Job Title\:	Lead Security Penetration Test Engineer	Job Location\:	Budapest, Hungary
Manager\:	Donald Ross Director, CFS Security Engineering	Organization\:	Security & Compliance Engineering, Cloud Foundation Services

Cloud Foundation Services (CFS) is a strategic component for providing critical cloud services to multiple Oracle Global Business Unit applications. Oracle Cloud Infrastructure (OCI), Oracle’s second generation Infrastructure as a Service (IaaS), provides improved performance and reliability. CFS provides a microservice-driven platform, software delivery tool chain, and a continuous integration/continuous delivery operations model to support high margin, highly elastic, and highly available Software as a Service (SaaS) applications.

The CFS Offensive Security team is part of the larger CFS Security and Compliance Engineering organization dedicated to the ongoing security of Oracle SaaS applications running in the GBU Cloud Native Environments. Leveraging adversarial testing and assurance techniques the CFS Offensive Security team collaborates with a variety of other teams with in the organization to ensure the CFS Cloud Native environment is secure in all aspects of the software development lifecycle, application deployment and operations. The CFS Security and Compliance team is made up of a geographically diverse group of developers, security analysts, pen testers and architects all passionate about delivering on the security goals found in this modern cloud environment.

Roles & Responsibilities

As a senior member of the CFS Offensive Security team the candidate will have daily responsibilities in providing leadership and mentoring to a team of Penetration Testers and Application Security engineers focused on the security of a comprehensive set of modern, innovative microservices and infrastructure.  The candidate will also participate in “hands-on” Penetration Testing and Red Teaming responsibilities.

• Work closely with CFS Security Architecture in the understanding the risk assessments of cloud native security services and infrastructure
• Help team members translate high-level service design into practical threat and attack scenarios
• Complete and/or oversee penetration-testing engagements documenting results and verifying remediation.
• Share in penetration testing responsibilities, assist, and mentor junior team members to meet deadlines
• Present findings and trends to senior management, consult on areas of improvement for development
• Attend training as required to meet Oracle and CFS compliance and regulatory standards. Perform daily task in accordance of compliance and regulatory standards
• Other duties as assigned

General Qualifications

• 4 years of experience with offensive cyber-security in cloud environments
• Experience in leading technical teams and ability to mentor others
• Demonstrated history of vulnerability discovery (CVEs, etc.)
• Experience working in a large multi-tenet cloud environments
• Strong application/product/software security background
• Excellent organizational, verbal and written communication skills
• Strong understanding of modern microservices architectures and technology (like Docker, Kubernetes, etc)
• Strong understanding of Linux and Shell scripting
• Ability to read and understand moderately complex Python code
• Strong knowledge of network protocols (e.g., TCP/IP, UDP, DHCP, DNS, HTTP, HTTPS, routing protocols)
• Strong understanding in system and network security, authentication and security protocols, cryptography, and application security
• Strong troubleshooting and diagnostic skills
• Ability to multi-task and handle changing priorities
• Experience working in a team environment; ability to learn from your peers and accept criticism
• Self-motivation to drive solutions to completion
• Self-starter, capable of working without direction and able to deliver from scratch.
• Demonstrated ability to successfully complete complex engagements with minimal supervision
• BS or MS in Computer Science, Computer Engineering or equivalent experience

Preferred Qualifications

• Relevant industry certifications such as CISSP, OSCP, GSEC, GPEN, GCFW, GWAPT, GAWN
• Experience with Red Team and Table Top security exercises
• Experience running Red Team - Blue Team exercises

!|!Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc.

As a member of the software engineering division, you will take an active role in the definition and evolution of standard practices and procedures. You will be responsible for defining and developing software for tasks associated with the developing, designing and debugging of software applications or operating systems.

Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Leading contributor individually and as a team member, providing direction and mentoring to others. BS or MS degree or equivalent experience relevant to functional area. 7 years of software engineering or related experience.

As part of Oracle's employment process candidates will be required to successfully complete a pre-employment screening process. This will involve identity and employment verification, professional references, education verification and professional qualifications and memberships (if applicable).!|!