Key skills
Hardware SecurityVulnerability AnalysisPenetration TestingCloud SecuritySecure Development LifecycleConsulting SkillsCommunication SkillsCollaboration SkillsAIOracle
About this role
Oracle is a leading company in cloud solutions and AI technologies. The Consulting Hardware Security Engineer role involves developing security requirements for hardware and conducting security assessments to enhance the security posture of Oracle Cloud Infrastructure.
Responsibilities:
- Develop and communicate requirements for new vendors and hardware (compute, storage, networking)
- Perform architectural reviews, penetration testing, vulnerability analysis of compute infrastructure hardware such as
- Servers (Intel, AMD and ARM)
- Baseboard Management Controllers such as Oracle’s ILOM
- UEFI and platform firmware
- Smart NICS
- Storage devices
- Network controllers and other peripherals
- Provide consulting on security risk associated with compute hardware and firmware in the context of cloud usage
- Provide consulting and review of device sanitization as per NIST-800-88 R1 standards
- Provide standard operating procedures for safe use of compute hardware through its lifecycle i.e., provisioning, operations and reuse/decommission
- Engage with Oracle Hardware Division and third-party vendors to understand their roadmaps
- Create planning roadmaps to drive multi-year security improvements across the OCI Infrastructure
- Review or assess engineering changes, or revisions of, an existing component. E.g.: new firmware for a device, vendor revision of an existing device Identify and participate in external standards groups to drive improvements across the industry
- Consult development teams and third-party vendors in design and architecture of secure systems
- Champion and consult on secure development life cycle practices
- Communicate and educate Senior Management on key Security topics and directions
Requirements:
- Develop and communicate requirements for new vendors and hardware (compute, storage, networking)
- Perform architectural reviews, penetration testing, vulnerability analysis of compute infrastructure hardware such as Servers (Intel, AMD and ARM), Baseboard Management Controllers such as Oracle's ILOM, UEFI and platform firmware, Smart NICS, Storage devices, Network controllers and other peripherals
- Provide consulting on security risk associated with compute hardware and firmware in the context of cloud usage
- Provide consulting and review of device sanitization as per NIST-800-88 R1 standards
- Provide standard operating procedures for safe use of compute hardware through its lifecycle i.e., provisioning, operations and reuse/decommission
- Engage with Oracle Hardware Division and third-party vendors to understand their roadmaps
- Create planning roadmaps to drive multi-year security improvements across the OCI Infrastructure
- Review or assess engineering changes, or revisions of, an existing component. E.g.: new firmware for a device, vendor revision of an existing device
- Identify and participate in external standards groups to drive improvements across the industry
- Consult development teams and third-party vendors in design and architecture of secure systems
- Champion and consult on secure development life cycle practices
- Communicate and educate Senior Management on key Security topics and directions