- Scope and execute security assessments across a broad range of on-premise and cloud services; develop proof-of-concept code or end-to-end exploits for bugs you've identified.
- Create testing tools to help engineering teams identify weaknesses in their own code.
- Collaborate with engineering teams to help them triage and fix security issues, identifying systemic security weaknesses to create secure coding guidance that will educate all engineering teams within Oracle.
- Produce documentation, presentations and supporting material to deliver your findings to senior figures within the development organisation and your own management chain.
- 5+ years industry experience in a software/product assessment or penetration testing role.
- Proficiency reviewing code written in a variety of programming languages, including at least one of C, C++, Java or JavaScript.
- Extensive experience of vulnerability research and exploit development on Linux or Windows.
- Experience using common software security assessment tools in the following categories:
- Reverse Engineering (e.g. IDA Pro/Ghidra/Radare2)
- Network protocol analysis (e.g. Wireshark/tcpdump)
- Debugging (e.g. gdb, WinDbg, Intel Pin)
- Static code analysis (e.g. Fortify SCA, Coverity, SonarQube)
- Fuzzers and instrumentation (e.g. Jazzer /AFL/Boofuzz/AddressSanitizer)
- Web Application assessment (e.g. BurpSuite )
- Experience of creating new tools and scripts for novel assessment targets and vulnerability classes
- Experience with threat modelling and architecture analysis of complex applications.
- Extensive knowledge of common vulnerabilities in different types of software and programming languages, including:
- How to test for and exploit them
- Real world mitigations that can be applied
- Familiarity with vulnerability classification frameworks (e.g. OWASP Top 10)
- Bachelor's or Master's degree in Computer Science or related field (e.g. Electrical Engineering)
- Experience working in a large cloud or Internet software company
- Aptitude for self-study, setting and achieving long term goals (for example, learning an unfamiliar programming language)
- Ability to effectively assess and communicate risks and appropriate levels of urgency to management and engineering staff
- Excellent organizational, presentation, verbal and written communication skills
-
Security Researcher
3 weeks ago
Microsoft London, United KingdomSecurity represents the most critical priorities for our customers in a world awash in digital threats, regulatory scrutiny, and estate complexity. Microsoft Security aspires to make the world a safer place for all. We want to reshape security and empower every user, customer, an ...
-
Security Researcher
2 weeks ago
Vectra London, United KingdomVectra is the leader in AI-driven threat detection and response for hybrid and multi-cloud enterprises. · **Security Researcher** · **Position Overview** · Vectra AI's Security Research Team represents the core security knowledge and research capability within the company - taske ...
-
Cyber Security Researcher
3 weeks ago
Department for Science, Innovation & Technology London, United Kingdom**Details**: · **Reference number**: · **Salary**: · - £65,000 - £135,000- Base salary of between £35,720 (L3) - £68,770 (L6) which is supplemented with an allowance between £29,280 to £66,230**Job grade**: · - Other- L3, L4, L5, L6**Contract type**: · - Fixed term · - Secondment ...
-
Security Investigate Researcher
3 weeks ago
Chelsea Football Club London, United Kingdom**Job Title - Security Investigative Researcher** · **Location - Stamford Bridge** · **Permanent Role** · **Hours - 40 hours per week (5 of 7 days)** · **About Us**: · As a member of the Chelsea team you will become part of a long and proud history in the heart of iconic west Lon ...
-
Senior Security Researcher
2 weeks ago
Zscaler London, United KingdomCompany Description · With more than 10 years of experience developing, operating, and scaling the cloud, Zscaler serves thousands of enterprise customers around the world, including 450 of the Forbes Global 2000 organizations. In addition to protecting customers from damaging th ...
-
Senior Cyber Security Researcher
4 weeks ago
Recorded Future London, United KingdomWith 1,000 employees, over $250M in sales, 1,500+ clients, and rapid year-over-year growth, Recorded Future is the world's most advanced, and largest, intelligence company · **Senior Cyber Security Researcher/Reverse Engineer, Reverse Engineering Team**: · Reverse Engineering Tea ...
-
Ai Cyber Security Researcher
1 week ago
Park Lane Recruitment Ltd London, United Kingdom* Onsite Working · - Israel · - Cyber Security · Senior Researcher - AI Cyber Security · - Research of Europe · - Israel · - Office based working · Are you someone who enjoys using your research mindset to explore and innovate? · - Do you want to shape your world and change the w ...
-
Social Researcher: Cyber Security Skills
3 weeks ago
Department for Digital, Culture, Media and Sport London, United Kingdom**Details**: · **Reference number**: · **Salary**: · - £31,884 - £39,587- London £35,038 - £39,587 //National £31,884 - £36,024. Plus, £4,000 for specialist/ analysts allowance applicable to both pay scales.**Job grade**: · - Higher Executive Officer · - Senior Executive Officer- ...
-
Cyber Security Researcher
3 weeks ago
UK Civil Service London, United KingdomJob summary · About the AI Safety Institute� · The AI Safety Institute is the first state-backed organisation focused on advancing AI safety for the public interest. We launched at the Bletchley Park AI Safety Summit in 2023 because we believe taking responsible action on this ex ...
-
Staff Connectivity Security Researcher, Pixel
2 weeks ago
Google London, United Kingdom**Minimum qualifications**: · - Bachelor's degree in Computer Science, Cybersecurity, a related technical field, or equivalent practical experience.- Experience working in baseband security and related protocols, including device security, system software security, or telecommuni ...
-
Ai Cyber Security Researcher Uk
1 week ago
Park Lane Recruitment Ltd London, United Kingdom* Senior Researcher · - Hayes, UK · - Onsite Working · Senior Researcher · - AI Cyber Security · - Research of Europe · - Hayes, UK · Are you someone who enjoys using your research mindset to explore and innovate? · Do you want to shape your world and change the way it works? · D ...
-
Ai Cyber Security Researcher Uk
1 week ago
Park Lane Recruitment Ltd London, United Kingdom**Senior Researcher**: · - **Hayes, UK**: · - **Onsite Working** · **Senior Researcher · - AI Cyber Security** · - Research of Europe · - Hayes, UK · - Are you someone who enjoys using your research mindset to explore and innovate? _ · - Do you want to shape your world and change ...
-
Intern, Cyber Security Researcher 5000 Base in
4 weeks ago
eFinancialCareers London, United KingdomRef. Number: IN23013 · Department: Information Technology Department · **Job Type**: Internship · Posting Date: January 19, 2023 · Closing Date: February 10, 2023 · Location: Beijing/Virtual · Duration: 3 months · Start Date: May or June, 2023 · **Intern, Cyber Security Research* ...
-
Security Intelligence Researcher
3 weeks ago
SSR General & Management London, United KingdomSecurity Intelligence Researcher · Location flexible within Europe · This is an exciting opportunity to join this successful Global industry leader. Due to the success of their products, our client is looking for a passionate and dedicated Security Intelligence Researcher / Ana ...
-
Principal Security Researcher
3 weeks ago
Oracle London, United KingdomSenior Principal Security Researcher – UK, remote · Global Product Security's Ethical Hacking Team (EHT) · is seeking experienced, passionate and talented security researchers who relish the challenge of assessing large, complex software products. As a member of the EHT you will ...
-
Privacy and security researcher
1 week ago
Zendata United KingdomCompany Description · Zendata is a full stack cloud data security platform that specializes in helping CISOs, DevOps, and Compliance teams embed privacy and security controls and protocols across their assets and SDLC. With a focus on data risk management and privacy compliance, ...
-
Privacy and security researcher
1 week ago
Zendata London, United KingdomCompany DescriptionnZendata is a full stack cloud data security platform that specializes in helping CISOs, DevOps, and Compliance teams embed privacy and security controls and protocols across their assets and SDLC. With a focus on data risk management and privacy compliance, Ze ...
-
Senior Security Researcher
1 week ago
Oracle United KingdomWith hundreds of products spanning many different vertical markets, your next project could be anything from static and dynamic analysis of a multi-node Java infrastructure, to writing a fuzzer for an undocumented network protocol or the grammar of a new programming language, to ...
-
Senior Security Researcher
2 weeks ago
Oracle United KingdomWith hundreds of products spanning many different vertical markets, your next project could be anything from static and dynamic analysis of a multi-node Java infrastructure, to writing a fuzzer for an undocumented network protocol or the grammar of a new programming language, to ...
-
Lead Security Researcher
2 weeks ago
HMGCC United Kingdom £61,204 - £65,784Lead Security Researcher - Systems Specialist£61,204 - £65,784Milton Keynes, EnglandJob description Opportunity to apply for additional skills allowance up to £3,500 after 12 monthsFull-time, part-time and flexible working patterns available (minimum coverage 3 days per week)Secu ...
Principal Security Researcher - united kingdom, United Kingdom - Oracle
![Default job background](https://contents.bebee.com/public/img/bg-user-ex-1.jpg)
Description
Senior Principal Security Researcher – UK, remote
Global Product Security's Ethical Hacking Team (EHT) is seeking experienced, passionate and talented security researchers who relish the challenge of assessing large, complex software products. As a member of the EHT you will be responsible for planning and delivering in-depth security assessments across Oracle's entire product and service portfolio.
With hundreds of products spanning many different vertical markets, your next project could be anything from static and dynamic analysis of a multi-node Java infrastructure, to writing a fuzzer for an undocumented network protocol or the grammar of a new programming language, to analysis and reverse engineering of firmware used in the thousands of servers supporting our cloud services. Creativity is highly valued; being able to find novel bugs and stitch them together to create something greater than the sum of their parts is essential in this role.
This is not your run-of-the-mill pentesting gig where you grind out web application assessments week in week out. The EHT is a dedicated security research group who invest the same amount of time and effort into breaking a product as you would expect from a state-sponsored APT.
Unlike an APT team, however, we're not only invested in finding bugs but also making sure they are fixed correctly and don't happen again. We don't just need people who can find CVSS 10s, we need people who can use their skills and share their expertise to effect meaningful change across the company.
A successful candidate must have genuine excitement for and interest in security, as well as the desire to share knowledge and help others learn. Your work will benefit thousands of Oracle engineers worldwide and shape the future of product security within one of the largest software companies in the world.
Role's core responsibilities:
Target profile and skillset:
Desirable Skills/Qualifications
Required Soft Skills