Penetration Tester – Offensive Security / Ethical Hacking (Remote/Telecommute)

Oracle


Job Brief

We have a vacancy of Penetration Tester – Offensive Security / Ethical Hacking (Remote/Telecommute) in our company, Oracle. This vacancy is based in United States. Please go through the job detail mentioned below.

Position Title: Penetration Tester – Offensive Security / Ethical Hacking (Remote/Telecommute)
Company: Oracle
Work Type: Full Time
City of work: United States
Salary: $105,000 – $209,000 a year
URL Expiry: 2022-10-05
Posted on: jobsintelecom.net

Job Detail

Performs penetration testing and attack simulations on business critical infrastructure including internal servers, networks and applications to identify and resolve security flaws.

Performs penetration testing and attack simulations for business critical infrastructure including internal servers, networks and applications to identify and resolve security flaws. also lead and supervise others competing these tasks.

Self-scoping assessments.

Researches and experiments with various methods attackers could use to exploit information security vulnerabilities.

Develops standard methodologies and techniques for conducting penetration testing, including developing standard tool-sets and automating testing.

Oversees and directs security testing activities within specific Oracle Lines of Businesses.

Completes threat assessment reports that outline penetration test findings and presents findings to management.

Verifies and automates exploits by developing scripts for colleagues to utilize.

Minimum 8 years combined experience from at least three of the following: security testing, systems development, systems administration, network administration, scripting, and security testing automation required.

Preferred but not required qualifications include:

BS or MS in Computer Science, Computer Security or Computer Engineering.

Holds relevant industry certifications such as OSCP/ CREST CRT, CREST CCT Inf/App, OSCE, CISSP, GSEC, GPEN, GCFW, GWAPT, GAWN or equivalent.

Has Common Vulnerabilities and Exposures (CVEs).

Has contributed to an open source project.

Range and benefit information provided in this posting are Colorado-specific.

Colorado Pay Range: from $105,000 to $209,000 per annum eligible for bonus and equity.

Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience and market conditions, as well as reflect Oracle’s differing products, industries and lines of business.

Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.

Oracle offers a comprehensive benefits package which includes the following:

1. Medical, dental, and vision insurance, including expert medical opinion

2. Short term disability and long term disability

3. Life insurance and AD&D

4. Supplemental life insurance (Employee/Spouse/Child)

5. Health care and dependent care Flexible Spending Accounts

6. Pre-tax commuter and parking benefits

7. 401(k) Savings and Investment Plan with company match

8. Flexible paid time off (unlimited or accrued vacation and sick leave)

9. Paid parental leave

10. Employee Stock Purchase Plan

11. Adoption assistance

12. Financial planning and group legal

13. Voluntary benefits including auto, homeowner and pet insurance

ACS Security Services mission is to increase Oracle’s value potential in the security services market by providing a managed security and compliance center of excellence that draws together the existing Oracle Tooling, Cloud Services and Oracle Professional Services to build a holistic thoughtful Security and Compliance Offering tailored to the customers’ needs in the Hybrid cloud environment. We manage security across a vast array of customer environments- small business, global enterprise, government, and everything in between.

We are looking for experienced pentesters with the enthusiasm and maturity to develop themselves further and join us in pushing our global team’s capabilities to a new level. A track record of self-education and an ability to adapt comfortably to change is necessary, and we’ll do our part by providing regular formal training to keep your skills and certifications up to date.

Sharing knowledge and working eagerly with a team is key to success here, and you will lead our pentesting platforms, tooling and evolving comprehensive methodologies. This is an exciting chance to bring your skills to a global Cloud program!

A Glimpse At Our Toolkit:

Information Gathering & Scanning Phase: we use a variety of tools including: Nmap, Socat, Burpsuite Pro, Nessus, Qualys, WebInspect, Paros, CryTool, HTTPLiveHeaders, sqlmap and others to map assets and services in the larger environment.

Penetration Testing Phase: You’ll devise and execute the pen test attack plan using human engineered, multiple exploits (Eg. missing patches and service mis-configurations, recognized attack vectors, etc). Tools we use include: Webscarab Proxy, Meduca, Hydra, CrowBar, Metasploit, publicly available exploit code, proprietary and self-authored tools, and manual testing.

Reporting & Remediation: You’ll be responsible for concluding your findings with a report to the Security Manager. This will be leveraged with the customer and other Oracle teams for remediation recommendations.

What the Sr. Penetration Tester/Pentester/Ethical Hacker will do:

• Conduct network and server layer penetration testing against Oracle managed and non-managed Cloud customers’ Internet-facing and internal systems

• Conduct application-layer penetration testing against Oracle managed and non-managed Cloud customers’ software applications and webservices deployed globally

• Conduct rigorous penetration testing of Oracle’s latest generation Cloud Services (SaaS, PaaS, IaaS)

• Document technical issues identified during security assessments, and author formal customer-facing reports

• Follow up on implementation of corrective actions from assessments

• Research security threats and attack vectors

• Develop novel tooling and techniques to enhance the team’s platform and capabilities

• Perform special security projects on an ad-hoc basis

What we want to see in the Sr. Penetration Tester/Pentester/Ethical Hacker:

  • Established professional or military experience with Penetration testing/ethical hacking (3+ years preferred)
  • Curiosity about learning anything that has to do with discovering vulnerabilities and exploiting them
  • Professional certification: CEH, OSCP, OSCE/ OSWE or equivalent
  • Solid education in Information Security and technical aspects thereof, CISSP certification preferred
  • Hands-on experience with systems development, systems administration, or network administration, 2-5+ years ideal
  • Hands-on experience in automated and manual penetration testing (infrastructure and web app/ service), 2-5+ years ideal
  • Knowledge of Information Security standards and access controls such as ISO27001/2 and PCI DSS
  • Good interpersonal skills and diligent, able to handle concurrent assignments
  • Self-starter and self-sufficient, doesn’t need to be micro-managed

What will make you stand out:

  • Self-educated, self-starters do well in this team, where passion and individual pursuits will be complemented by training and mentorship
  • Personable, open, and collaborative approach coupled with precise independent execution skills and creativity
  • Professional or extensive hobby experience with x86/x64 assembly, Java, Python, Ruby, Lua, or Go
  • Professional experience building web applications, software, or systems engineering
  • Knowledge of container platforms including Docker and Kubernetes
  • CEH, OCSP, GPEN, GXPN, or other related certifications
  • Understanding of reverse engineering, malware, debuggers, kernel memory layout in Windows and Linux
  • Scripting/ programming experience (BASH, PowerShell, Python, C, Assembler) is an advantage

What we offer

In addition to a benefits package that includes life and disability insurance, health and dental options, GRRSP with match and an employee stock purchase plan:

  • Agile, friendly, collaborative environment backed by a strong enterprise.
  • Continuous career development: we actively encourage and celebrate internal promotions.
  • High-impact learning culture: free access to online learning platforms and regular in-house training sessions and tech talks.
  • A vast variety of volunteer opportunities through Oracle Giving
  • Diverse ERGs that provide opportunities for networking and exchange of ideas across the company.

If you are a Colorado resident, Please Contact us or Email us at [email protected] to receive compensation and benefits information for this role. Please include this Job ID: 166648 in the subject line of the email.

#LI-KT4

Direct Apply
Report job

Apply Now
To help us track our recruitment effort, please indicate in your cover/motivation letter where (jobsintelecom.net) you saw this job posting.