Description Requirements: • The project can be executed remotely, if you live far from our offices. Our team can work from Oracle Reading (Thames Valley Park) or Oracle London (Moorgate). Ideally, a candidate able to be in the Reading office for 2 days a week would really maximise the added value of this experience. If the candidate wants to work on Hardware bugs, presence in Reading is a requirement (as Hardware testing equipment is only available in our Reading facilities) • Enrolled in Bachelor’s or Master’s degree course in Computer Science or related field • Interest in security with basic knowledge of one or more the following security topics: cryptography, web application security (OWASP TOP 10 or CWE TOP 30), memory corruption bugs • Proficiency in either Python, Java, go, bash or rust • Basic knowledge of Linux and ability to use the command line • Excellent organizational, presentation, verbal and written communication skills in English • Ability to achieve the given milestones and objectives with limited supervision What’s in it for you? • An extremely flexible working environment • This role will enable you to see the complete lifecycle of vulnerabilities, from inception as part of an assessment to the response of the development team and eventual deployment of patches. By developing tools to automate the vulnerability discovery process you will enhance the security of some of the world’s most sensitive data and systems • You will be able to experience how security is managed in a huge corporation, how different roles (Architect, Pentester, Defender, …) cooperate in real life, and, at the end of the experience, you will have much more info to decide your future path in Security. • EHT interacts with some of the most innovative areas of the company including Oracle Research Labs, Oracle Cloud Infrastructure (OCI), Netsuite, the Oracle RDBMS engineering and the Java teams. This role will allow you to see how security is approached in a global enterprise and how the most difficult challenges are addressed and solved. Career Level - IC0 Responsibilities Responsibilities The project selection will be made according to the past experience of the selected candidate and their interests. The project areas are: 1. Implement scripts to detect software security defects in product binaries and installation media, to be executed by an internal Oracle framework 2. Improve an EHT security tool or write a new one (fuzzer, Burp plugin, Python scapy script). Your additions will produce a feature that will require research on the detection and exploitation aspects of specific category of bugs (either Software or Hardware) 3. Produce a proof-of-concept of a novel exploitation technique for a category of bug (either Software or Hardware)