Job Description

SaaS Security Testing Services team is looking for Security Testing and Tools Engineers with various degree of experience in AppSec/Product Security field in Oracle India Development Center under the Oracle SaaS Cloud Security (SCS) organization. Oracle SaaS a.k.a. Oracle Cloud applications, built on machine learning, offer the most complete application suite with the best technology, enabling fast innovation with a modern UX and customer-first approach and one of the top strategic cloud services for Oracle. The SCS organization is responsible for securing enterprise-grade software services on behalf of our 25,000 customers, processing over 60 billion transactions per day. You will get the opportunity to join our efforts to reshape not only future of security testing and automation for Fusion App SaaS Services at Oracle - but influence the security testing landscape across all the SaaS offerings. We are seeking hands-on, senior security analyst with the depth and breadth to evaluate complex web applications and technology stacks for security and build/code to address the security threats. You will have the opportunity to work in a cloud-scale environment using the latest security technologies/tools and collaborate with the best minds in the industry, to collectively stay ahead and respond to increasing threats to cloud services. SaaS STS team will actively engage in conducting white box/grey box application security testing - complementing what the development teams do in a more holistic and more integrated setting through the security automation and tooling. SaaS STS team responsibilities will include implementation of Static Code Analysis, Dynamic App Security Testing/Fuzz Testing, Interactive / manual App security testing, facilitate automation of security verifications in CI/CD pipeline and evidence gathering for compliance audits. This position requires technical security knowledge and Cloud/DevSecOps or product development experience. Job Requirements: . BS or MS degree in computer science, or equivalent . 3+ years of software engineering and technical leadership with proven results in software development, appsec and pen-testing . Thorough exposure to web application pen test, forensics and intrusion handling The ideal candidate will have the following skills: . Experience in product development or Security QA or penetration testing of Enterprise software, SaaS, IaaS or PaaS cloud services preferred . Web application pen test, intrusion detection, vulnerability assessment . Proficiencies with Java, RESTful API, micro-services, Python. . Experience in file system and operating system security analysis and attack vector detection . Experience in database encryption - methods and implementation, DB fuzzing and DB pen test . Hands-on expertise on pen-testing of cloud applications and related infrastructure . Understanding exploit mechanisms using CVEs for webservices and microservices . Should have worked on industry standard tools for security - BURP, Web Inspect, Qualys, Nessus, REST API fuzzer, SAST tools etc. . Ability to work in an agile and continuous software integration model. . Security certifications like OSCP, LPT, ECSA, CISSP would be an added advantage

foundit