Oracle
Oracle offers a comprehensive and fully integrated stack of cloud applications and cloud platform services.
Oracle’s Software Assurance organization has the mission to make application security and software assurance, at scale, a reality. We are an inclusive and diverse team of high caliber application security researchers, distributed globally, who thrive on new challenges. We are seeking experienced, hardworking, and dedicated security researchers who have genuine excitement for and interest in security to work on a critical greenfield software assurance project collaboratively with our cloud and mobile engineering teams. You must relish the challenge of assessing large, complex software products. Creativity is highly valued; being able to find novel bugs and stitch them together to create something greater than the sum of their parts is essential in this role.
Career Level - IC4
Job Description
As a member of our team, you will conduct vulnerability research across a wide range of products. Your projects may include anything from exploiting a mobile application, to writing a fuzzer for an undocumented network protocol or a programming language interpreter's grammar, to exploiting web applications, or analyzing and reverse engineering modifications to operating systems. Additional responsibilities include:
* Conducting in-depth vulnerability research
* Scoping and executing security assessments and vulnerability research
* Developing tools to identify vulnerabilities
* Collaborating with engineering teams to triage and resolve security issues
* Mentoring team members in computer and software security, acting as a role model
What You’ll Bring (Must Have)
* A Bachelor's or Master’s degree in Computer Science, Cyber Security, or a related field, or equivalent experience from professional work or self-study
* Relevant experience in offensive security, in various forms
* Experience in vulnerability research and exploit development
* Strong knowledge of vulnerability classes such as stack and heap-based buffer overflows, object lifecycle issues (e.g., UaF, double frees), and logic errors, with practical experience in exploitation techniques
* Understanding of operating systems and assembly languages
* Familiarity with basic exploit mitigations (e.g., stack canaries, DEP, ASLR) and how to bypass them
* Ability to evaluate complex systems for security vulnerabilities
* A strong aptitude for self-study and setting long-term goals (e.g., learning a new programming language)
* Ability to assess and communicate security risks and urgency levels to management and engineering teams
* Excellent organizational, presentation, verbal, and written communication skills, as you will present findings through tickets and reports. Strong writing skills are essential
* Legal authorization to work in Australia without employer sponsorship, now or in the future
* North Ryde Sydney
Nice to Have
* Proficiency in multiple programming languages, such as C/C++, Java, Swift, Objective-C, Go, Python, JavaScript, ARM, and/or x86_64 assembly
* Experience working with large codebases
* Familiarity with advanced exploit mitigations: PAC, CFI, memory tagging and how to bypass them
* Familiarity with common security assessment tools and techniques in areas like:
o Fuzzing (e.g., libFuzzer)
o Symbolic execution
o Debuggers (e.g., gdb, lldb)
o Mobile application assessment (iOS/Android)
o Web application assessment (e.g., Working with Burp Suite, REST API testing)
o Reverse engineering (e.g., IDA Pro, Ghidra, Frida)
o Exploiting side-channel and fault attacks at the software level (we encourage creative thinking in exploitation, and you’ll have the scope to explore these issues)
* A track record of advancing offensive security research through vulnerability discoveries, publications, or the development of security tools
* Active participation or organization of Capture The Flag (CTF) competitions
Why This Vulnerability Research Role Is Like No Other
* Work with the Best in Cybersecurity: Join a global team of top-tier vulnerability researchers dedicated to identifying and mitigating the most critical vulnerabilities.
* Flexible Hybrid Work: Enjoy the freedom to work hybrid in the office, giving you the flexibility to balance your professional and personal life.
* Innovative Vulnerability Research: Work at the forefront of security, discovering and analyzing vulnerabilities that could impact the future of the world.
* Big Company Resources, Small Team Agility: Benefit from the resources of a leading global organization while working in a nimble, collaborative team environment where you have the autonomy to take ownership of your research and drive real impact.
* Accelerate Your Career in Vulnerability Research: With access to ongoing training, specialized resources, and exposure to a broad range of technologies, you'll have the opportunity to deepen your expertise and contribute to developing advanced security tools and methodologies.
* Career Growth in Cybersecurity: We prioritize your professional development. Whether you want to deepen your technical skills, move into leadership, or expand into other areas of cybersecurity, we provide the mentorship and opportunities to help you achieve your goals.
* Exceptional Benefits & Perks: Enjoy comprehensive health benefits, generous paid time off, and more—ensuring your well-being both inside and outside of work.
* Make a Real Impact: Your research will directly contribute to securing critical systems and data, helping to protect and impact the future of the world by mitigating evolving cyber threats.
Ready to Make an Impact?
If you’re passionate about uncovering vulnerabilities, pushing the boundaries of cybersecurity, and working on challenging, high-impact projects, we want you on our team. Join us in shaping the future of security through cutting-edge research and innovation.
Apply Today and bring your expertise to a role where your contributions will drive real change in the cybersecurity landscape. #J-18808-Ljbffr