Offensive Security Engineer

Trending

• Job Identification 313654
• Job Category Information Security Engineer
• Posting Date 12/16/2025, 10:21 AM
• Job Type Regular Employee
• Does this position require a security clearance? No
• Years 3 to 5+ years
• Additional Info Visa / work permit sponsorship is not available for this position
• Applicants are required to read, write, and speak the following languages English

Responsible for advanced security testing of Oracle applications and services (primarily SaaS-related) including but not limited to covert red team operations, security research and white box penetration testing, exploit development, and black box penetration testing.

This team is responsible for ensuring the protection of Oracle's SaaS applications and services.

Oracle SaaS (a.k.a. Oracle Cloud applications), built on machine learning, offers the most complete application suite with the best technology, enabling fast innovation with a modern UX and customer-first approach and one of the top strategic cloud services for Oracle.

The SCS organization is responsible for securing enterprise-grade software services on behalf of our 25,000 customers, processing over 60 billion transactions per day. You will have the opportunity to work in a cloud-scale environment using the latest security technologies/tools and collaborate with the best minds in the industry, to collectively stay ahead of and respond to increasing threats to cloud services. And you will actively engage in conducting proactive security research and white box penetration testing, including the development of working proof of concept exploits; reactive security research based on industry trends as well as security incidents related to Oracle; covert red team operations; black box penetration tests; and other types of work involving collaboration with various security and engineering teams within Oracle SaaS.

About you:
Successful applicants will possess the knowledge necessary to conduct ethical hacking activities on:

• SaaS applications
• SaaS host and network environments
• Web applications
• APIs
• Java-based technologies
• Databases
• AI/ML technologies
• Internally facing tools

The team that is hiring will have members who may possess different sets of advanced offensive security skills. Some of the advanced skills needed include:

• Red team custom implant development primarily in a Linux environment (non-Linux OS environments also present but less numerous)
• Red team campaign execution
• Security research and code review
• Proof of concept exploit/malware development

Minimum Qualifications:

• 5+ years of experience in offensive security, with at least 3 years of recent experience with red team operations or security research
• BS in Computer Science, or equivalent experience
• Deep familiarity with Linux and attack tooling is required
• Ability to work in a collaborative, cross-functional team environment
• In depth knowledge of security vulnerabilities including a detailed understanding of the OWASP top 10, secure design and secure coding principles
• Ability to prioritize and handle concurrent assignments or projects
• Excellent team player, willing to share knowledge and skills with peers and team members
• Strong presentation, written and verbal communication skills
• Experience with security testing tools including static analysis, web application testing, infrastructure and network testing, and manual security testing required

Preferred Qualifications:

• Experience leading red team campaigns from start to finish with high success rate and low detection rate
• Experience in building covert command and control (C2) implants designed to evade host-based and network-based detection capabilities
• Proven ability (i.e., published CVEs, etc.) to discover and exploit complex security vulnerabilities and vulnerability chains to achieve remote code execution (RCE)
• Experience with AI red teaming or penetration testing
• Advanced security certifications relevant to white box penetration testing and red team operations such as: OSCP, OSCE, OSWE, OSEP, OSED, OSEE, OSCE3, CRTP, CRTE, CRTM, GXPN

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic protected by law.

• Network Security
• Penetration Testing
• Python Programming Language
• System Security

As a world leader in cloud solutions, Oracle uses tomorrow’s technology to tackle today’s challenges. We’ve partnered with industry-leaders in almost every sector—and continue to thrive after 40+ years of change by operating with integrity.

We know that true innovation starts when everyone is empowered to contribute. That’s why we’re committed to growing an inclusive workforce that promotes opportunities for all.

Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.

We’re committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing accommodation-request_mb@oracle.com or by calling +1 888 404 2494 in the United States.

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.

Request a referral from an Oracle employee.

See who works here

197,869 employees are on LinkedIn