ACS Security Services mission is to increase Oracle’s value potential in the security services market by providing a managed security and compliance center of excellence that draws together the existing Oracle Tooling, Cloud Services and Oracle Professional Services to build a holistic thoughtful Security and Compliance Offering tailored to the customers' needs in the Hybrid cloud environment.
We are looking for experienced pentesters with the enthusiasm and maturity to develop themselves further and join us in pushing our global team’s capabilities to a new level. A track record of self-education and an ability to adapt comfortably to change is necessary, and will be supported by a formal training plan. The successful candidate will find themselves in a supportive team of peers and will contribute fully to our pentesting platforms, tooling and evolving comprehensive methodologies.
This is an exciting opportunity to join a motivated team delivering a global program.
RESPONSIBILITIES/ TASKS
• Conduct network and server layer penetration testing against Oracle managed and non-managed Cloud customers’ Internet-facing and internal systems
• Conduct application-layer penetration testing against Oracle managed and non-managed Cloud customers’ software applications and webservices deployed globally
• Conduct rigorous penetration testing of Oracle’s latest generation Cloud Services (SaaS, PaaS, IaaS)
• Document technical issues identified during security assessments, and author formal customer-facing reports
• Follow up on implementation of corrective actions from assessments
• Research security threats and attack vectors
• Develop novel tooling and techniques to enhance the team’s platform and capabilities
• Perform special security projects on an ad-hoc basis
• Perform other duties as assigned
QUALIFICATIONS
Required qualifications
• University degree from an accredited college/ university, or equivalent experience
• Professional certification: minimum OSCP, OSCE/ OSWE or equivalent preferred
• Experience in Information Security and technical aspects thereof, CISSP certification preferred
• Prior experience with systems development, systems administration, or network administration, 3 years minimum preferred
• Previous hands-on experience in automated and manual penetration testing (infrastructure and web app/ service), 5 years minimum preferred
• Scripting/ programming experience (BASH, PowerShell, Python, C, Assembler) is an advantage
• Knowledge of Information Security standards and access controls such as ISO27001/2 and PCI DSS
• Strong organizational skills and detail-oriented, able to handle concurrent assignments
• Strong presentation, written and verbal communication skills in English
• Strong negotiation skills
• Self-starter and self-sufficient, doesn’t need to be micro-managed
• Excellent team player, willing to share knowledge and skills with peers
Preferred