Job Information
Oracle Penetration Tester 4 in Salt Lake City, Utah
Performs penetration testing and attack simulations on business critical infrastructure including internal servers, networks and applications to identify and resolve security flaws.
Performs penetration testing and attack simulations for business critical infrastructure including internal servers, networks and applications to identify and resolve security flaws. May also lead and supervise others competing these tasks. Self-scoping assessments. Researches and experiments with various methods attackers could use to exploit information security vulnerabilities. Develops standard methodologies and techniques for conducting penetration testing, including developing standard tool-sets and automating testing. Oversees and directs security testing activities within specific Oracle Lines of Businesses. Completes threat assessment reports that outline penetration test findings and presents findings to management. Verifies and automates exploits by developing scripts for colleagues to utilize.
Minimum 8 years combined experience from at least three of the following: security testing, systems development, systems administration, network administration, scripting, and security testing automation required. Preferred but not required qualifications include: BS or MS in Computer Science, Computer Security or Computer Engineering. Holds relevant industry certifications such as OSCP/ CREST CRT, CREST CCT Inf/App, OSCE, CISSP, GSEC, GPEN, GCFW, GWAPT, GAWN or equivalent. Has Common Vulnerabilities and Exposures (CVEs). Has contributed to an open source project.
Oracle is an Affirmative Action-Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans status, age, or any other characteristic protected by law.
This role is within Oracle SaaS Cloud Security. This team is responsible for ensuring the protection of Oracle s SaaS applications.
Oracle SaaS a.k.a. Oracle Cloud applications, built on machine learning, offer the most complete application suite with the best technology, enabling fast innovation with a modern UX and customer-first approach and one of the top strategic cloud services for Oracle. The SCS organization is responsible for securing enterprise-grade software services on behalf of our 25,000 customers, processing over 60 billion transactions per day.
You will have the opportunity to work in a cloud-scale environment using the latest security technologies/tools and collaborate with the best minds in the industry, to collectively stay ahead and respond to increasing threats to cloud services. And you will actively engage in conducting black box application security testing - complementing what the development teams do in a more holistic and more integrated setting through the security automation and tooling. Team responsibilities will include Dynamic App Security Testing/Fuzz Testing, Interactive / manual App security testing, network/OS security testing, firewall rules, security verifications.
About you:
Successful applicants will possess the knowledge necessary to conduct ethical hacking activities on;
web applications, middle-ware, Java containers/technologies,databases, systems and networks
Ethical hacking activities will be focused primarily on network applications and operating systems, but will also include the entire stack that comprises the Oracle Cloud
Familiarity with linux commandline and command line based scripts and tools for pen testing is required.
A background in web development and debugging is a plus, as is knowledge of common web application penetration testing tools and the ability to write/scripts and additional tools on an as needed basisMinimum Qualifications
5 years of experience with penetration testing.
BS in Computer Science, or equivalent experience
Ability to work in a collaborative, cross-functional team environment
In depth knowledge of security vulnerabilities including a detailed understanding of the OWASP top 10, secure design and secure coding principles
Ability to prioritize and handle concurrent assignments or projects.
Excellent team player, willing to share knowledge and skills with peers and team members
Strong presentation, written and verbal communication skills
Experience in security testing tools including static analysis, web application testing, infrastructure and network testing, and manual security testing requiredPreferred Qualifications
Experience penetration testing of Enterprise software, SaaS, IaaS or PaaS cloud services, 2 years minimum preferred
Experience with security tools like Burp Proxy, WebInspect, Appscan, Nessus, Qualys etc.
Proficient in at least one (preferably two) of the following languages: Java, C#, Go, Rust, Scala, Ruby, Python, JavaScript, or another object-oriented language
Strong grasp of Linux and Unix-like operating systemsOracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic protected by law.
Job: *Information Security Engineering
Organization: *Oracle
Title: Penetration Tester 4
Location: United States
Requisition ID: 2000112W