Principal Penetration Tester - TS/SCI Clearance Required

This role is within Oracle SaaS Cloud Security (SCS). This team is responsible for ensuring the protection of Oracle’s SaaS applications.

Oracle SaaS . Oracle Cloud applications, built on machine learning, offer the most complete application suite with the best technology, enabling fast innovation with a modern UX and customer-first approach and one of the top strategic cloud services for Oracle.

The SCS organization is responsible for securing enterprise-grade software services on behalf of our 25,000 customers, processing over 60 billion transactions per will have the opportunity to work in a cloud-scale environment using the latest security technologies / tools and collaborate with the best minds in the industry, to collectively stay ahead and respond to increasing threats to cloud services.

You will be part of a team of penetration testers from around the world and will have opportunities to work, learn and share with these colleagues.

Most of the time you can work from home or any Oracle office, but this position requires someone who has and can maintain, a TS / SCI clearance and has the ability to work independently in a SCIF location part time.

SCIF locations are Reston VA, Austin TX, or Seattle WA.

Career Level - IC4

Detailed Description

Performs penetration testing and attack simulations for business critical infrastructure including internal servers, networks and applications to identify and document security flaws.

May also lead and supervise others completing these tasks. Researches and experiments with various methods attackers could use to exploit information security vulnerabilities.

Verifies and automates exploits by developing scripts for colleagues to utilize.

About you :

Successful applicants will possess the knowledge necessary to conduct ethical hacking activities and have experience doing so.

• Web applications, middle-ware, Kubernetes and Docker containers, databases, systems and networks.
• Ethical hacking activities will be focused primarily on network applications and Linux based operating systems, but will also include the entire stack that comprises the Oracle Cloud.
• Familiarity with the Linux command line and scripting languages and tools for pen testing is required. Especially Python, Bash, Burpsuite, Nessus, Metasploit, Kali and other commonly used pen testing tools.
• A background in web development and debugging is a plus, as is the ability to write scripts on an as needed basis.
• Holds relevant industry certifications such as OSCP / CREST CRT, CREST CCT Inf / App, OSCE, CISSP, GSEC, GPEN, GCFW, GWAPT, GAWN or equivalent.
• Holds a TS / SCI clearance and can work part time at one of our SCIF locations.
• Has knowledge of Common Vulnerabilities and Exposures (CVEs).

Disclaimer :

Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.

Range and benefit information provided in this posting are specific to the stated locations only

US : Hiring Range : from $109,100 to $223,500 per annum. May be eligible for bonus and equity.

Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle’s differing products, industries and lines of business.

Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.

Oracle US offers a comprehensive benefits package which includes the following :

1. Medical, dental, and vision insurance, including expert medical opinion

2. Short term disability and long term disability

3. Life insurance and AD&D

4. Supplemental life insurance (Employee / Spouse / Child)

5. Health care and dependent care Flexible Spending Accounts

6. Pre-tax commuter and parking benefits

7. 401(k) Savings and Investment Plan with company match

8. Paid time off : Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position.

Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment.

Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.

9. 11 paid holidays

10. Paid sick leave : 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.

11. Paid parental leave

12. Adoption assistance

13. Employee Stock Purchase Plan

14. Financial planning and group legal

15. Voluntary benefits including auto, homeowner and pet insurance

The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.