Penetration Tester 3

Job Description

*Performs penetration testing and attack simulations on business critical infrastructure including internal servers, networks and applications to identify and resolve security flaws.Performs penetration testing and attack simulations on business critical infrastructure including internal servers, networks and applications to identify and resolve security flaws. Experiments with various methods attackers could use to exploit information security vulnerabilities. Uses standard methodologies and techniques for conducting penetration testing, including developing standard tool-sets and automating testing. Completes security testing activities. Completes threat assessment reports that outline penetration test findings and presents findings to management. Verifies potential targets for exploit.Minimum 5 years combined experience from at least three of the following: security testing, systems development, systems administration, network administration, scripting, and security testing automation required. Preferred but not required qualifications include: BS or MS in Computer Science, Computer Security or Computer Engineering. Holds relevant industry certifications such as OSCP/ CREST CRT, CREST CCT Inf/App, OSCE, CISSP, GSEC, GPEN, GCFW, GWAPT, GAWN or equivalent. Has Common Vulnerabilities and Exposures (CVEs). Has contributed to an open source project.Oracle is an Affirmative Action-Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans status, age, or any other characteristic protected by law., *This role is within Oracle SaaS Cloud Security. This team is responsible for ensuring the protection of Oracle s SaaS applications. Oracle SaaS a.k.a. Oracle Cloud applications, built on machine learning, offer the most complete application suite with the best technology, enabling fast innovation with a modern UX and customer-first approach and one of the top strategic cloud services for Oracle. The SCS organization is responsible for securing enterprise-grade software services on behalf of our 25,000 customers, processing over 60 billion transactions per day. You will have the opportunity to work in a cloud-scale environment using the latest security technologies/tools and collaborate with the best minds in the industry, to collectively stay ahead and respond to increasing threats to cloud services. Detailed DescriptionPerforms penetration testing and attack simulations for business critical infrastructure including internal servers, networks and applications to identify and document security flaws. May also lead and supervise others completing these tasks. Researches and experiments with various methods attackers could use to exploit information security vulnerabilities. Verifies and automates exploits by developing scripts for colleagues to utilize.About you: Successful applicants will possess the knowledge necessary to conduct ethical hacking activities.

• Web applications, middle-ware, Kubernetes and Docker containers, databases, systems and networks.
• Ethical hacking activities will be focused primarily on network applications and Linux based operating systems, but will also include the entire stack that comprises the Oracle Cloud.
• Familiarity with the Linux command line and scripting languages and tools for pen testing is required. Especially Python, Bash, Burpsuite, Nessus, Metasploit, Kali and other commonly used pen testing tools.
• A background in web development and debugging is a plus, as is the ability to write scripts on an as needed basis.
• Holds relevant industry certifications such as OSCP/ CREST CRT, CREST CCT Inf/App, OSCE, CISSP, GSEC, GPEN, GCFW, GWAPT, GAWN or equivalent.
• Has knowledge of Common Vulnerabilities and Exposures (CVEs).

Minimum Qualifications 5+ years of experience with penetration testing. BS in Computer Science, or equivalent experience. Ability to work remotely in a collaborative, cross-functional team environment. In depth knowledge of security vulnerabilities including a detailed understanding of the OWASP top 10, secure design and secure coding principles. Ability to prioritize and handle concurrent assignments or projects. Excellent team player, willing to share knowledge and skills with peers and team members. Strong presentation, written and verbal communication skills. Experience in security testing tools including static analysis, web application testing, infrastructure and network testing, and manual security testing required.Preferred Qualifications Experience performing penetration testing of Enterprise software, SaaS, IaaS or PaaS cloud services, 2 years minimum preferred. Proficient in at least one of the following scripting languages: Python, PERL, Bash scripting. Strong grasp of Linux and Unix-like operating systems. Has at least two relevant certifications.Oracle is an Affirmative Action-Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, protected veterans status, age, or any other characteristic protected by law.

Keyskills :
network testingethical hackingsecurity testingweb applicationweb application testingsecure codingweb developmenttesting toolscomputer scienceopen sourcemusic makingstatic analysismachine learning