Principal Vulnerability Engineer – Java Security Platform

Principal Vulnerability Engineer – Java Security Platform, Cardiff

Oracle

Cardiff, United Kingdom

Other

Yes

3

31.05.2025

15.07.2025

We are seeking a Principal Vulnerability Engineer to join the security vulnerability team for the Java platform. This team handles both red team (offensive) and blue team (defensive) activities. Responsibilities include proactive research, security tooling, assessments, and assisting development teams with security code reviews. The ideal candidate must have at least 10+ years of hands-on experience in platform security, with deep knowledge of the Java security model. Extensive experience with security protocols and best practices is essential. The candidate should be capable of working independently on assigned tasks, with proven success in security incident resolution and proactive research using industry-standard tools. Experience with Java security issues, CVEs, and proficiency in Java, along with expert-level C/C++ skills and systems programming, are required. Strong leadership, self-motivation, remote collaboration skills, and excellent communication are also necessary.

• Conduct proactive research on new vulnerability signatures for the Java platform.
• Create and maintain security tooling for the Java platform.
• Perform security assessments for new features integrated into the JDK.
• Assist development teams with security code reviews, including implementation code review for Java and native source code.

As a global leader in cloud solutions, Oracle leverages innovative technology to address today's challenges. With over 40 years of industry leadership, we thrive through integrity and continuous innovation. We are committed to fostering an inclusive workforce that values contributions from everyone.

Oracle offers global career opportunities, work-life balance, competitive benefits, flexible medical, life insurance, retirement options, and community volunteer programs.