Senior Penetration Tester
Location:
Redwood City , California
Posted:
February 08, 2017
Reference:
16000BKY
The primary responsibility of this position is to conduct security assessments and penetration tests, follow up remediation of identified vulnerabilities with development and proactively research future threats.
Key responsibilities / Tasks include:

• Perform application penetration testing against corporate and customer software applications
• Conduct vulnerability assessments on Internet-facing systems and internal systems
• Document technical issues identified during security assessments and write reports
• Follow up on implementation of corrective actions from assessments with development
• Research security threats and attack vectors provide transfer of knowledge to business
• Act as business level technical expert in incident response when assigned
• Perform special security projects on an ad hoc basis
• Perform other duties as assigned

Preferred Qualifications

• Prefer 5 years relevant experience and BA/BS University degree from an accredited college or university, or equivalent
• Deep understanding of in information security and related technical aspects
• Prefer 5 years of experience with systems development, systems administration, or network administration.
• Certifications such as CISSP, CEH, OSCP or GPEN are desired
• Previous hands-on experience in penetration testing and vulnerability assessment preferred
• Experience of web application testing, infrastructure testing, manual testing, code reviews
- The candidate should have a good knowledge of Java, C, C and associated J2EE technologies, especially in terms of secure coding standards and be able to perform code review on the mentioned languages.
- The candidate should have hands-on experience in at least one of the following scripting languages: Perl, shell scripts, and Python. Furthermore, candidate must be able to write security tools and scripts in at least one of the mentioned languages.
- The candidate should be familiar with
      Various security tools such as Fortify, WebInspect, Burp Suite, Zap, SqlMap, Beef, Kali, Metasploit, Nmap, Wireshark, etc. Oracle Database, SQL, PL/SQL, and Oracle Weblogic. The candidate should be familiar with Windows and Linux system administration
• Knowledge of Oracle internal systems and networks is an advantage
• Knowledge of web technologies and communication methods

• Knowledge of information security standards such as ISO27001 and PCI DSS
• Strong organizational skills and detail-oriented
• Strong presentation, written and verbal communication skills
• Strong negotiation skills
• Self-starter, doesn't need to be micro-managed
• Excellent team player

Detailed Description and Job Requirements:

Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs.

Researches attempted efforts to compromise security protocols. Maintains security systems for routers and switches. Administers security policies to control access to systems. Maintains the company*s firewall.

Uses applicable encryption methods. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information.

Will be involved in
1. Web App vulnerability scanning
2. Static code analysis
3. Web service vulnerability scanning
4. Mobile security
5. Install security
6. Schema security tests

Job duties are varied and complex; independent judgment needed. May have project lead role. Prefer 5 years relevant experience and BA/BS degree.

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic protected by law.
Qualifications:
Executes security controls to prevent hackers from infiltrating company information or jeopardizing e-commerce programs.

Researches attempted efforts to compromise security protocols. Maintains security systems for routers and switches. Administers security policies to control access to systems. Maintains the company's firewall. Uses applicable encryption methods. Provides information to management regarding the negative impact on the business caused by theft, destruction, alteration or denial of access to information.

Leading contributor individually and as a team member, providing direction and mentoring to others. Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Prefer 8 years relevant experience and BA/BS degree.

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic protected by law.

A little about us:
Oracle is shifting the complexity from IT, moving it out of the enterprise by engineering hardware and software to work together—in the cloud.

Know someone who would be interested in this job? Share it with your network.