Oracle's Global Product Security (GPS) is looking for a highly skilled security professional to join the Ethical Hacking Team (EHT).
The EHT operates on the whole Oracle portfolio of products to improve security across all engineering groups within the company. As an EHT member, you will be involved in all aspects of product security assessment, from identification to fix. We value individual contribution, and you will be given the freedom to learn and grow. We are passionate about sharing knowledge and we deeply believe that the stronger you grow, the stronger the team becomes. Responsibilities:
You will be involved in mostly hardware security assessments, but can expect to work on occasional software security assessments. You will use your knowledge to discover, report and provide guidance to fix any security issues you discover. EHT does not work under strict time constraints, so you will have time to plan, experiment and go deep, as we operate as an internal security research team.
This is not your run-of-the-mill pentesting gig where you grind out assessments week in week out. The EHT is a dedicated security research group who invest the same amount of time and effort into breaking a product as you would expect from a state-sponsored APT.
Unlike an APT group, however, we're not only invested in finding bugs but also making sure they are fixed correctly and don't happen again. We don't just need people who can find CVSS 10 bugs, we need people who can use their skills and share their expertise to effect meaningful change across the company.
A successful candidate must have genuine excitement for and interest in security, as well as the desire to share knowledge and help others learn from the high technical and ethical standards you set. You will be asked to dive deep into hardware implementation, as well as reverse engineer firmware, file formats and protocols in order to reveal subtle security vulnerabilities and implement proof-of-concept exploit attack chains, simulating the steps of real-life attackers. Your work will benefit thousands of Oracle engineers worldwide and shape the future of product security within one of the largest software companies in the world.Requirements:
· Bachelor of Science degree in Electrical/Electronic/Computer Engineering, Computer Science or related field.
· 3+ years of experience in vulnerability research / bug hunting; public history of vulnerability discovery (CVEs, blog posts etc.) is highly desirable.
· Ability to think like an adversary, identify potentially vulnerable spots in designs and implementations, assess risk and communicate the relevant details to other team members and managers.
· Knowledge of x86 and/or ARM server platform architecture and ability to read and understand x86 and/or ARM assembly. Experience with disassemblers/decompilers (e.g. IDA Pro/HexRays, Ghidra, Radare, objdump, gdb etc.) and firmware reversing tools (e.g. binwalk) is highly desirable.
· Applied knowledge of cryptographic algorithms / standards and basic knowledge of data structures and distributed systems.
· High familiarity with memory corruption bugs (stack/heap/integer overflows, format strings). Ability to exploit stack overflows with basic protections enabled (e.g. NX), on Windows and Linux.
· Knowledge of analogue / digital electronics and ability to understand complex schematic diagrams. Past FPGA and HDL experience is highly desirable.
· Ability to communicate on, monitor, and debug common embedded communications interfaces such as JTAG, SPI, I2C, RS232, USB etc. Ability to build enabling prototypes (e.g. Arduino/Raspberry Pi controlled breadboards)
· Ability to use common hardware lab tools (e.g. soldering iron, logic analyser, oscilloscope, function generator, power supply etc.)
· Practical experience with hardware attacks (e.g. side channels, fault injection); past experience with hardware attack tools (e.g. ChipWhisperer) is highly desirable.
· Knowledge of Linux OS internals. Fluency in either C or C++ and proficiency with one among Python, Go, Java or Bash. Ability to self-teach any language, given appropriate resources to study and practice.
· Ability to participate in web or network penetration tests; practical knowledge of common web flaws (SQL injection, XSS, SSRF, upload/download abuse, RCE).
· Familiarity with networking protocols (e.g. TCP/IP, HTTP) and related security protocols (e.g. SSL, TLS, key exchange)
· Ability to work as part of a geographically scattered team
· Excellent organizational, verbal and written communication skills
- · Ability to work physically in Reading - Thames Valley Park, for 80% of the time (when Covid-19 restrictions will be fully lifted)