Senior Principal Offensive Security Engineer

Job Description The Oracle Cloud Infrastructure (OCI) Offensive Security team is dedicated to ensuring the security of our systems and services, aligning with the security objectives we communicate to customers. This role involves security assessments, vulnerability research, penetration testing, red-teaming, and developing security tools. We aim for continuous improvement in our cloud infrastructure's software and hardware security. At OCI, we believe in equity, inclusion, and respect. Our environment fosters personal and professional growth through collaboration and learning. We challenge ourselves to innovate and enhance our products for the greater good. Join us in crafting the future of one of the largest cloud infrastructures globally. If you're passionate about building large-scale security systems and tools for the cloud in a dynamic environment, this role offers immense potential for influence and career advancement. Our ideal candidate is a proactive and knowledgeable engineer with a strong passion for cybersecurity, eager to tackle complex security issues in distributed, multi-tenant services. The role requires hands-on engagement and a commitment to the continuous development of secure systems. Responsibilities Dive into source code audits to identify security vulnerabilities. Develop new tools like fuzzers in languages such as C/C++, Python, Ruby, Go, or Java. Analyze undocumented file formats or network protocols. Innovate novel techniques to address unique security challenges. Review and assess new services and their integration with existing ones. Lead and guide security projects that extend beyond traditional assessments. Identify and disclose vulnerabilities to third-party vendors. Design systems and services to enhance offensive security output. Collaborate across teams to enhance security measures and mitigate risks. Drive organizational improvements in security practices and architectures. Qualifications 6+ years of experience in vulnerability discovery, security engineering, or application security. Threat modeling experience of microservice architectures. Experience in large cloud or software companies. Extensive knowledge of various security bug classes. Demonstrated contributions to the security community through training, publications, or presentations. Adept at improving security across organizations by identifying risks and proposing solutions. Subject matter expertise in a critical area (e.g., cryptography, hardware security, operating systems). Track record of collaboration across internal and external teams. Strong organizational and communication skills. Intermediate understanding of Linux OS Internals. Proficiency in at least one programming language and familiarity with others. Preferred Qualifications Degree in Electrical Engineering, Computer Science, or a related field. Experience with public cloud platforms (e.g., AWS, Azure, Oracle). Knowledge of continuous integration and deployment pipelines. Ability to translate internal customer requests into actionable tasks. Expertise in risk identification techniques for developing security solutions. Understanding of cryptographic algorithms and standards. Experience with threat modeling, penetration testing, and reverse engineering. History of working with large enterprise customers. Active TS/SCI Clearance (preferred). Disclaimer: Certain U.S. customer roles may require compliance with specific immunization and health mandates. Location: This position is based in the U.S. and will require working onsite in Nashville, TN (preferred) or Austin, TX. Relocation assistance is provided. Candidates must be U.S. Citizens or Permanent Residents; visa sponsorship is not available. Oracle offers a competitive benefits package that includes medical, dental, and vision insurance, paid time off, and various financial benefits.

Created: 2026-03-10