The Oracle Cloud Infrastructure (OCI) team can provide you the opportunity to build and operate a suite of massive scale, integrated cloud services in a broadly distributed, multi-tenant cloud environment. OCI is committed to providing the best in cloud products that meet the needs of our customers who are tackling some of the world’s biggest challenges.
As a Consulting Hardware Security Engineer you will be involved in ensuring that the compute hardware that is used in the Oracle Cloud Infrastructure meets the security bar to ensure compliance with our security posture. You will define security requirements for hardware ensuring hardware does not preclude inclusion of security controls essential to meet or exceed our posture. You will work closely across Oracle, with third party vendors, and with standards organization to influence the next generation of hardware platform security. You will also works closely with OCI's operations and engineering teams, constantly striving to improve Oracle Cloud's overall operational security posture by defining the supply chain and operational requirements to establish best practices for managing security for devices in our cloud infrastructure.
Our consulting hardware security engineers have a blend of hardware, firmware and security skills, enabling them to help design and assess our most complex compute systems.
Key Responsibilities
Definition of security requirements for hardware enabling OCI security posture aligning business needs and technology trends
Provide independent design consulting for complex compute systems, balancing business objective and security risks to implement:
- requirements specified by the hardware security team
- features required to achieve security bar
- operations (provisioning, re-use, decommissioning) inline with security posture
Hands on
- security assessments of complex compute systems to ensure they meets requirements.
- adversarial assessments to ensure they can’t be compromised.
Breakdown complex systems for analysis, assign parts to other members of the team, collaborate on synthesizing the inputs and forming a holistic assessment, contextualized to cloud environments
Understand business objectives/requirements and assess risk from findings/threat models and identify proper risk mitigation controls
Work across to teams to ensure requirements, findings and recommendations are implemented inline with expected outcomes
Communicate risks and options to mitigate to senior leadership, balancing security, technology and business goals
Identify opportunities for security and process improvements and drive them across the organization
Advance state of the industry security knowledge through individual research contribution
Follow developments and trends in their area of subject matter expertise and educate the business and security organization of the developments
Mentor junior engineers
Minimum Qualifications
Bachelor's degree in Electrical Engineering, Computer Science or related field or equivalent experience
10+ years of experience in hardware security architecture / engineering / validation / planning or related area
Demonstrated competency in hardware/firmware with a focus on security
Competency with computer architecture
Subject Matter Expertise in two or more of the following areas:
- Root Of Trust (TCG SRTM, DRTM)
- x86 (Intel, AMD), ARM server platform architecture, UEFI
- GPU platforms, rackscale systems, clustering
- Baseboard Management Controllers
- SmartNICs (DPUs)
- Storage devices
Security concepts and standards associated Attestation (Ex: SPDM), cryptography, Secureboot, DICE etc.
Ability to work with most common programming languages (C, C++, Java, Python, Ruby, Go, Rust)
Ability to read and review complex hardware system/platform level schematics for security concerns
Experience with reversing tools and ability to reverse engineer
Extensive research or experience with multiple classes of security bugs
Specification and/or design of hardware security features
Preferred Qualifications
- Ability to read and understand x86 and/or ARM assembly language
- Knowledge of vendor-specific TEE technologies such as Intel SGX
- Familiarity with common embedded communications interfaces (SPI, I2C, RS232-style serial)
- Knowledge of host and network virtualization technologies and how to use them securely
- Knowledge of enterprise and/or datacenter networking architecture
- Experience operating in a large-scale DevOps or CICD environment
- Ability to write clear and concise product security requirements
- Ability to effectively assess risk from findings and threat models and identify proper risk mitigation controls
- Ability to succeed individually or collaboratively, whether working internally or with external organizations and individuals
- Significant experience working effectively in a large and distributed company
- Excellent organizational, verbal and written communication skills
- Conducting training / thought leadership / conference talks / publications
Disclaimer:
Certain U.S. based or U.S. customer or client-facing roles may be required to comply with applicable requirements, such as immunization/occupational health mandates, and/or drug testing requirements.
Range and benefit information provided in this posting are specific to the stated locations only
US: Hiring Range in USD from: $130,000 to $306,400 per annum. May be eligible for bonus, equity, and compensation deferral.
Oracle maintains broad salary ranges for its roles in order to account for variations in knowledge, skills, experience, market conditions and locations, as well as reflect Oracle's differing products, industries and lines of business. Candidates are typically placed into the range based on the preceding factors as well as internal peer equity.
Oracle US offers a comprehensive benefits package which includes the following:
- Medical, dental, and vision insurance, including expert medical opinion
- Short term disability and long term disability
- Life insurance and AD&D
- Supplemental life insurance (Employee/Spouse/Child)
- Health care and dependent care Flexible Spending Accounts
- Pre-tax commuter and parking benefits
- 401(k) Savings and Investment Plan with company match
- Paid time off: Flexible Vacation is provided to all eligible employees assigned to a salaried (non-overtime eligible) position. Accrued Vacation is provided to all other employees eligible for vacation benefits. For employees working at least 35 hours per week, the vacation accrual rate is 13 days annually for the first three years of employment and 18 days annually for subsequent years of employment. Vacation accrual is prorated for employees working between 20 and 34 hours per week. Employees working fewer than 20 hours per week are not eligible for vacation.
- 11 paid holidays
- Paid sick leave: 72 hours of paid sick leave upon date of hire. Refreshes each calendar year. Unused balance will carry over each year up to a maximum cap of 112 hours.
- Paid parental leave
- Adoption assistance
- Employee Stock Purchase Plan
- Financial planning and group legal
- Voluntary benefits including auto, homeowner and pet insurance
The role will generally accept applications for at least three calendar days from the posting date or as long as the job remains posted.
Career Level - IC5