Offensive Security Engineer, 3
Oracle
- București
- Permanent
- Full-time
- Big iron - ExaLogic, ExaData, UltraSPARC, InfiniBand
- Firmware reverse engineering of various hardware components
- Developing custom fuzzing platforms for code-coverage analysis
- Several different hypervisors
- Linux and Windows kernel mode non-sense
- The list goes on and on!
- You enjoy diving into complex source code audits to reveal subtle security vulnerabilities
- Writing new tools such as fuzzers in languages such as C/C++, Python, Ruby, Go or Java,
- Tearing apart an undocumented file format or network protocol
- Coming up with novel techniques to solve unique and interesting security problems
- Review new services, including their integration points with existing services
- Guide security projects beyond the scope of performing assessment work
- Identify and disclose vulnerabilities to 3rd party vendors
- Design complex systems and services that improve quantity or quality of offensive security output
- You'll reviews new features of moderate complexity in existing systems, identifying areas of new risk created; work with service teams to explore and recommend mitigations; and collaborate across service teams and security stakeholders
- Established history of reporting CVEs
- Bachelor's degree in computer science, related field or equivalent work experience
- Intermediate to advanced experience with virtualization and containerization technologies
- Evidence of participation in the security community via contribution to open source projects, tool development, blog writing, or responsibly disclosed vulnerabilities
- Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
- Ability to succeed via collaboration and working between internal and external organizations and individuals
- Excellent organizational, verbal and written communication skills
- Intermediate knowledge of Linux OS Internals
- Functional knowledge of one programming language and ability to read one high-level programming language such as Java
- Previous role as Security Operations Center (SOC) Analyst, Vulnerability Management, DevOps, CICD
- Undergraduate or Graduate degree in Electrical Engineering, Computer Science, or another related field or equivalent work experience.
- Hands-on experience developing services on a public cloud platform (e.g., AWS, Azure, Oracle)
- Building continuous integration/deployment pipelines with robust testing and deployment schedules
- Experience working with internal customers and translating requests into prioritized work or features
- Expertise in applying risk identification techniques to develop security solutions
- Experience and understanding of Cryptographic algorithms, standards, implementation and application
- Experience and understanding of threat modeling, penetration testing, reverse engineering and attacks on software
- Experience working with large enterprise customers
- CREST certification
- Which includes being a United States Affirmative Action Employer