Principal Security Researcher
Oracle
- North Ryde, NSW
- Permanent
- Full-time
- Scope and execute security assessments and vulnerability research
- Perform in-depth security assessments using results from static and dynamic analysis
- Create testing tools to help engineering teams identify security-related weaknesses
- Keep yourself abreast of new TTPs (Tactics, Techniques & Procedures) of the attackers, mimic them in your technical security risk assessments and/or quickly react to new threat scenarios to provide continuous security assurance
- Collaborate with engineering teams to help them triage and fix security issues
- Mentor junior members of the team in software security as a role model
- Bachelor's or Master's degree in Computer Science or related field (e.g. Electrical Engineering)
- 10+ years industry experience with 5+ years in IT security in one or more of the following areas: software/product security assessments, penetration testing, red teaming, web application assessments
- Interest in vulnerability research and exploit development
- Aptitude for self-study, setting and achieving long term goals (for example, learning an unfamiliar programming language)
- Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
- Excellent presentation, verbal, and written communication skills
- This role does not require access to a cleared work environment. Security clearances are not required, and active clearances cannot be sponsored.
- Eligibility to work in Australia without sponsorship
- Flexibility to work in Hybrid model (50%) from our North Ryde office.
- Experience working in a large cloud or Internet software company
- Proficiency with one or more programming languages, preferably Go, Java, Python or C/C++
- Ability to perform manual source code reviews in one of the aforementioned languages, or assisted review with code analysis tools
- Hands-on experience in one or more of the following with an interest in doing full time research: cybersecurity consulting, security engineering, vulnerability management, risk assessments, bug bounty hunting, malware analysis, forensics
- OSCP, OSWE certification, or interest in achieving certification
- Experience navigating and working with extremely large codebases is also highly desirable
- Experience using common security assessment tools and techniques in one or more the following categories: Mobile Application Assessment (iOS / Android), Reverse Engineering (e.g. IDA Pro/Ghidra/Radare2), Fuzzing (e.g. Jazzer/AFL/Peach), Web Application assessment (e.g. Burp Suite Proxy, ZAP, REST API testing)
- Proficiency in manual penetration testing in at least TWO or more of the following areas - Mobile, API, Infrastructure, OS, Web Application
- Knowledge of common vulnerabilities in different types of software and programming languages, including: How to test for/exploit them, Real world mitigations that can be applied
- Familiarity with vulnerability classification frameworks (e.g. OWASP Top 10, CVSS, MITRE CVE
- Ability to threat model systems/applications/platforms to assess design and find flaws that can be exploited
- A team of very skilled and diverse personnel across the globe
- Ability to work in a hybrid work environment
- Exposure to mind blowing large-scale cutting-edge systems
- The resources of a large, global operation while still having the small, start-up feel of a smaller team day to day
- Develop new skills and competencies working with our vast cloud product offerings
- Ongoing extensive training and skills development support to further your career aspirations
- Incredible benefits and company perks
- An organization filled with smart, enthusiastic, and motivated colleagues
- The opportunity to impact and improve our systems and delight our customers
- Which includes being a United States Affirmative Action Employer