Remote - Principal Security Engineer (IC4)

Job Description

Do you have a passion for developing a global understanding of a given program? We are looking for a Principal Security Engineer with experience in various aspects of Software Understanding (https://www.cisa.gov/sites/default/files/2025-01/joint-guidance-closing-the-software-understanding-gap-508c.pdf) including the ability to answer questions related to unexpected behavior (e.g., advanced persistent threats) and identifying the root causes for such behavior. As a Principal Security Engineer , you will work collaboratively with other engineers in the software assurance team to extend and support the existing work related to identifying normal, abnormal and malicious behaviors (what is called Persistent Engagement Team). We value self-initiated security or software engineers who have a passion to learn, build and engage in analyzing software (including source-code, binaries, other supporting information) in a rigorous fashion that goes beyond standard testing, pen-testing, and reverse engineering techniques.

Work You'll Do

As a member of our team, you will work with other team members to further develop an in-house expertise in analysis of software that will help those deploying and operating the software-based system assess risk by asking relevant questions on the behavior of the software. The focus will be on identifying impactful security vulnerabilities across a variety of architectures and platforms. You will be collaborating with engineers based in Australia, UK and the United States.

Your responsibilities include contributing to the design, implementation, integration and hands-on analyses to improve the understanding the behavior of the software that is under evaluation via practical solutions.

What You'll Bring

• Bachelor's or Master's Degree in Computer Science, Software Engineering or related disciplines

• 10+ years of operational experience in relevant topic such as software testing (including fuzzing, pen-testing), reverse engineering, dynamic monitoring of systems, or malware analysis

• Experience in conducting security assessments

• Knowledge of common exploitation countermeasures such as CFI, ASLR, etc.

• Excellent programming skills in C, C++ and/or Python

• Ability to work as part of a team as well as independently

• Strong analytical skills combined with good communication skills and fluent English

Nice to Have

• Experience with Ghidra, AFL++, Code-analysis tools, Log analysis

• Active participant or organizer of Capture the Flag competitions

• Understanding of iOS and Android ecosystems

• Understanding and appreciation of software application security

• Experience working with geographically distributed teams

• Ability to mentor junior engineers

What We'll Give You

• Ability to work in a flexible work from home arrangement

• An organization filled with smart, enthusiastic, and supportive colleagues

• A team of very skilled and diverse personnel across the globe

• The resources of a large, global operation while still having the start-up feel of a small team

Who We Are

We are a world-class team of high-caliber security software developers who thrive on new challenges. We are an inclusive and diverse team with a full spectrum of experience distributed globally. We have the resources of a large enterprise and the energy of a start-up, working on advancing the state-of-the-art for developers through SAST, SCA and Binary Analysis tools. We also have teams can detect attacks on complex platforms and systems. We are a dedicated team, leveraging each other's insights and abilities to produce cutting edge solutions for today's complex and inter-connected, inter-dependent, infra-structure. We value people who can use their skills to further develop and enhance our tools, as well as our procedures and playbooks. Join us to grow your career and create the future of software understanding together.

Responsibilities

As a member of our team, you will work with other team members to further develop an in-house expertise in analysis of software that will help those deploying and operating the software-based system assess risk by asking relevant questions on the behavior of the software. The focus will be on identifying impactful security vulnerabilities across a variety of architectures and platforms. You will be collaborating with engineers based in Australia, UK and the United States.

Your responsibilities include contributing to the design, implementation, integration and hands-on analyses to improve the understanding the behavior of the software that is under evaluation via practical solutions

Disclaimer:

Certain US customer or client-facing roles may be required to comply with applicable requirements, such as immunization and occupational health mandates.

Range and benefit information provided in this posting are specific to the stated locations only

US: Hiring Range in USD from: $106,300 to $223,400 per annum. May be eligible for bonus and equity.

Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle's differing products, industries and lines of business.

Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.

Oracle US offers a comprehensive benefits package which includes the following:

1. Medical, dental, and vision insurance, including expert medical opinion

2. Short term disability and long term disability

3. Life insurance and AD&D

4. Supplemental life insurance (Employee/Spouse/Child)

5. Health care and dependent care Flexible Spending Accounts

6. Pre-tax commuter and parking benefits

7. 401(k) Savings and Investment Plan with company match

8. Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.

9. 11 paid holidays

10. Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.

11. Paid parental leave

12. Adoption assistance

13. Employee Stock Purchase Plan

14. Financial planning and group legal

15. Voluntary benefits including auto, homeowner and pet insurance

The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.

Career Level - IC4

About Us

As a world leader in cloud solutions, Oracle uses tomorrow's technology to tackle today's challenges. We've partnered with industry-leaders in almost every sector-and continue to thrive after 40+ years of change by operating with integrity.

We know that true innovation starts when everyone is empowered to contribute. That's why we're committed to growing an inclusive workforce that promotes opportunities for all.

Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.

We're committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing accommodation-request_mb@oracle.com or by calling +1 888 404 2494 in the United States.

Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans' status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.