Principal Security Pentester - OASE

Who are we?

Oracle Analytics organization plays a meaningful role in delivering and supporting best-of-breed cloud solutions to Oracle customers.

The Service Excellence team at Oracle Analytics Cloud (OAC) is on the verge of redefining the development paradigms at software giant. With the world moving towards the Cloud, Oracle is at the forefront with tremendous portfolio of Cloud offerings.

However, this transformation happens not just at the product level, but also in the process of developing, deploying, and operating these products in the Cloud. Using a combination of ground breaking technologies, continuous process improvements and innovative business transformation methodologies, a small group of us are inventing on the Service Excellence philosophy.

Position Overview:

A unique opportunity to join a rapidly growing outstanding organization, working in the Oracle Analytics Security team tasked with enabling Oracle’s large-scale business to seamlessly operate in multiple Cloud Environments.  This mission is achieved by helping the Oracle Analytics lines of business scale up and out and meet regulatory demands in global markets.

To help combat emerging threats, Oracle employs an innovative Assume Breach strategy and leverages highly niche groups of security experts to strengthen threat detection, response and defense for its enterprise cloud services.

Role & Responsibilities

We are looking for hands-on Security Analyst with hacker (Red, Black-box) and cloud pen-testing expertise with passion in identifying and exploiting complex Security problems in distributed, multi-tenant services and infrastructure to help keep our services secure.

Oracle Cloud Infrastructure (OCI) provides Infrastructure-as-a-Service. We operate distributed systems at a high scale, worldwide. These are the foundation of our cloud environments.  Our customers run their businesses on our cloud, and our mission is to provide them with an outstanding and ever-expanding set of cloud-based services from Oracle Analytics.

Within Oracle Analytics Service Excellence org, our Security team conducts penetration testing, hacking, vulnerability discovery / security engineering / Application Security, security reviews, research, and serves as red team. We ensure the security of software and hardware that run our cloud services strive to continuously improve our security stance.

These are exciting times in our space.  We are growing fast, still at an early stage and working on ambitious new initiatives. A security-focused engineer at any level can have significant technical and business impact.  Come shape the future of one of the largest cloud services on earth with us.

Career Level - IC4

The candidate must have knowledge and experience with:

• Oracle Cloud Infrastructure (OCI) and/or AWS, Azure, or GCP compute, storage, and network operational experience.
• Methodical approaches to fixing and solving complex technical problems
• Issue tracking and teamwork (Jira and Confluence).
• Producing documentation in support of developed work (KBs, run books, help guides).
• Linux/Unix system administration including system level knowledge of Linux on OCI Gen 2, creating and completing scripts.
• Networking and TCP/IP fundamentals.
• Applying agile methodologies.
• Working with remote, global teams as well as individuals.
• Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff as we as team environment
• Working independently and in a self-directed manner.

  Preferred Qualifications

• proven experience in Security application / penetration (Red/Black-box) / vulnerabilities
• Strong application/product/software security background
• Vulnerability discovery across Cloud services
• Extensive research or experience with multiple classes of security bugs
• Emergent threat testing
• Understand internet networking services, such as DNS, HTTP, etc.
• Programming and scripting languages (Python, Java, bash are our preferred)
• Using Ci/CD scripting tools such as Ansible, Puppet, or Chef.
• Containers and orchestration (Docker, Kubernetes).
• Oracle Database, MySQL or other RDBMS.
• Used Kali Linux, BurpSuite, Postman, Nmap.Nessus, Wireshark

  Top 3 abilities / technologies in the ideal candidate:

• Demonstrated competence in managing large scale cloud Security projects
• Security lifecycle, Security Pen-testing, hacking
• Strong sense of ownership, accountability and drive

Minimum of 8 years related experience in an information security role supporting security programs and security engineering/architecture in complex enterprise environments. Hands on experience with enterprise security architecture, engineering and implementation required.
Knowledge of compliance program security controls, like ISO 27001, SOC 2, HITRUST, and FedRAMP, as applied to cloud SaaS, PaaS and IaaS operations.
Familiarity with SDLC principles and scripting & programming languages (such as Terraform, Python, and Ruby).
Strong knowledge of:  Cloud architecture and security principles.  Risk Management Frameworks.  *nix and Windows system administration.
Experience with: Logging and log analysis.  Identity management principles and technology.
Preferred but not required qualifications include:
Bachelor-level university degree in a relevant field from an accredited university, or equivalent.  
Strong knowledge of web technologies, middleware, database, OS, firewalls, network communication protocols and methods.
Knowledge of database security principles.
Knowledge of encryption technologies and architectures.
Expert level experience in evaluating and assessing security threats across a variety of environments and industries.
Expert level understanding of secure networking principles, routers, switches and load balancers.

This job requires proficiency in the English language. Oracle is a global company with operations in dozens of countries around the world and our teams, including the team this position is part of, are comprised of individuals located in various jurisdictions. As is required of employees in all jobs at Oracle in North America, candidates for this position are required to understand, and communicate, in English so that in the course of performing their work, they can interact with teammates in other locations who are not fluent in the French language.

For applicants located in the Province of Quebec, a basic proficiency of the French language is required.

As a world leader in cloud solutions, Oracle uses tomorrow’s technology to tackle today’s problems. True innovation starts with diverse perspectives and various abilities and backgrounds.

When everyone’s voice is heard, we’re inspired to go beyond what’s been done before. It’s why we’re committed to expanding our inclusive workforce that promotes diverse insights and perspectives.

We’ve partnered with industry-leaders in almost every sector—and continue to thrive after 40+ years of change by operating with integrity.

Oracle careers open the door to global opportunities where work-life balance flourishes. We offer a highly competitive suite of employee benefits designed on the principles of parity and consistency. We put our people first with flexible medical, life insurance and retirement options. We also encourage employees to give back to their communities through our volunteer programs.

We’re committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by calling +1 888 404 2494, option one.

Disclaimer:

Oracle is an Equal Employment Opportunity Employer*. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

* Which includes being a United States Affirmative Action Employer