Senior Software Engineer –Static analysis for C/C++ Memory Safety

Job Description

Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc.About Our Team: 

We build and operate Parfait, Oracle’s enterprise-grade Static Application Security Testing (SAST) platform used daily by thousands of developers across multi-million-line C/C++ repositories. Our stack centers on LLVM/Clang and advanced interprocedural analysis to deliver precise, low-noise findings that integrate seamlessly with editors, code review, and CI systems. We partner closely with product teams and security engineering to prevent vulnerabilities before they ship. 

What We Offer: 

• High-impact work securing flagship Oracle products by raising the bar on memory safety in C/C++
• Close collaboration with compiler engineers, application security specialists, and large product teams
• A culture focused on sound engineering, thoughtful design reviews, and mentorship
• Support for technical growth (conferences, courses, and research collaboration in program analysis and security)
• Modern tooling, robust CI, and a mandate to ship reliable improvements at scale

About You: 

• You are a seasoned engineer with deep experience in static analysis or compilers and a passion for memory safety
• You can translate Rust-inspired ideas (ownership, borrowing, lifetimes) into practical, precise checks for C/C++
• You design maintainable systems, communicate clearly, and mentor peers across disciplines
• You are disciplined about performance, signal-to-noise, and developer ergonomics
• You are eligible to work in Australia without sponsorship

Desired Criteria: 

• BS, MS, or PhD in Computer Science or related field, or equivalent practical experience
• 8+ years building production-quality developer tooling, compilers, or large-scale backend systems; strong C++ required
• Expertise in memory safety for C/C++ (e.g., use-after-free, double free, leaks, buffer overflows, uninitialized use, iterator invalidation)
• Strong background in program analysis: interprocedural dataflow, points-to/alias analysis, escape and lifetime analysis, abstract interpretation, SSA/CFG
• Hands-on experience with LLVM/Clang (AST/IR, custom passes, static analysis frameworks)
• Familiarity with Rust concepts (ownership/borrowing/lifetimes) and borrow-checking techniques
• Experience integrating tools into developer workflows
• Scripting proficiency (Python, Bash) for analysis pipelines and tooling automation
• Excellent communication skills and an ability to produce clear, actionable findings and guidance

Responsibilities

• Design and implement advanced analyses in Parfait to detect and prevent memory-related vulnerabilities at scale
• Introduce ownership/borrow-inspired models for C/C++ (lifetime inference, alias/move tracking, escape analysis) and integrate them into Parfait’s interprocedural analysis stack
• Extend and optimize LLVM/Clang-based infrastructure, balancing precision, performance, and scalability across very large codebases
• Reduce false positives/negatives through improved modeling, heuristics, path sensitivity, and configurable policies; validate changes with real-world repositories
• Partner with security engineering and product teams to prioritize rules, define secure-by-default patterns, and publish guidance that brings Rust-like safety practices to C/C++ development
• Instrument and monitor analysis latency, coverage, and quality, and drive continuous improvements to meet reliability and freshness targets

#LI-DNI

Qualifications

Career Level - IC4