Job Specifications
Job Description
Job Description:
Oracle Cloud Infrastructure (OCI) Hardware team is seeking a highly driven hardware/firmware security expert at the Principal Engineer level to participate in organizational wide Security
Assurance program while also remaining involved in technical security reviews and having the opportunity to work on code level security. All engineering teams at Oracle are required to follow
security best practices on how to make smart choices that build security into our products and services. These Oracle Software Security Assurance Standards (OSSA) and Oracle Hardware Security Assurance (OHWSA) standards provide guidance cross the entire lifecycle of component selection / in-take, product design, development, testing, release/deployment, and vulnerability/patch management. The OCI Hardware Development team provides the AI, GPUs, components of Oracle's AI hardware platform hardware and firmware used in Oracle Cloud and in Oracle Engineered Systems including Oracle Exadata. The OCI Hardware organization you will join has delivered the first and second generation of Oracle cloud platforms and is working to build the next generation of cloud
and enterprise systems, with record breaking-performance, security, and world class quality using the latest and greatest merchant silicon and technologies.
Job Summary:
As a part of the OCI Hardware/Firmware Security team the candidate will work closely with the team's Chief Security Architect. The role is focused on managing and participating in all aspects of the OCI Release Management (ORM); Oracle's Hardware Security Assurance (OSSA); Oracle Hardware/Software Security Vendor Intake program and Manage HW/FW security vulnerabilities end to end - from triage to mitigation planning and rollout to customer messaging as wells as opportunities to work on security projects and initiatives defined by the Chief Security Architect. The scope spans both hardware and firmware, Oracle internal teams as well as external partners and extends from Oracle team education and support, to performing technical security and process reviews and to ensuring that Oracle's partners understand Oracle's security requirements for the future. Design, develop, troubleshoot and debug software programs for databases, applications, tools, networks etc.
Responsibilities
Responsibilities:
Monitor vendor embargoed advisories (Intel, AMD, NVIDIA, ARM, etc.), VINCE, and other sources for hardware and firmware vulnerabilities.
Perform risk analysis and threat modeling to triage applicability and risk of vulnerabilities to Oracle hardware products and platforms.
Drive and track mitigation of vulnerabilities across various OCI teams and stakeholders through rollout.
Communicate risk and mitigation plan to internal teams, leadership, and customers through legally approved messaging.
Familiarity with python in order to run internal tools that aid with vul mgmt.
Helping engineering teams plan for security reviews of the HW/FW technologies which are being considered for use
Ensuring that teams create the required materials for
Inbound HW/FW security reviews
Inbound third party software security reviews
Product release security reviews
Performing these security reviews
Tracking the progress of individual reviews and producing reports
Identifying and driving improvements to the processes
Working with the Hardware Chief Security Architect and virtual security team and key internal partners
Working with Oracle's 3rd party ecosystem to communicate Oracle's hardware security requirements and assess present adoption and future compliance
Acting as a technical security resource for Oracle's 3rd party ecosystem
Developing tools as-needed to support the process
Opportunities to work on code level assessment partnering with the Core Firmware Engineering team
Opportunities to be involved with Architectural Risk Analysis and threat analysis
Required Qualifications:
B.S. in Computer Science, Computer Engineering, or related field
7+ years in the field of software engineering and/or security
Experience in security analysis/assessments and the ability to audit security or forensic reports
Expertise across secure firmware/software development lifecycle e.g. component security reviews, static and dynamic analysis tools
Highly motivated, with a sense of urgency and ability to deliver multiple tasks under time-frame pressure
Big problem solver, who can be both strategic and able to dive into details as needed
Capable of working independently
Experience with understanding, analyzing, and communicating hardware security vulnerabilities, attacks, and research to engineering communities and audiences
Comfortable dealing with ambiguity and ability to adapt to changing environment and needs
Excellent written and oral communication skills
Experience with the architecture, design, and implementation of modern server platform hardware & firmware
Programming experience (C/C++, Linux Programming, bash, Python
About the Company
We're a cloud technology company that provides organizations around the world with computing infrastructure and software to help them innovate, unlock efficiencies and become more effective. We also created the world's first - and only - autonomous database to help organize and secure our customers' data.
Oracle Cloud Infrastructure offers higher performance, security, and cost savings. It is designed so businesses can move workloads easily from on-premises systems to the cloud, and between cloud and on-premises and other ...
Know more