Oracle Hospitality products are industry leaders in Hospitality segment – F&B and Hotels.
Oracle Hospitality business unit is developing scalable and modular solutions that encompass front office, back office, sales and catering, revenue management, reservations, distribution, point-of-sale, and a multitude of other hospitality industry functions
We are looking for a senior security penetration testing team members who enjoys security work and possesses both deep and wide expertise in the security space. You will use information security threat intelligence to identify and exploit vulnerabilities within our products. The focus areas for this role are web and mobile application penetration testing, API testing, and code review.
- Conduct application security assessments (web, mobile, API, thick client etc.) using off-the-shelf or internally developed exploitation tools to execute manual testing for advanced attacks
- Produce and deliver vulnerability and exploit information to clients in the form of a professional security assessment report
- Conduct client conference calls to include, but not limited to project kick-off calls, notification of high/critical findings during the testing process, review test findings, evidence, process steps to reproduce, and remediation recommendations
- Perform proactive research to identify and understand new threats, vulnerabilities, and exploits
- Exploit security flaws and vulnerabilities with attack simulationson multiple projects working against specific client focused scopes of work.
- Ability to flow from black box to gray box to white box tests dependent on client needs
- Ability to test a variety of client form factors and technologies based on scopes of work.
- Ability to solve complex technical problems and articulate to non IT personnel.
- Ability to effectively provide technical risk assessment of technologies in networks, applications, wireless, social engineering, code reviews and war dialing.
- Ability to perform vulnerability assessments and penetration testing, utilizing tools commercial and open source tools.
- Perform, review and analyze security vulnerability data to identify applicability and false positives
- Research and develop testing tools, techniques, and process improvements
- Create risk based security code reviews (static & dynamic)
- Conduct penetration testing in line with thick client and Web application Security
- Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment.
- Relevant professional experience including working knowledge of the following technologies:
a.TCP/IP networking including IP classes, subnets, multicast, NAT
b.WINS, DNS, and DHCP, Network troubleshooting
c.Linux, Microsoft OS and Server technologies
d.Remote access methods
e.Backup and disaster recovery methodologies
f.Patch management technologies and processes
g.Wireless protocols and services
h.Network analysis tools
i.Familiarity with UNIX a plus
• Experience with security tools such as – Nmap, Metasploit, Kali Linux, Burp Suite Pro, etc., as well as other various commercial and self-developed testing tools
• Experience with various application attack vectors, security test processes and strong knowledge of common vulnerabilities (i.e. OWASP Top 10)
• At least 10 years of application security testing experience
• Working knowledge of SQL and high level languages
• Good technical communication skills, both written and verbal; good analytical and problem solving skills
• Must be able to effectively work with and interact with clients of various backgrounds and maintain positive client relationships; be able to work in a collaborative team environment; posses honesty and integrity
• Demonstrable experience of writing information security reports, documentation and standards accurately and to designated timescales
• Membership and visibility in professional & civic organizations
- ISC2 certification is preferred
- CISSP, CISM, CISA, ABCP or CBCP certification are big plus
• Demonstrable practical experience of information security
• Proven track record of Information Security Governance
• Understanding technologies, infrastructure and architectures
• Demonstrable understanding of information security protection and methodologies
• Experience of assisting users with identification of information threats/vulnerabilities/risks
Detailed Description and Job Requirements
Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc.
As a member of the software engineering division, you will take an active role in the definition and evolution of standard practices and procedures. You will be responsible for defining and developing software for tasks associated with the developing, designing and debugging of software applications or operating systems.
Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Leading contributor individually and as a team member, providing direction and mentoring to others. BS or MS degree or equivalent experience relevant to functional area. 7 years of software engineering or related experience.