is a global company with operations in dozens of countries around the world and our teams, including the team this position is part of, are comprised of individuals located in various jurisdictions. As is required of employees in all jobs at Oracle in North America, candidates for this position are required to understand, and communicate, in English so that in the course of performing their work, they can interact with teammates in other locations who are not fluent in the French language.

For applicants located in the Province of Quebec, a basic proficiency of the French language is required.

About Us

As a world leader in cloud solutions, Oracle uses tomorrow's technology to tackle today's challenges. We've partnered with industry-leaders in almost every sector-and continue to thrive after 40+ years of change by operating with integrity.

We know that true innovation starts when everyone is empowered to contribute. That's why we're committed to growing an inclusive workforce that promotes opportunities for all.

Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.

We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing accommodation-request_mb@oracle.com or by calling +1 888 404 2494 in the United States.

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.