Adzuna logo

Mobile Pentester

Location: Reading
Company: Oracle
Apply for this job
Job Description
Oracle's Global Product Security (GPS) is looking for a highly skilled mobile security engineer to join the Ethical Hacking Team (EHT). As an Ethical Hacking Team member, you will be involved in all aspects of product security assessments, from identification to fix. We value individual contributions, and you will be given the freedom to learn and grow. We are passionate about sharing knowledge and we deeply believe that the stronger you grow, the stronger the team becomes.
Responsibilities
You will perform black-box assessments of mobile applications: the assessments will be set-up in our EHT Hardware and Mobile lab, in Reading, but in a way that can be continued remotely, where possible. You will be using mobile-related security applications, such as Frida, and any tools that can help you with understanding the behaviour of complex mobile applications written for Android and iOS.
You will use your knowledge to discover, report and provide guidance to fix security issues. EHT does not work under strict time constraints, so you will have time to plan, experiment and go deep: we are an internal security research team, not a pentest battery.
Our ideal candidate is passionate about security, and is happy to dive deep into hardware implementation as well as reverse engineer firmware, file formats and protocols in order to reveal subtle security vulnerabilities and implement proof-of-concept exploit attack chains, simulating the steps of real-life attackers.
If this sounds like you, get in touch!
Requirements:
- 3+ years of experience in vulnerability discovery; demonstrated history of vulnerability discovery (CVEs, etc.) is highly desirable.
- Knowledge of mobile application assessment methodologies for both iOS and Android
- Knowledge and experience with instrumentation and dynamic testing tools for both iOS and Android
- Familiarity with reverse engineering in the mobile space, as well as work with obfuscated applications
- Ability to use debuggers and understand decompiled code
- Understanding of common mobile app protection/hiding techniques such as anti-debug, obfuscation and dynamic code loading
- Good understanding of Android SDKs, OS internals, security and privacy features.
- Ability to think like an adversary, identify potentially vulnerable spots in designs and implementations, assess risk and communicate the relevant details to other team members and manager
- Knowledge of well-known coding flaws, such as stack/heap/integer overflows and format strings
- Knowledge of ARM architecture and ability to read and understand x86 and/or ARM assembly
- Ability to participate in web penetration tests, network penetration tests
- Practical knowledge of common web flaws (SQL injection, XSS, SSRF, upload/download abuse, RCE).
- Applied knowledge of cryptographic algorithms / standards and basic knowledge of data structures, algorithms, distributed systems.
- Familiarity with networking protocols (e.g. TCP/IP, HTTP) and related security protocols (e.g. SSL, TLS, key exchange protocols)
- Ability to work physically in Reading - Thames Valley Park, for 50% of the time (when Covid-19 restrictions will be fully lifted)
About Us
Innovation starts with inclusion at Oracle. We are committed to creating a workplace where all kinds of people can be themselves and do their best work. It's when everyone's voice is heard and valued, that we are inspired to go beyond what's been done before. That's why we need people with diverse backgrounds, beliefs, and abilities to help us create the future, and are proud to be an affirmative-action equal opportunity employer.
Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans status, age, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.
Apply for this job

Salaries

The number of jobs in each salary range for all:

Similar jobs

Mobile Pentester
JOBSWORTH £36,260 P.A.
myGwork
READING
Mobile Barista
19566.96
Really Awesome Coffee Farnborough
Farnborough, Hampshire, South East
Mobile Mechanic
From £20,000 to £30,000 per annum self employed sala…
Just in time
Reading
Mobile Cleaner
£9.16 per hour
OLYMPIC STAFF
Bracknell
Mobile Designer
Sage
winnersh