Principal Security Researcher
3 weeks ago
Senior Principal Security Researcher – UK, remote
Global Product Security’s Ethical Hacking Team (EHT) is seeking experienced, passionate and talented security researchers who relish the challenge of assessing large, complex software products. As a member of the EHT you will be responsible for planning and delivering in-depth security assessments across Oracle’s entire product and service portfolio.
With hundreds of products spanning many different vertical markets, your next project could be anything from static and dynamic analysis of a multi-node Java infrastructure, to writing a fuzzer for an undocumented network protocol or the grammar of a new programming language, to analysis and reverse engineering of firmware used in the thousands of servers supporting our cloud services. Creativity is highly valued; being able to find novel bugs and stitch them together to create something greater than the sum of their parts is essential in this role.
This is not your run-of-the-mill pentesting gig where you grind out web application assessments week in week out. The EHT is a dedicated security research group who invest the same amount of time and effort into breaking a product as you would expect from a state-sponsored APT.
Unlike an APT team, however, we’re not only invested in finding bugs but also making sure they are fixed correctly and don’t happen again. We don’t just need people who can find CVSS 10s, we need people who can use their skills and share their expertise to effect meaningful change across the company.
A successful candidate must have genuine excitement for and interest in security, as well as the desire to share knowledge and help others learn. Your work will benefit thousands of Oracle engineers worldwide and shape the future of product security within one of the largest software companies in the world.
Role’s core responsibilities:
- Scope and execute security assessments across a broad range of on-premise and cloud services; develop proof-of-concept code or end-to-end exploits for bugs you’ve identified.
- Create testing tools to help engineering teams identify weaknesses in their own code.
- Collaborate with engineering teams to help them triage and fix security issues, identifying systemic security weaknesses to create secure coding guidance that will educate all engineering teams within Oracle.
- Produce documentation, presentations and supporting material to deliver your findings to senior figures within the development organisation and your own management chain.
Target profile and skillset:
- 5+ years industry experience in a software/product assessment or penetration testing role.
- Proficiency reviewing code written in a variety of programming languages, including at least one of C, C++, Java or JavaScript.
- Extensive experience of vulnerability research and exploit development on Linux or Windows.
- Experience using common software security assessment tools in the following categories:
- Reverse Engineering (e.g. IDA Pro/Ghidra/Radare2)
- Network protocol analysis (e.g. Wireshark/tcpdump)
- Debugging (e.g. gdb, WinDbg, Intel Pin)
- Static code analysis (e.g. Fortify SCA, Coverity, SonarQube)
- Fuzzers and instrumentation (e.g. Jazzer /AFL/Boofuzz/AddressSanitizer)
- Web Application assessment (e.g. BurpSuite )
- Experience of creating new tools and scripts for novel assessment targets and vulnerability classes
- Experience with threat modelling and architecture analysis of complex applications.
- Extensive knowledge of common vulnerabilities in different types of software and programming languages, including:
- How to test for and exploit them
- Real world mitigations that can be applied
- Familiarity with vulnerability classification frameworks (e.g. OWASP Top 10)
Desirable Skills/Qualifications
- Bachelor’s or Master’s degree in Computer Science or related field (e.g. Electrical Engineering)
- Experience working in a large cloud or Internet software company
Required Soft Skills
- Aptitude for self-study, setting and achieving long term goals (for example, learning an unfamiliar programming language)
- Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
- Excellent organizational, presentation, verbal and written communication skills
-
Principal Security Researcher | Engineer
1 month ago
United Kingdom Reqiva Full timeThis is a unique position for a Principal Security Engineer | Researcher to join a global, SME and fintech platform business looking to innovate and continue to transform their approach to Security. This could suit someone who is a Principal Security Researcher | Engineer within a platform environment, however, not limited to this. Their core software...
-
Principal Security Researcher
1 week ago
united kingdom Oracle Full timeSenior Principal Security Researcher – UK, remote Global Product Security’s Ethical Hacking Team (EHT) is seeking experienced, passionate and talented security researchers who relish the challenge of assessing large, complex software products. As a member of the EHT you will be responsible for planning and delivering in-depth security assessments across...
-
Principal Security Researcher
3 weeks ago
United Kingdom Oracle Full timeSenior Principal Security Researcher – UK, remote Global Product Security’s Ethical Hacking Team (EHT) is seeking experienced, passionate and talented security researchers who relish the challenge of assessing large, complex software products. As a member of the EHT you will be responsible for planning and delivering in-depth security assessments...
-
Principal Security Researcher
3 weeks ago
United Kingdom Oracle Full timeSenior Principal Security Researcher – UK, remote Global Product Security’s Ethical Hacking Team (EHT) is seeking experienced, passionate and talented security researchers who relish the challenge of assessing large, complex software products. As a member of the EHT you will be responsible for planning and delivering in-depth security assessments across...
-
Principal Security Researcher
3 weeks ago
United Kingdom Oracle Full timeSenior Principal Security Researcher – UK, remote Global Product Security’s Ethical Hacking Team (EHT) is seeking experienced, passionate and talented security researchers who relish the challenge of assessing large, complex software products. As a member of the EHT you will be responsible for planning and delivering in-depth security assessments...
-
Principal Security Researcher
3 weeks ago
United Kingdom Oracle Full timeSenior Principal Security Researcher – UK, remote Global Product Security’s Ethical Hacking Team (EHT) is seeking experienced, passionate and talented security researchers who relish the challenge of assessing large, complex software products. As a member of the EHT you will be responsible for planning and delivering in-depth security assessments across...
-
Principal Clinical Research Scientist
2 weeks ago
United Kingdom Advance Africa Ltd Full timeKEMRI Principal Clinical Research Scientist Jobs in Kenya KEMRI Principal Clinical Research Scientist Jobs in Kenya KEMRI Principal Clinical Research Scientist Jobs in Kenya KEMRI Principal Clinical Research Scientist Jobs in Kenya The officer will be based at the Malaria Division of KEMRI’s Centre for Global Health Research in Kisumu, western...
-
Privacy and security researcher
28 minutes ago
United Kingdom Zendata Full timeCompany Description Zendata is a full stack cloud data security platform that specializes in helping CISOs, DevOps, and Compliance teams embed privacy and security controls and protocols across their assets and SDLC. With a focus on data risk management and privacy compliance, Zendata's solutions utilize machine learning and natural language processing...
-
Trainee Cover Supervisor
7 days ago
United Kingdom Principal Resourcing Full timeHave you contemplated a future in teaching or a career in the classroom but think you may not have the necessary experience or qualifications? Working with children in any setting? Have experience in coaching, instructing, or training? Secure your place on our free, comprehensive training course and work in our partnership schools and academies...
-
Trainee Cover Supervisor
1 week ago
United Kingdom Principal Resourcing Full timeHave you contemplated a future in teaching or a career in the classroom but think you may not have the necessary experience or qualifications? Working with children in any setting? Have experience in coaching, instructing, or training? Secure your place on our free, comprehensive training course and work in our partnership schools and academies...
-
Principal Security Platform Engineer
3 weeks ago
United Kingdom InfoSec People Ltd Full timeJob Post: Principal Security Architect Location: London, Hybrid (1 day per week) Type: Full-Time Our client, a highly respected and well-established household name, is seeking an experienced Principal Security Architect to join their dynamic team. This is an excellent opportunity to make a significant impact on the security posture of a leading...
-
Senior Security Researcher
1 month ago
United Kingdom Endeavour Recruitment Solutions Full timeSector: Security Engineers / Consultants Job Type: Contract Technologies: STATISTICS Python Ruby security DATA Endeavour Recruitment has a unique opportunity for an expert in the field of Research, Software Development and Security for a large Media company based in Brussels. Candidates should have a Ph.D. or MSc. in Computer Science, Statistics,...
-
Trainee Classroom Supervisor
7 days ago
United Kingdom Principal Resourcing Full timeWondering what path to take work wise…fancy a change of direction or want to get on a real career path? Have you contemplated a future in teaching or a career in the classroom but think you may not have the necessary experience or qualifications? Think again… Principal Resourcing’s pioneering and established Get Into the Classroom programme provides...
-
Trainee Classroom Supervisor
1 week ago
United Kingdom Principal Resourcing Full timeWondering what path to take work wise…fancy a change of direction or want to get on a real career path? Have you contemplated a future in teaching or a career in the classroom but think you may not have the necessary experience or qualifications? Think again… Principal Resourcing’s pioneering and established Get Into the Classroom programme provides...
-
Principal Security Analyst
1 day ago
United Kingdom Cyderes Full timeCyderes (Cyber Defense and Response) is a pure-play, full life-cycle cybersecurity services provider with award-winning managed security services, identity and access management, and professional services designed to manage the cybersecurity risks of enterprise clients. We specialize in multi-technology, complex environments with the in speed and agility...
-
Principal Scientist
4 days ago
United Kingdom Kromek Group plc Full timeWe are seeking a highly skilled and experienced Principal Scientist to lead our research and development efforts in Biotechnology. The Principal Scientist will be responsible for designing and executing research projects, analysing data, and providing scientific expertise and leadership to the research team We are seeking a highly skilled and experienced...
-
Principal Scientist
1 week ago
United Kingdom Kromek Group plc Full timeWe are seeking a highly skilled and experienced Principal Scientist to lead our research and development efforts in Biotechnology. The Principal Scientist will be responsible for designing and executing research projects, analysing data, and providing scientific expertise and leadership to the research team We are seeking a highly skilled and experienced...
-
Principal Scientist
1 month ago
United Kingdom Kromek Group plc Full timeWe are seeking a highly skilled and experienced Principal Scientist to lead our research and development efforts in Biotechnology. The Principal Scientist will be responsible for designing and executing research projects, analysing data, and providing scientific expertise and leadership to the research team We are seeking a highly skilled and experienced...
-
Principal Cloud Security Engineer
2 months ago
United Kingdom Deriv.com Full timeSenior/Principal Cloud Security Engineer Reading, United Kingdom | Posted on 18/12/2023 As a highly skilled Senior/Principal Cloud Security Engineer , you will join our dedicated and expanding Security team. Your mission for the role is clear: to safeguard Deriv, its products, and its customers by applying extensive technical expertise and leadership...
-
Principal Cloud Security Engineer
4 hours ago
United Kingdom Deriv.com Full timeSenior/Principal Cloud Security Engineer Reading, United Kingdom | Posted on 18/12/2023 As a highly skilled Senior/Principal Cloud Security Engineer , you will join our dedicated and expanding Security team. Your mission for the role is clear: to safeguard Deriv, its products, and its customers by applying extensive technical expertise and leadership...