Key skills
OraclePenetration Testing
About this role
NetSuite is part of Oracle, providing cloud solutions that impact billions of lives. They are seeking a Principal Security Engineer to develop and communicate requirements for new vendors and hardware, perform security assessments, and improve operational security posture for Oracle Cloud's infrastructure.
Responsibilities:
- Develop and communicate requirements for new vendors and hardware (compute, storage, networking)
- Perform architectural reviews, penetration testing, vulnerability analysis of compute infrastructure hardware such as
- Servers (Intel, AMD and ARM)
- Baseboard Management Controllers such as Oracle’s ILOM
- UEFI and platform firmware
- Smart NICS
- Storage devices
- Network controllers and other peripherals
- Network hardware/firmware, topology, and security expertise
- Provide consulting on security risk associated with compute hardware and firmware in the context of cloud usage
- Provide consulting and review of device sanitization as per NIST-800-88 R1 standards
- Provide standard operating procedures for safe use of compute hardware through its lifecycle i.e., provisioning, operations and reuse/decommission
- Engage with Oracle Hardware Division and third-party vendors to understand their roadmaps
- Create planning roadmaps to drive multi-year security improvements across the OCI Infrastructure
- Review or assess engineering changes, or revisions of, an existing component. E.g.: new firmware for a device, vendor revision of an existing device Identify and participate in external standards groups to drive improvements across the industry
- Consult development teams and third-party vendors in design and architecture of secure systems
- Champion and consult on secure development life cycle practices
- Communicate and educate Senior Management on key Security topics and directions
Requirements:
- Develop and communicate requirements for new vendors and hardware (compute, storage, networking)
- Perform architectural reviews, penetration testing, vulnerability analysis of compute infrastructure hardware such as Servers (Intel, AMD and ARM), Baseboard Management Controllers such as Oracle's ILOM, UEFI and platform firmware, Smart NICS, Storage devices, Network controllers and other peripherals
- Network hardware/firmware, topology, and security expertise
- Provide consulting on security risk associated with compute hardware and firmware in the context of cloud usage
- Provide consulting and review of device sanitization as per NIST-800-88 R1 standards
- Provide standard operating procedures for safe use of compute hardware through its lifecycle i.e., provisioning, operations and reuse/decommission
- Engage with Oracle Hardware Division and third-party vendors to understand their roadmaps
- Create planning roadmaps to drive multi-year security improvements across the OCI Infrastructure
- Review or assess engineering changes, or revisions of, an existing component. E.g.: new firmware for a device, vendor revision of an existing device Identify and participate in external standards groups to drive improvements across the industry
- Consult development teams and third-party vendors in design and architecture of secure systems
- Champion and consult on secure development life cycle practices
- Communicate and educate Senior Management on key Security topics and directions