Principal Security Software Engineer

About Us

We analyze critical researcher-reported security issues in hundreds of Oracle products, conduct detailed analysis, own the corporate internal tooling to manage vulnerabilities for Oracle products and cloud services, and drive distribution of security patches through our quarterly security advisories. We work across the entire organization with everyone from a developer to an executive.

What you'll do:

• Perform code reviews across Oracle product suite(s) to ensure patch quality for critical security issues.

• Conduct independent detailed security research on vulnerabilities, assess their risk/impact on Oracle products/cloud services, draw insights, and communicate findings/analysis to management.

• Conduct independent, detailed security research on new and emerging classes of software vulnerabilities, the remediation strategies, and likelihood of short-term exploitation.

• Find patterns across proof-of-concepts with the aim of preventing vulnerability classes from re-occurring.

• Work with the detection engineering teams across Oracle to help create detection/prevention rules for critical vulnerabilities.

• Develop tools that help find, analyze, and prevent vulnerabilities in Oracle products.

• Develop tools for managing vulnerabilities, improving efficiency, providing visibility, and measuring effectiveness.

• Collaborate with development in the triage, analysis, resolution of product vulnerabilities.

Career Level - IC4