Oracle Software Developer 4 in Burlington, Massachusetts
Software Developer 4
The Oracle Single System Management Security Team, responsible for all product level security features, is seeking a Senior Product Security Engineer.
Oracle Single System Management (SSM) Team provides a family of tools, utilities, and connectors for management, monitoring, and configuration of Oracle's SPARC & x86 servers, blades and their chassis. All of these systems contain an Oracle Integrated Lights Out Manager service processor which provides in-band and out-of-band interfaces for these tasks as well as a suite of tools for management and monitoring. The SSM Product Portfolio consist of the following offerings:
Oracle Integrated Lights Out Manager (ILOM)
Oracle Hardware Management Pack
Oracle Engineered Systems Hardware Manager
Oracle System Assistant
Specifically, you will contribute towards secure client-server communication; architecture, design, and code security standards review and implementation;
product authentication and authorization mechanism; Certificate and key mechanisms; Software Security Assurance process; Security Policy definition and oversight; Product Risk Assessments; Static Source Code analysis tools; Dynamic Security Test tools; and finally, help manage customer security
escalations/CVEs, such as the usual CSRF, XSS, fishing, injection attacks, vulnerability scanning, dependency management, and more.
Analyze software designs and implementations of existing and new SSM products and features with a focus on security and privacy. Work with individual developers and teams to review code with a focus on security principles, best practices and standards compliance.
Design, develop and test scalable engineering solutions to advance data protection, intrusion detection/auditing and privacy in SSM product portfolio
Static Source Code testing/analysis and Product Penetration Testing
Work with teams across SSM to implement and review Software Security Assurance policies and procedures
Advocate strong security and privacy design across SSM
BA/BS degree in Computer Science or equivalent practical experience
5 or more years of professional experience designing, implementing, testing, releasing, and maintaining distributed software systems in Java and C/C
Familiar with PKI, cryptography, internet communications, security, privacy, regulated industry, compliance, and various crypto stacks
Experience with reverse engineering and “tools of the trade”
Solid understanding of applied cryptography and related protocols
Ability to “think like an adversary”
Interest in learning about privacy research and privacy aspects of computing
MS in Computer Science, with emphasis in Cryptography, Internet Communications, and/or Security
The ideal candidate is a Senior Engineer, with 10 years of experience designing and implementing distributed software systems in Java, C/C and Python
Experience with code audits, black box testing, white box testing, and privacy/security design review of diverse products and services
Professional experience with Fortify SCA, WebInspect, Nessus, and BurpSuite tools.
Willing to participate in not-for-profit charitable organizations focused on improving the security of software
Detailed Description and Job Requirements
Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc.
As a member of the software engineering division, you will take an active role in the definition and evolution of standard practices and procedures. You will be responsible for defining and developing software for tasks associated with the developing, designing and debugging of software applications or operating systems.
Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Leading contributor individually and as a team member, providing direction and mentoring to others. BS or MS degree or equivalent experience relevant to functional area. 7 years of software engineering or related experience.
Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status or any other characteristic protected by law.
Job: Product Development
Job Type: Regular Employee Hire