Offensive Security Engineer

Offensive Security Engineer – Oracle Join to apply for the Offensive Security Engineer role at Oracle. Job Description Responsible for advanced security testing of Oracle applications and services (primarily SaaS-related) including covert red team operations, security research, white box penetration testing, exploit development, and black box penetration testing. Responsibilities This team is responsible for ensuring the protection of Oracle's SaaS applications and services. Oracle SaaS offers the most complete application suite with machine learning, a modern UX, and a customer‑first approach. The SCS organization secures enterprise‑grade software services for 25,000 customers, processing over 60 billion transactions per day. You will work in a cloud‑scale environment using the latest security technologies and tools, collaborating with security and engineering teams. Your tasks include proactive security research, white box penetration testing, development of proof‑of‑concept exploits, reactive security research based on industry trends, covert red team operations, black box penetration tests, and other related activities. About you SaaS applications SaaS host and network environments Web applications APIs Java‑based technologies Databases AI/ML technologies Internally facing tools Advanced skills needed Red team custom implant development (primarily Linux) Red team campaign execution Red team infrastructure support (Terraform, Ansible, cloud products) Security research and code review Proof of concept exploit/malware development Minimum Qualifications 5+ years of experience in offensive security, with at least 3 years of recent red team or security research experience BS in Computer Science or equivalent experience Deep familiarity with Linux and attack tooling Ability to work in a collaborative, cross‑functional team environment In‑depth knowledge of security vulnerabilities, OWASP Top 10, secure design, and secure coding principles Ability to prioritize and handle concurrent assignments or projects Strong presentation, written, and verbal communication skills Experience with security testing tools (static analysis, web application testing, infrastructure and network testing, manual testing) Preferred Qualifications Proficiency in multiple programming and scripting languages (Java, C#, C, Go, Rust, Scala, Ruby, Python, Bash, PowerShell, JavaScript, etc.) Experience leading red team campaigns from start to finish with high success and low detection rates Experience building covert command and control (C2) implants that evade host‑based and network‑based detection capabilities Proven ability (e.g., published CVEs) to discover and exploit complex security vulnerabilities and vulnerability chains for remote code execution Experience with AI red teaming or penetration testing Advanced security certifications relevant to white box penetration testing and red team operations (OSCP, OSCE, OSWE, OSEP, OSED, OSEE, OSCE3, CRTP, CRTE, CRTM, GXPN, etc.) Career Level IC4 Seniority level Mid‑Senior level Employment type Full‑time Job function Information Technology Industries IT Services and IT Consulting Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability, veteran status, or any other characteristic protected by law. We’re committed to an inclusive workforce that promotes opportunities for everyone. Oracle will consider qualified applicants with arrest and conviction records pursuant to applicable law. #J-18808-Ljbffr