Principal Security Researche

Baltimore, MD
Nov 29, 2022
Dec 01, 2022
Full Time
Job Description Hybrid modal - Office Columbia, MD. Sponsorship AvailableWork You'll DoAs a member of our team, you will be responsible for planning and delivering in depth security assessments across a variety of products and services. Your next project could be anything from static and dynamic analysis of a multi-node Java infrastructure, to writing a fuzzer for an undocumented network protocol or the grammar of a new programming language, to analysis and reverse engineering of firmware used in the thousands of servers supporting our cloud services. Few other responsibilities include as belowScope and execute security assessments across a broad range of on premise software, cloud services and infrastructurePerform in-depth security assessments using results from static and dynamic analysisPerform in-depth security assessments leveraging results from other assessments such as static, dynamic, pen testing, red team operations, bug bounty, responsible disclosure and etc.Create testing tools to help engineering teams identify security-related weaknessesCollaborate with engineering teams to help them triage and fix security issuesKeep yourself abreast of new TTPs (Tactics, Techniques & Procedures) of the attackers, mimic them in your security assessments and/or quickly react to new threat scenarios to provide continuous security assuranceMentor junior members of the team in software security as a role modelWhat You'll BringBachelor's or Master's degree in Computer Science or related field (eg Electrical Engineering)6+ years industry experience with 5+ years in IT security in one or more of the following areas: software/product security assessments, penetration testing, red teaming, web application assessmentsAptitude for self-study, setting and achieving long term goals (for example, learning an unfamiliar programming language)Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staffExcellent organizational, presentation, verbal, and written communication skillsThis role does not require access to a cleared work environment. Security clearances are not required, and active clearances cannot be sponsored.Nice to HaveExperience working in a large cloud or Internet software companyProficiency with one or more programming languages, preferably Go, Java, Python or C/C++Ability to perform manual source code reviews in one of the aforementioned languages, or assisted review with code analysis tools such as CodeQLExperience navigating and working with extremely large codebases is also highly desirableExperience using common security assessment tools and techniques in one or more the following categories:Proficiency in performing mobile application assessment (iOS / Android)Reverse Engineering (eg IDA Pro/Ghidra/Radare2) and debugging codebase with the objective to find security gaps/vulnerabilitiesProficiency in Fuzzing (eg Jazzer/AFL/Peach) techniques to inject invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities.Proficiency in advanced Mobile, API, Infrastructure, Web Application penetration testing to find vulnerabilities such as insecure Java/PHP/PHAR deserialization, XXE, HTTP desynchronization, cryptography weaknesses (exploiting ECB Shuffling, CBC Bit Flipping and etc.), Mass assignments, template injections, HTTP/2 and HTTP/3 protocol issues and etc.What We'll Give YouA team of very skilled and diverse personnel across the globeAbility to work in a flexible work from home arrangementExposure to mind blowing large-scale cutting-edge systemsThe resources of a large, global operation while still having the small, start-up feel of a smaller team day to dayDevelop new skills and competencies working with our vast cloud product offeringsOngoing extensive training and skills development to further your career aspirationsIncredible benefits and company perksAn organization filled with smart, enthusiastic, and motivated colleaguesThe opportunity to impact and improve our systems and delight our customers.Range and benefit information provided in this posting are specific to the stated location(s)New York City Pay Range: from $101,300 to $182,400 per annum; eligible for bonus and equity.Colorado Pay Range: from $90,600 to $172,800 per annum; eligible for bonus and equity.Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience and market conditions, as well as reflect Oracle's differing products, industries and lines of business.Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.Oracle offers a comprehensive benefits package which includes the following:1. Medical, dental, and vision insurance, including expert medical opinion2. Short term disability and long term disability3. Life insurance and AD&D4. Supplemental life insurance (Employee/Spouse/Child)5. Health care and dependent care Flexible Spending Accounts6. Pre-tax commuter and parking benefits7. 401(k) Savings and Investment Plan with company match8. Flexible paid time off (unlimited or accrued vacation and sick leave)9. Paid parental leave10. Employee Stock Purchase Plan11. Adoption assistance12. Financial planning and group legal13. Voluntary benefits including auto, homeowner and pet insuranceAbout UsAs a world leader in cloud solutions, Oracle uses tomorrow's technology to tackle today's problems. True innovation starts with diverse perspectives and various abilities and backgrounds.When everyone's voice is heard, we're inspired to go beyond what's been done before. It's why we're committed to expanding our inclusive workforce that promotes diverse insights and perspectives.We've partnered with industry-leaders in almost every sector-and continue to thrive after 40+ years of change by operating with integrity.Oracle careers open the door to global opportunities where work-life balance flourishes. We offer a highly competitive suite of employee benefits designed on the principles of parity and consistency. We put our people first with flexible medical, life insurance and retirement options. We also encourage employees to give back to their communities through our volunteer programs.We're committed to including people with disabilities at all stages of the employment process. If you would like accessibility assistance or accommodation for a disability at any point, let us know at +1.888.404.2494, Option 1.Disclaimer:Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.Oracle is an Equal Employment Opportunity Employer*. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.* Which includes being a United States Affirmative Action Employer