Senior Software Engineer -Static analysis for C/C++ Memory Safety
Oracle
Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc.About Our Team:
We build and operate Parfait, Oracle’s enterprise-grade Static Application Security Testing (SAST) platform used daily by thousands of developers across multi-million-line C/C++ repositories. Our stack centers on LLVM/Clang and advanced interprocedural analysis to deliver precise, low-noise findings that integrate seamlessly with editors, code review, and CI systems. We partner closely with product teams and security engineering to prevent vulnerabilities before they ship.
What We Offer:
- High-impact work securing flagship Oracle products by raising the bar on memory safety in C/C++
- Close collaboration with compiler engineers, application security specialists, and large product teams
- A culture focused on sound engineering, thoughtful design reviews, and mentorship
- Support for technical growth (conferences, courses, and research collaboration in program analysis and security)
- Modern tooling, robust CI, and a mandate to ship reliable improvements at scale
About You:
- You are a seasoned engineer with deep experience in static analysis or compilers and a passion for memory safety
- You can translate Rust-inspired ideas (ownership, borrowing, lifetimes) into practical, precise checks for C/C++
- You design maintainable systems, communicate clearly, and mentor peers across disciplines
- You are disciplined about performance, signal-to-noise, and developer ergonomics
- You are eligible to work in Australia without sponsorship
Desired Criteria:
- BS, MS, or PhD in Computer Science or related field, or equivalent practical experience
- 8+ years building production-quality developer tooling, compilers, or large-scale backend systems; strong C++ required
- Expertise in memory safety for C/C++ (e.g., use-after-free, double free, leaks, buffer overflows, uninitialized use, iterator invalidation)
- Strong background in program analysis: interprocedural dataflow, points-to/alias analysis, escape and lifetime analysis, abstract interpretation, SSA/CFG
- Hands-on experience with LLVM/Clang (AST/IR, custom passes, static analysis frameworks)
- Familiarity with Rust concepts (ownership/borrowing/lifetimes) and borrow-checking techniques
- Experience integrating tools into developer workflows
- Scripting proficiency (Python, Bash) for analysis pipelines and tooling automation
- Excellent communication skills and an ability to produce clear, actionable findings and guidance
As a world leader in cloud solutions, Oracle uses tomorrow’s technology to tackle today’s challenges. We’ve partnered with industry-leaders in almost every sector—and continue to thrive after 40+ years of change by operating with integrity.
We know that true innovation starts when everyone is empowered to contribute. That’s why we’re committed to growing an inclusive workforce that promotes opportunities for all.
Oracle careers open the door to global opportunities where work-life balance flourishes. We offer competitive benefits based on parity and consistency and support our people with flexible medical, life insurance, and retirement options. We also encourage employees to give back to their communities through our volunteer programs.
We’re committed to including people with disabilities at all stages of the employment process. If you require accessibility assistance or accommodation for a disability at any point, let us know by emailing accommodation-request_mb@oracle.com or by calling +1 888 404 2494 in the United States.
Oracle is an Equal Employment Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability and protected veterans’ status, or any other characteristic protected by law. Oracle will consider for employment qualified applicants with arrest and conviction records pursuant to applicable law.
We are seeking a Principal Member of Technical Staff to enhance Parfait, Oracle’s in-house static analysis tool, by improving the detection of memory-related vulnerabilities in C/C++. You will introduce Rust-inspired concepts (ownership, borrowing, lifetimes) and compiler-based analysis techniques (e.g., borrow checking) into large C/C++ codebases, elevating security while keeping developer workflows fast and actionable at scale.
Career Level - IC4
- Design and implement advanced analyses in Parfait to detect and prevent memory-related vulnerabilities at scale
- Introduce ownership/borrow-inspired models for C/C++ (lifetime inference, alias/move tracking, escape analysis) and integrate them into Parfait’s interprocedural analysis stack
- Extend and optimize LLVM/Clang-based infrastructure, balancing precision, performance, and scalability across very large codebases
- Reduce false positives/negatives through improved modeling, heuristics, path sensitivity, and configurable policies; validate changes with real-world repositories
- Partner with security engineering and product teams to prioritize rules, define secure-by-default patterns, and publish guidance that brings Rust-like safety practices to C/C++ development
- Instrument and monitor analysis latency, coverage, and quality, and drive continuous improvements to meet reliability and freshness targets
#LI-DNI