Offensive Security Engineer

Location: Bristol, UK Requirement: * SC clearance required Job Description: The Oracle Cloud Infrastructure (OCI) team can provide you the opportunity to build and operate a suite of massive scale, integrated cloud services in a broadly distributed, multi-tenant cloud environment. OCI is committed to providing the best in cloud products that meet the needs of our customers who are tackling some of the world's biggest challenges. We offer unique opportunities for smart, hands-on engineers with the expertise and passion to solve difficult problems in distributed highly available services and virtualized infrastructure. At every level, our engineers have a significant technical and business impact designing and building innovative new systems to power our customer's business critical applications. We're looking for hands-on cloud hackers with expertise and passion in identifying and exploiting complex security problems in distributed, multi-tenant services and infrastructure. Oracle Cloud Infrastructure (OCI) provides Infrastructure-as-a-Service. We operate distributed systems at a high scale, worldwide. These are the foundation of our cloud environment. Our customers run their businesses on our cloud, and our mission is to provide them with a best-in-class and ever-expanding set of cloud-based services. Within OCI, the Offensive Security group conducts penetration tests, hardware security research, and operates our red team. We ensure the security of software and hardware that run our cloud infrastructure, and strive to continuously improve our security stance. The OCI Offensive Security group works as a team. We don't try to fit people into predefined roles. We bring together the right people who can enhance the capability of the team, and build roles around the person's skills and interests. These are exciting times in our space. We are growing fast, still at an early stage and working on ambitious new initiatives. A security-focused engineer at any level can have significant technical and business impact. Come shape the future of one of the largest clouds on earth with us. Overall, OCI Offensive Security team performs a variety of work ranging from penetration testing, fuzzing, red-teaming and tool development. To get you excited, here is a list of some of the projects over the last year this team has worked on: Big iron - ExaLogic, ExaData, UltraSPARC, InfiniBand Firmware reverse engineering of various hardware components Developing custom fuzzing platforms for code-coverage analysis Several different hypervisors Linux and Windows kernel mode non-sense The list goes on and on! Responsibilities Some of our people have qualifications like the ones listed below. Our ideal candidate is passionate about security and furthering their knowledge every day. You enjoy diving into complex source code audits to reveal subtle security vulnerabilities, writing new tools such as fuzzers in languages such as C/C , Python, Ruby, Go or Java, tearing apart an undocumented file format or network protocol and coming up with novel techniques to solve unique and interesting security problems. We hope you like working at scale as much as we do much as we do, because Oracle has no shortage of it. Bachelor's or Master's degree in Computer Science or related field or equivalent experience 3 years of experience in vulnerability discovery / security engineering / application security Emergent threat testing Experience working in a large cloud or software company Strong application/product/software security background Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff Excellent organizational, verbal and written communication skills Ability to succeed through collaboration and working through internal and external organizations and individuals Prior DevOps or continuous delivery and deployment experience Some of our senior people have qualifications like these: Master's degree in Computer Science or related field or equivalent experience 7 years of experience in vulnerability discovery / security engineering / Application Security Demonstrated history of vulnerability discovery (CVEs, etc.) Extensive research or experience with multiple classes of security bugs Conducting training / thought leadership / conference talks / publications Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc. As a member of the software engineering division, you will assist in defining and developing software for tasks associated with the developing, debugging or designing of software applications or operating systems. Provide technical leadership to other software developers. Specify, design and implement modest changes to existing software architecture to meet changing needs. Duties and tasks are varied and ...